2016. 5. 19. 16:50ㆍ네트워크 보안 수업/네트워크 취약점 분석
DDOS( Syn Flooding )
- 대량의 syn패킷을 이용한 공격기법
Get Flooding
- HTTP
- 대량의 HTTP GET 메세지를 이용하여 서버에 과부하를 주는 방식
- CC Attack: cache-control
* HTTP의 전송 방식: GET, POST
- 사용자 입력값: ex) 아이디, 패스워드
- GET : HTTP Message Header를 통해서 데이터를 전달
- 전달하려는 데이터가 웹 브라우저에 그대로 노출(보안 취약)
- 전달하려는 데이터의 크기가 한정
- POST: HTTP Message Body를 통해서 데이터를 전달
- 전달하려는 데이터가 화면을 통해 노출되지 않는다.
- 전달하려는 데이터의 크기의 한계가 없다.
GET /cache.php HTTP/1.1
host: 192.168.15.140
cache-control: no-cache
* GET
GET /admin/center/ HTTP/1.1 request line 총 세개의 필드 method URL http ver
Host: hoong2.tistory.com 서버의 주소
Connection: keep-alive
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/50.0.2661.102 Safari/537.36
Referer: http://hoong2.tistory.com/
accept-encoding: gzip,deflate
Accept-Language: ko-KR,ko;q=0.8,en-US;q=0.6,en;q=0.4
Cookie: menuEnabled=1; _ga=GA1.2.1861955284.1456484563; visited=1463633954;
TSSESSION=d14a3cf40a75d921fddf2204ddc0e09005cef506
나머지는 헤더 필드
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/ip.h>
#include <net/if.h>
#include <net/if_arp.h>
#include <linux/if_packet.h>
#include <linux/if_ether.h>
#include <net/ethernet.h>
#include <arpa/inet.h>
struct eth_header {
unsigned char dst[6];
unsigned char src[6];
unsigned short type;
} __attribute__((packed));
struct ip_header{
unsigned char hlen:4;
unsigned char ver:4;
unsigned char service;
unsigned short total;
unsigned short id;
unsigned char flag;
unsigned char offset;
unsigned char ttl;
unsigned char type;
unsigned short chk;
unsigned int src;
unsigned int dst;
} __attribute__((packed));
struct tcp_header {
unsigned short src_port;
unsigned short dst_port;
unsigned char seq[4];
unsigned char ack[4];
unsigned char reserve:4;
unsigned char length:4;
unsigned char flag;
unsigned short window;
unsigned short chksum;
unsigned short dummy;
} __attribute__((packed));
struct pseudo_header {
unsigned long int src;
unsigned long int dst;
unsigned char zero;
unsigned char protocol;
unsigned short length;
struct tcp_header tcp;
} __attribute__((packed));
unsigned short csum ( unsigned short *buf, int nwords )
{
unsigned long sum;
u_short oddbyte;
register u_short answer;
sum = 0;
while( nwords > 1 ) {
sum += *buf++;
nwords -= 2;
}
if( nwords ==1 ) {
oddbyte = 0;
*((u_char *)&oddbyte) = *(u_char *)buf;
sum += oddbyte;
}
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
answer = ~sum;
return (answer);
}
int main(int argc, char *argv[])
{
int send_sock = 0;
int recv_sock = 0;
int size = 0;
struct sockaddr_ll sll;
struct sockaddr_in sin;
struct eth_header eth;
struct ip_header ip;
struct tcp_header tcp;
struct pseudo_header pseudo;
