the-binary - Command 5 - Initiate ICMP Echo or UDP flood

Purpose:

This command causes the agent to initiate either an ICMP Echo (ping) flood or a UDP flood.

Format:

A handler sends the following command to initiate either an ICMP Echo (ping) flood or a UDP flood (xxx = don't care):
 
2 xxx xxx 5
icmp_udp updDestPort destination ip
destination ip source ip
source ip nameFlag name...
padding for a minimum packet size
of 201 bytes including the IP header
NOTE: the shaded bytes must be encoded prior to transmission to the agent.

Parameters:

icmp_udp: boolean
Flag to indicate whether to do an ICMP Echo flood (false) or a UDP flood (true)
 
udpDestPort:
For UDP floods, the port to which the packets should be sent (0-255).
 
destination IP:
The IP address of the host that is to be flooded. This field is in network byte order. If nameFlag is non-zero, this field will be ignored.  See description of nameFlag and name parameters below.
 
source IP:
The source IP to be spoofed.  This field is in network byte order.  No randomizing is available for this field in this particular attack.
 
nameFlag: boolean
If non-zero, ignore the destination IP and instead do a gethostbyname lookup on the hostname specified in the name parameter.  If a name lookup fails, the flood process will sleep for 10 minutes before attempting another lookup.  The flood process will loop indefinitely until a successful lookup occurs at which point the process will commence flooding the named host.
name: char*
Useful only if nameFlag is non-zero.  This parameter contains the null terminated host name of the host to be targeted by this flood.

Action:

The agent sends no response to this message.  It simply initiates an ICMP echo flood or a UDP flood as specified by the icmp_udp flag. The flood continues until a handler instructs the agent to terminate it.

All packets exhibit the following properties

All ICMP packets have the following additional properties All UDP packets will exhibit the following additional properties