拒绝服务入侵机制及处理办法(一)
概要:for(x=0;xif(dns_circbuff[x]>0)printf("%sn",inet_ntoa(dns_circbuff[x])); printf("nLast(%u)ICMPechorequests(pings):n",ICMP_REQUEST_MA www.5ijcw.com X); for(x=0;xif(icmp_circbuff[x]>0)printf("%sn",inet_ntoa(icmp_circbuff[x]))
拒绝服务入侵机制及处理办法(一),标签:电脑网络知识,网络基础知识,http://www.5ijcw.com
for(x=0;xif(dns_circbuff[x]>0) printf("%sn",inet_ntoa(dns_circbuff[x]));
printf("nLast (%u) ICMP echo requests (pings):n",ICMP_REQUEST_MA www.5ijcw.com X);
for(x=0;xif (icmp_circbuff[x]>0) printf("%sn",inet_ntoa(icmp_circbuff[x]));}
void reset_counters (int sig) {
udp_flood_count=syn_flood_count=targa_flood_count=icmp_flood_count=0;
alarm(10);}
void tfn_attack_detected (char* attack_type){
if(icmp_flood==0) return;
(void)time(&t);
printf("n%s",ctime(&t));
printf("A TFN2K %s attack has been detected!nn",attack_type);
print_circbuffs();
printf("nIncoming realtime ICMP echo requests (pings):n");
icmp_flood=0;}
/*********************************************************************/
int main(int argc, char **argv) {
char c;
signal(SIGINT,dealloc);
signal(SIGQUIT,dealloc);
signal(SIGABRT,dealloc);
signal(SIGPIPE,dealloc);
signal(SIGALRM,reset_counters);
anti_tfn_init();
while ((c = getopt(argc, argv, "d:")) != EOF) {
switch (c) {
case d:
dev = optarg;
break;}}
if (!dev)
if (!(dev = pcap_lookupdev(pc_err))) {
perror(pc_err);
exit(-1);}
if ((pd = pcap_open_live(dev, snaplen, promisc, to, pc_err)) == NULL) {
perror(pc_err);
exit(-1);}
if (pcap_lookupnet(dev,&net.s_addr,&mask.s_addr, pc_err) == -1) {
perror(pc_err);
exit(-1);}
printf("interface: %s (%s/", dev, inet_ntoa(net));
printf("%s)n",inet_ntoa(mask));
switch(pcap_datalink(pd)) {
case DLT_EN10MB:
case DLT_IEEE802:
link_offset = ETHHDR_SIZE;
break;
case DLT_SLIP:
link_offset = SLIPHDR_SIZE;
break;
case DLT_PPP:
link_offset = PPPHDR_SIZE;
break;
case DLT_RAW:
link_offset = RAWHDR_SIZE;
break;
case DLT_NULL:
link_offset = LOOPHDR_SIZE;
break;
default:
fprintf(stderr,"fatal: unsupported interface typen");
exit(-1);
} while (pcap_loop(pd,0,(pcap_handler)process,0));}
void process(u_char *data1, struct pcap_pkthdr* h, u_char *p) {
struct ip* ip_packet = (struct ip *)(p + link_offset);
switch (ip_packet->ip_p) {
case IPPROTO_TCP: {
struct tcphdr* tcp = (struct tcphdr *)(((char *)ip_packet) + ip_packet->ip_hl*4);
if(tcp->th_flags==0x22 && ip_packet->ip_ttl > TTL_THRESHOLD){
if(++syn_flood_count > FLOOD_THRESHOLD) tfn_attack_detected("SYN");}
if(ip_packet->ip_ttl==0 &&
(ip_packet->ip_off==targ1 || ip_packet->ip_off==targ2)){
if(++targa_flood_count > FLOOD_THRESHOLD) tfn_attack_detected("TARGA");
}} break;
case IPPROTO_UDP: {
struct udphdr* udp = (struct udphdr *)(((char *)ip_packet) + ip_packet->ip_hl*4);
#ifdef HAVE_DUMB_UDPHDR
if ((ntohs(udp->source) + ntohs(udp->dest)) == 65536) {
上一页 [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] 下一页
关键字: Tag:网络知识,电脑网络知识,网络基础知识,电脑学习 - 网络知识
上一篇:解决“正在连接”无线的故障
《拒绝服务入侵机制及处理办法(一)》相关文章
- 拒绝服务入侵机制及处理办法(一)
- › 拒绝服务入侵机制及处理办法(一)
- 在百度中搜索相关文章:拒绝服务入侵机制及处理办法(一)
- 在谷歌中搜索相关文章:拒绝服务入侵机制及处理办法(一)
- 在soso中搜索相关文章:拒绝服务入侵机制及处理办法(一)
- 在搜狗中搜索相关文章:拒绝服务入侵机制及处理办法(一)