the-binary - Command 5 - Initiate ICMP Echo or UDP flood


This command causes the agent to initiate either an ICMP Echo (ping) flood or a UDP flood.


A handler sends the following command to initiate either an ICMP Echo (ping) flood or a UDP flood (xxx = don't care):
2 xxx xxx 5
icmp_udp updDestPort destination ip
destination ip source ip
source ip nameFlag name...
padding for a minimum packet size
of 201 bytes including the IP header
NOTE: the shaded bytes must be encoded prior to transmission to the agent.


icmp_udp: boolean
Flag to indicate whether to do an ICMP Echo flood (false) or a UDP flood (true)
For UDP floods, the port to which the packets should be sent (0-255).
destination IP:
The IP address of the host that is to be flooded. This field is in network byte order. If nameFlag is non-zero, this field will be ignored.  See description of nameFlag and name parameters below.
source IP:
The source IP to be spoofed.  This field is in network byte order.  No randomizing is available for this field in this particular attack.
nameFlag: boolean
If non-zero, ignore the destination IP and instead do a gethostbyname lookup on the hostname specified in the name parameter.  If a name lookup fails, the flood process will sleep for 10 minutes before attempting another lookup.  The flood process will loop indefinitely until a successful lookup occurs at which point the process will commence flooding the named host.
name: char*
Useful only if nameFlag is non-zero.  This parameter contains the null terminated host name of the host to be targeted by this flood.


The agent sends no response to this message.  It simply initiates an ICMP echo flood or a UDP flood as specified by the icmp_udp flag. The flood continues until a handler instructs the agent to terminate it.

All packets exhibit the following properties

All ICMP packets have the following additional properties All UDP packets will exhibit the following additional properties