Hello guys have you ever done a ddos attack before,
well this your lucky article and this is going to show you how to do
just that so get ready to hack. This is a very serious attack and
difficult to detect, where it is nearly impossible to guess whether the
traffic is coming from a fake host or a real host. If in a DoS attack,
traffic is coming from only one source then we can block that
particular host. Based on certain assumptions, we can make rules to
detect DDoS attacks. If the web server is running only traffic
containing port 80, it should be allowed. Now, let’s go through a very
simple code to detect a DDoS attack.
The program’s name is DDOS_detect1.py:
BYE!
The program’s name is DDOS_detect1.py:
import socket
import struct
from datetime import datetime
s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, 8)
dict = {}
file_txt = open(“dos.txt”,’a’)
file_txt.writelines(“**********”)
t1= str(datetime.now())
file_txt.writelines(t1)
file_txt.writelines(“**********”)
file_txt.writelines(“\n”)
print “Detection Start …….”
D_val =10
D_val1 = D_val+10
while True:
pkt = s.recvfrom(2048)
ipheader = pkt[0][14:34]
ip_hdr = struct.unpack(“!8sB3s4s4s”,ipheader)
IP = socket.inet_ntoa(ip_hdr[3])
print “Source IP”, IP
if dict.has_key(IP):
dict[IP]=dict[IP]+1
print dict[IP]
if(dict[IP]>D_val) and (dict[IP]<D_val1) :
line = “DDOS Detected “
file_txt.writelines(line)
file_txt.writelines(IP)
file_txt.writelines(“\n”)
else:
dict[IP]=1
we used a sniffer to get the packet’s source IP address. The file_txt
= open(“dos.txt”,’a’) statement opens a file in append mode, and this
dos. txt file is used as a logfile to detect the DDoS attack. Whenever
the program runs, the file_txt.writelines(t1) statement writes the
current time. The D_val =10 variable is an assumption just for the
demonstration of the program. The assumption is made by viewing the
statistics of hits from a particular IP. Consider a case of a tutorial
website. The hits from the college and school’s IP would be more. If a
huge number of requests come in from a new IP, then it might be a case
of DoS. If the count of the incoming packets from one IP exceeds the
D_val variable, then the IP is considered to be responsible for a DDoS
attack. The D_val1 variable will be used later in the code to avoid
redundancy. I hope you are familiar with the code before the if
dict.has_key(IP): statement. This statement will check whether the key
(IP address) exists in the dictionary or not. If the key exists in dict,
then the dict[IP]=dict[IP]+1 statement increases the dict[IP] value by
1, which means that dict[IP] contains a count of packets that come from a
particular IP.
The if(dict[IP]>D_val) and (dict[IP]<D_val1) : statements are
the criteria to detect and write results in the dos.txt file;
if(dict[IP]>D_val) detects whether the incoming packet’s count
exceeds the D_val value or not. If it exceeds it, the subsequent
statements will write the IP in dos.txt after getting new packets. To
avoid redundancy, the (dict[IP]<D_val1) statement has been used. The
upcoming statements will write the results in the dos.txt file. Run the
program on a server and run mimp.py on the attacker’s machine.so there
you have it guys and trust me by looking at this it is very simple to
implement.
BYE!
No comments :
Post a Comment