拒绝服务入侵机制及处理办法(一)
概要:char*regex,*filter; structbpf_programpcapfilter; structin_addrnet,mask; char*dev=NULL; intlink_offset; pcap_t*pd; /TFN2Kdetection**/ unsignedintudp_flood_count=0,syn_flood_count=0; unsignedinttarga_flood_count=0,icmp_flood_count=0; unsignedlongmy_dns,targ1,targ2,rfp1,icmp_flood=1; time_tt; unsignedl
拒绝服务入侵机制及处理办法(一),标签:电脑网络知识,网络基础知识,http://www.5ijcw.com
char *regex, *filter;
struct bpf_program pcapfilter;
struct in_addr net, mask;
char *dev = NULL;
int link_offset;
pcap_t *pd;
/**************** TFN2K detection **********************************/
unsigned int udp_flood_count=0, syn_flood_count=0;
unsigned int targa_flood_count=0, icmp_flood_count=0;
unsigned long my_dns, targ1, targ2, rfp1, icmp_flood=1;
time_t t;
unsigned long dns_circbuff[DNS_REQUEST_MAX];
unsigned int dns_cb_ptr=0;
unsigned long icmp_circbuff[ICMP_REQUEST_MAX];
unsigned int icmp_cb_ptr=0;
void add_dns (unsigned long ipadd){
dns_circbuff[dns_cb_ptr++]=ipadd;
if (dns_cb_ptr==DNS_REQUEST_MAX) dns_cb_ptr=0;}
void add_icmp (unsigned long ipadd){
icmp_circbuff[icmp_cb_ptr++]=ipadd;
if (icmp_cb_ptr==ICMP_REQUEST_MAX) dns_cb_ptr=0;}
void anti_tfn_init (void) {
unsigned int x;
for(x=0;xfor(x=0;xmy_dns=inet_addr(DNS_SERVER_IP);
printf("Ngrep with TFN detection modifications by wiretrip / www.wiretrip.netn");
printf("Watching DNS server: %sn",inet_ntoa(my_dns));
targ1=htons(16383); targ2=htons(8192);
rfp1=htons(~(ICMP_ECHO << 8)); /* hopefull this is universal ;) */
alarm(20);}
void print_circbuffs (void) {
unsigned int x;
printf("Last (%u) DNS requests:n",DNS_REQUEST_MAX);
for(x=0;xif(dns_circbuff[x]>0) printf("%sn",inet_ntoa(dns_circbuff[x]));
printf("nLast (%u) ICMP echo requests (pings):n",ICMP_REQUEST_MAX);
for(x=0;xif (icmp_circbuff[x]>0) printf("%sn",inet_ntoa(icmp_circbuff[x]));}
void reset_counters (int sig) {
udp_flood_count=syn_flood_count=targa_flood_count=icmp_flood_count=0;
alarm(10);}
void tfn_attack_detected (char* attack_type){
if(icmp_flood==0) return;
(void)time(&t);
printf("n%s",ctime(&t));
printf("A TFN2K %s attack has been detected!nn",attack_type);
print_circbuffs();
printf("nIncoming realtime ICMP echo requests (pings):n");
icmp_flood=0;}
/*********************************************************************/
int main(int argc, char **argv) {
cha www.5ijcw.com r c;
signal(SIGINT,dealloc);
signal(SIGQUIT,dealloc);
signal(SIGABRT,dealloc);
signal(SIGPIPE,dealloc);
signal(SIGALRM,reset_counters);
anti_tfn_init();
while ((c = getopt(argc, argv, "d:")) != EOF) {
switch (c) {
case d:
dev = optarg;
break;}}
if (!dev)
if (!(dev = pcap_lookupdev(pc_err))) {
perror(pc_err);
exit(-1);}
if ((pd = pcap_open_live(dev, snaplen, promisc, to, pc_err)) == NULL) {
perror(pc_err);
exit(-1);}
if (pcap_lookupnet(dev,&net.s_addr,&mask.s_addr, pc_err) == -1) {
perror(pc_err);
exit(-1);}
printf("interface: %s (%s/", dev, inet_ntoa(net));
上一页 [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] 下一页
关键字: Tag:网络知识,电脑网络知识,网络基础知识,电脑学习 - 网络知识
上一篇:解决“正在连接”无线的故障
《拒绝服务入侵机制及处理办法(一)》相关文章
- 拒绝服务入侵机制及处理办法(一)
- › 拒绝服务入侵机制及处理办法(一)
- 在百度中搜索相关文章:拒绝服务入侵机制及处理办法(一)
- 在谷歌中搜索相关文章:拒绝服务入侵机制及处理办法(一)
- 在soso中搜索相关文章:拒绝服务入侵机制及处理办法(一)
- 在搜狗中搜索相关文章:拒绝服务入侵机制及处理办法(一)