simulate syn flood attack

K

kamelia

Hi,
I have a userland software with FreeBSD TCP/IP stack.
I want to simulate SYN Flooding attack on it.
and I using hping and tcpdump tools but it seems like it doesn't work and it drops none of the packets!
I have no idea what is wrong? something i missed?

Thanks in advance!
 
how about more details? freebsd version, firewall ruleset, hping program arguments, network config, source of the userland software ...
 
If you are sending a bunch of SYN packets using whatever tool, you're not simulating a SYN-flood attack but you're actually doing a SYN-flood attack.
 
rootbert said:
how about more details? freebsd version, firewall ruleset, hping program arguments, network config, source of the userland software ...
Click to expand...
freebsd 11
there is no ruleset in iptables
I am using : hping3 -c 10000 -S -p 80 --flood --rand-source 192.168.1.10
I define variables in tcp_syncache.c file for counting receive and drop packets but when I'm doing attack, these counters sometimes jump back without any errors. for example, if now cache_count=1000 then next packet is equal to 700!
I can't understand what's going on!
 
SirDice said:
IPTables is a Linux firewall, FreeBSD doesn't have it.

Your "flood" is likely not big enough to make an impact.
Click to expand...
then what's happening here?
" I define variables in tcp_syncache.c file for counting receive and drop packets but when I'm doing attack, these counters sometimes jump back without any errors. for example, if now cache_count=1000 then next packet is equal to 700! "
would you please help me?
 
Is there anything listening on port 80? If there's nothing accepting the SYN then it would simply respond with a RST and be done. The whole idea behind a SYN flood is to send a lot of SYN requests to which the 'victim' responds with a SYN/ACK and never finishing the three-way handshake (SYN; SYN/ACK; ACK). Thereby leaving a bunch of connections in a so-called "half-open" state, which uses up resources.
 
SirDice said:
Is there anything listening on port 80? If there's nothing accepting the SYN then it would simply respond with a RST and be done. The whole idea behind a SYN flood is to send a lot of SYN requests to which the 'victim' responds with a SYN/ACK and never finishing the three-way handshake (SYN; SYN/ACK; ACK). Thereby leaving a bunch of connections in a so-called "half-open" state, which uses up resources.
Click to expand...
yes, I run nginx and it listens on port 80.
I use tcpdump and I see syn and syn/ack packets and there is no rst packet.
my problem is syncache algorithm in freebsd. how does it work?
 
You must log in or register to reply here.
Back
Top