struct eth_header * peth;
char data[sizeof( eth ) + sizeof( ip ) + sizeof( tcp )] = {0,};
char recv[1024] = {0,};
send_sock = socket(PF_PACKET, SOCK_RAW, 0);
recv_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
sll.sll_family = PF_PACKET;
sll.sll_ifindex = if_nametoindex("enp0s3");
sll.sll_halen = 6;
eth.dst[0] = 0x50;
eth.dst[1] = 0x6a;
eth.dst[2] = 0x03;
eth.dst[3] = 0xaf;
eth.dst[4] = 0x2a;
eth.dst[5] = 0x98;
eth.src[0] = 0x08;
eth.src[1] = 0x00;
eth.src[2] = 0x27;
eth.src[3] = 0x25;
eth.src[4] = 0x5d;
eth.src[5] = 0x35;
eth.type = htons(0x0800);
ip.ver = 0x4;
ip.hlen = sizeof( ip ) >> 2;
ip.service = 0x00;
ip.total = htons( sizeof( ip ) + sizeof( tcp ));
ip.id = htons( 0x1234 );
ip.flag = 0x40;
ip.offset = 0x00;
ip.ttl = 0x80;
ip.type = 0x06;
ip.chk = 0x0000;
ip.src = inet_addr("192.168.15.140");
ip.dst = inet_addr("192.168.15.180");
ip.chk = csum( (unsigned short *)&ip, sizeof( ip ) );
tcp.src_port = htons(1234);
tcp.dst_port = htons(80);
tcp.seq[0] = 0x83;
tcp.seq[1] = 0xe6;
tcp.seq[2] = 0x05;
tcp.seq[3] = 0xf2;
tcp.ack[0] = 0x00;
tcp.ack[1] = 0x00;
tcp.ack[2] = 0x00;
tcp.ack[3] = 0x00;
tcp.length = sizeof(tcp)>>2;
tcp.reserve = 0x00;
tcp.flag = 0x02;
tcp.window = htons(0xffff);
tcp.chksum = 0x0000;
tcp.dummy = 0x0000;
pseudo.src = ip.src;
pseudo.dst = ip.dst;
pseudo.zero = 0;
pseudo.protocol = 0x06;
pseudo.length = htons(sizeof(tcp));
memcpy( &pseudo.tcp, &tcp, sizeof(tcp));
tcp.chksum = csum((unsigned short *)&pseudo, sizeof(pseudo));
memcpy( data, ð, sizeof( eth ) );
memcpy( data + sizeof( eth ), &ip, sizeof( ip ) );
memcpy( data + sizeof( eth ) + sizeof( ip ), &tcp, sizeof( tcp ) );
int i = 0;
unsigned char *ptr = data;
for( i = 0; i < sizeof( data ); i++){
if( i != 0 && i % 16 ==0 ){ printf("\n"); }
printf("%02x ", *(ptr+i));
}
printf("\n");
printf("\n");
sendto(send_sock, data, sizeof(data), 0, (struct sockaddr *)&sll, sizeof(sll));
while(1){
recvfrom(recv_sock, recv, sizeof(recv), 0, (struct sockaddr *)&sin, &size);
peth = (struct eth_header *)recv;
if( peth->type == htons(0x0800) ){
printf("ip packet \n");
} else if( peth->type == htons(0x0806)){
printf("ARP Frame \n");
}
/* ptr = recv;
for( i = 0; i < sizeof(recv); i++){
if( i != 0 && i % 16 == 0 ){printf("\n");}
printf("%02x ", *(ptr+i));
}
printf("\n");
*/
memset( recv, 0, sizeof( recv ) );
sleep(1);
}
return 0;
}
'네트워크 보안 수업 > 네트워크 취약점 분석' 카테고리의 다른 글
| GET메세지 (0) | 2016.05.25 |
|---|---|
| 네트워크 보안 수업 16일차 - 코리아 정보보안 IT학원 (0) | 2016.05.20 |
| 네트워크 보안수업 14일차 - 코리아 정보보안 IT학원 (0) | 2016.05.18 |
| 네트워크 보안 수업 12일차 - 코리아 정보보안 IT학원 (0) | 2016.05.16 |
| 네트워크 보안 수업 11일차 - 코리아 정보보안 IT학원 (0) | 2016.05.12 |