PHP Code:
snprintf(sourceip, sizeof(sourceip)-1, "%d.%d.%d.%d", rand()%255, rand()%255, rand()%255, rand()%255);
iph->saddr = inet_addr(sourceip); // Holy fuck this is terrible
Looks like its going to be a pain to defend against this. While it has a rotating spoof of their their source address, I find it interesting that it does not call setup_ip_header more than once per thread so it should be possible to block the ips using iptables. Unless they restart the binary that should block them (They WILL restart eventually).
I would start by setting up a good set of iptables with things like
Martians removed by default to help slow this kind of attack down (Due to the way this is coded its spoof code allows loopbacks, Martians, etc).
I would expect a better version to be found in the wild shortly. Off the top of my head I can see a few areas that could be easily improved to make this much more dangerous.
__________________