拒绝服务入侵机制及处理办法(一)
概要:printf("%s)n",inet_ntoa(mask)); switch(pcap_datalink(pd)){ caseDLT_EN10MB: caseDLT_IEEE802: link_offset=ETHHDR_SIZE; break; caseDLT_SLIP: link_offset=SLIPHDR_SIZE; break; caseDLT_PPP: link_offset=PPPHDR_SIZE; break; caseDLT_RAW: link_offset=RAWHDR_SIZE; break; caseDLT_NULL: link_offset=LOO
拒绝服务入侵机制及处理办法(一),标签:电脑网络知识,网络基础知识,http://www.5ijcw.com
printf("%s)n",inet_ntoa(mask));
switch(pcap_datalink(pd)) {
case DLT_EN10MB:
case DLT_IEEE802:
link_offset = ETHHDR_SIZE;
break;
case DLT_SLIP:
link_offset = SLIPHDR_SIZE;
break;
case DLT_PPP:
link_offset = PPPHDR_SIZE;
break;
case DLT_RAW:
link_offset = RAWHDR_SIZE;
break;
case DLT_NULL:
link_offset = LOOPHDR_SIZE;
break;
default:
fprintf(stderr,"fatal: unsupported interface typen");
exit(-1);
} while (pcap_loop(pd,0,(pcap_handler)process,0));}
void process(u_char *data1, struct pcap_pkthdr* h, u_char *p) {
struct ip* ip_packet = (struct ip *)(p + link_offset);
switch (ip_packet->ip_p) {
case IPPROTO_TCP: {
struct tcphdr* tcp = (struct tcphdr *)(((char *)ip_packet) + ip_packet->ip_hl*4);
if(tcp->th_flags==0x22 && ip_packet->ip_ttl > TTL_THRESHOLD){
if(++syn_flood_count > FLOOD_THRESHOLD) tfn_attack_detected("SYN");}
if(ip_packet->ip_ttl==0 &&
(ip_packet->ip_off==targ1 || ip_packet->ip_off==targ2)){
if(++targa_flood_count > FLOOD_THRESHOLD) tfn_attack_detected("TARGA");
}} break;
case IPPROTO_UDP: {
struct udphdr* udp = (struct udphdr *)(((char *)ip_packet) + ip_packet->ip_hl*4);
#ifdef HAVE_DUMB_UDPHDR
if ((ntohs(udp->source) + ntohs(udp->dest)) == 65536) {
#else
if ((ntohs(udp->uh_sport) + ntohs(udp->uh_dport)) == 65536) {
#endif
if(++udp_flood_count > FLOOD_THRESHOLD) tfn_attack_detected("UDP");}
if(ip_packet->ip_dst.s_addr==my_dns &&
#ifdef HAVE_DUMB_UDPHDR
ntohs(udp->dest) == 53) {
#else
ntohs(udp->uh_dport) == 53) {
#endif
add_dns(ip_packet->ip_src.s_addr);
}} break;
icmp_cksum==rfp1 && ip_packet->ip_ttl==0){
unsigned int targa_flood_count=0, icmp_flood_count=0;
unsigned long my_dns, targ1, targ2, rfp1, icmp_flood=1;
time_t t;
unsigned long dns_circbuff[DNS_REQUEST_MAX];
unsigned int dns_cb_ptr=0;
unsigned long icmp_circbuff[ICMP_REQUEST_MAX];
unsigned int icmp_cb_ptr=0;
void add_dns (unsigned long ipadd){
dns_circbuff[dns_cb_ptr++]=ipadd;
if (dns_cb_ptr==DNS_REQUEST_MAX) dns_cb_ptr=0;}
void add_icmp (unsigned long ipadd){
icmp_circbuff[icmp_cb_ptr++]=ipadd;
if (icmp_cb_ptr==ICMP_REQUEST_MAX) dns_cb_ptr=0;}
void anti_tfn_init (void) {
unsigned int x;
for(x=0;xfor(x=0;xmy_dns=inet_addr(DNS_SERVER_IP);
printf("Ngrep with TFN detection modifications by wiretrip / www.wiretrip.netn");
printf("Watching DNS server: %sn",inet_ntoa(my_dns));
targ1=htons(16383); targ2=htons(8192);
rfp1=htons(~(ICMP_ECHO << 8)); /* hopefull this is universal ;) */
alarm(20);}
void print_circbuffs (void) {
unsigned int x;
printf("Last (%u) DNS requests:n",DNS_REQUEST_MAX);
上一页 [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] 下一页
关键字: Tag:网络知识,电脑网络知识,网络基础知识,电脑学习 - 网络知识
上一篇:解决“正在连接”无线的故障
《拒绝服务入侵机制及处理办法(一)》相关文章
- 拒绝服务入侵机制及处理办法(一)
- › 拒绝服务入侵机制及处理办法(一)
- 在百度中搜索相关文章:拒绝服务入侵机制及处理办法(一)
- 在谷歌中搜索相关文章:拒绝服务入侵机制及处理办法(一)
- 在soso中搜索相关文章:拒绝服务入侵机制及处理办法(一)
- 在搜狗中搜索相关文章:拒绝服务入侵机制及处理办法(一)