Luigi Auriemma

Hey Luigi,

udpsz is a great tool, thank you for making it. Would it be possible to add the ability to spoof the source address? I know you can spoof the source port, but spoofing the source address would be a cool feature too 8).

Thanks

yes, you are right. the spoofing option is something I already wanted to add in the previous version but then I gave up for I don't remember what reason (probably the fact that on Windows is not possible to send packets bigger than the MTU since is not possible to modify some fields of the packets).

released UDPSZ 0.2.2

Here I have bypassed the "Interrupted system call" problems simply using Windows 2003 or Linux through VirtualBox.
In fact by default the updated Windows XP (SP2 with updates disabled doesn't have this limitation) doesn't seem to allow spoofed source IP addresses

Thanks for adding the feature! I'll play around with it right now.

It's a shame they disable raw sockets in Windows XP. I try to do all my playing/testing with scripts on a Ubuntu Linux machine. Using Linux also gives me powerful, built in command line features that don't come with Windows, so that's another plus about using it.

I'll have to give the VirtualBox a try on my XP machine and take a look at my results. It's been a while since I've played with virtual operating systems, and I never tried VirtualBox, so this will be fun.

Thanks again

have you tried vmware sometimes?
naturally the raw sockets trick should work with any virtual machine software

Yea I used VMWare in the past, but I have been trying out this VirtualBox and I like it even better than VMWare. Much simpler to setup and manage (though vmware is also a good tool).

Pardon the double post, but I was just testing the spoofing feature and I think there might be a bug. The spoofing works great (I have tried a BF2 fake players DoS with it, and it worked), but I think for every spoofed packet, the tool also sends a fragmented packet. Even when sending 1 spoofed packet, an additional fragmented packet appears to be sent immediately after it. It only appears to happen when using the -P feature to spoof the source address.

Here is a screenshot of this: http://i33.tinypic.com/200ms.jpg

Notice how they come in pairs (if you compare the packet numbers and timestamps). 54.234.12.128 was just a random source IP I used, and the fake players still worked.

Here is another screenshot with detailed information about 1 of the fragmented packets: http://i36.tinypic.com/sxeovm.jpg

Any ideas?

argh... I'm working on it.
the problem is caused by the adding of the sending of packets of 0 bytes but I want to work also on a better optimization of the entire function

UDPSZ 0.2.2a
I have optimized the udpspoof function as much as I was able, from both the CPU and memory side

Very nice work! Just tested it, and it seems to work fine now. Thanks!

Just adding this for future reference in case anyone has compiling issues. To compile make sure to use the -lz flags. So for example, if using GCC:

gcc udpsz.c -lz -o udpsz.exe

This is noted in the source code, but some people might not look there. And for Ubuntu, you should have the zlib1g-dev package installed, as well as build-essential (sudo aptitude install build-essential)... though build-essential is probably a must for most compiles from what I've seen.

Hey luigi,

I think the random feature on -P is broken. It says to use IP 0 when you want to use a random source address for the packets, but when I use 0 it just uses the address bound to the NIC (like it's not spoofing at all). Here is sample command I used:

./udpsz -P 0 -R -l 1000 -c "test" 192.168.20.20 55665 4

Which should send the word "test" each second with a random source address and source port.

Wireshark is also reporting an incorrect udp checksum, but I think this is caused because the checksum is generated based off the spoofed IP that should have been in the header, and not the one that's actually used.

Soma

arghh I forgot INADDR_ANY (0.0.0.0) 8-)
solved, thanx

Working perfect now, thanks!

Where can I download this tool, is source code available?

http://aluigi.org/testz.htm#udpsz
and yes it's open source at 100%

i want to crash hlds with this :)))