Skip to content
/ synack Public

Efficient network DDOS attacker tool for testing

Notifications You must be signed in to change notification settings

edubart/synack

Repository files navigation

About

Tool created for testing DDOS/DOS attacks. Supports SYN, UDP, TCP connection, ACK, PUSH+ACK and mixed floods. Created FOR EDUCATIONAL AND TESTING purposes only.

Author

edubart - github.com/edubart

Install

$ git clone git://github.com/edubart/synack.git
$ make
$ sudo make install

FLOODS DESCRIPTION

TCP Ping
  Ping a TCP port by seding simple SYN packet, option created
  just to see the target responsiveness.

Connection flood
  Flood TCP services with the 3-way TCP handshake causing
  massive amount of connections on the host, exhausting it's resources
  and then preventing new connections.

  NOTE: If you use this attack, you MUST add the following iptables
  rule to prevent your kernel aborting the attack, otherwise your
  kernel will reject all established connections on the target:
    iptables -I OUTPUT -p tcp --tcp-flags ALL RST -j DROP

  NOTE: Spoofing can't be used with this attack.

  NOTE: If you are behind a shared connection with a router as gateway,
  make sure that the router can handle massive amount of connections,
  usually home user routers can't, so you might wan't to connect directly
  if possible. By directly I mean assigning your public IP directly to
  your interface.

SYN, UDP floods
  Well known flood types

ACK, PA, Mixed S/A/PA/FA and Mixed A/PA/FA floods
  Uncommon flood types created for testing purposes

  NOTE:
    PA = TCP with flags PUSH+ACK set
    FA = TCP with flags FIN+ACK set
    S = TCP with flag SYN set
    A = TCP with flag ACK set

USAGE

synack -i <interface> -h <host> [action] [options]
Actions:
    -P                - TCP ping (default action)
    -C                - Connection flood
    -S                - SYN flood
    -A                - ACK flood
    -X                - SYN+ACK flood
    -D                - PA flood
    -M                - Mixed S/A/PA/FA flood
    -N                - Mixed A/PA/FA flood
    -U                - UDP flood
    -O                - Monitor interface traffic
General options:
    -i [interface]    - Which interface to do the action (required)
    -h [host,host2]   - Target hosts separated by comma, accepts 'host:port' syntax too (required)
    -H [targets file] - Targets in a file where each line is in ip:port format
    -n [subnet]       - Attack subnet, use formats like 192.168.0.0/16
    -p [port]         - Target port (default: random)
    -t [time]         - Run time in seconds (default: infinite)
    -u [interval]     - Sleep interval in microseconds (default: 10000)
    -j [pps]          - Calculates a sleep interval for desired packets per second output (accurate with multiple threads)
    -b [bytes]        - Additional random bytes to send as data (default: 0)
    -m [threads]      - Number of send threads (default: 1)
    -s [ip]           - Custom source ip, you may set to 'random' (default: interface ip)
    -d [binary file]  - Send binary file as data
    -z [page] [host]  - Send simple HTTP 1.1 request as data
    -f [text file]    - Read a list of IPs from a text file for spoofing
    -o                - Disable tcp options on SYN packets
    -q                - Quiet, don't print statistics output
    -x                - Drop established connections when receive ACK packets
    -y [delay]        - Drop established connections after delay
    -k [smac] [dmac]  - Use rawsendto kernel patch to send massive kpps
    -c [count]        - Max number of packets to send
    -w                - Stop after one packet was sent to all targets
    --help            - Print this help

TIPS

How to generate spoof ips list

# on target machine
iptables -I INPUT -p tcp --dport 9999 -j DROP
tcpdump -i eth0 tcp port 9999 -n -t -c 1100000 > spoofsniff
cat spoofsniff | awk '{print $2}' | sed 's/^\(.*\)\..*$/\1/' | sort | uniq > spoofips

# on source machine
synack -i eth0 -s random -h target -A -p 9999 -m 10 -j 1000

How to speed up throughput to get more pps (packets per second)

# enable XPS
echo f > /sys/class/net/eth1/queues/tx-0/xps_cpus

# increase txqueuelen
ifconfig eth1 txqueuelen 100000

# increase interface tx ring buffer
ethtool -G eth1 tx 4096

# enable 1000mbps full duplex
ethtool -s eth1 speed 1000 duplex full

# patch kernel with rawsendto to enable option -k for even more throughput
# in the menuconfig make sure you do the following:
# * disable optimize for size
# * select you cpu architeture
# * disable preemption
# * change timer clock to 100Hz,
sudo apt-get install build-essential kernel-package
wget http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.2.7.tar.bz2
tar xjf linux-3.2.7.tar.bz2
cd linux-3.2.7
cp /boot/config-2.6.32-5-amd64 .config
patch -p1 < rawsendto.patch
make menuconfig
fakeroot make-kpkg clean
fakeroot make-kpkg --append-to-version="-rawsendto" --initrd --us --uc -j4 kernel_image kernel_headers
cd ..
sudo dpkg -i linux-image-3.2.7-rawsendto_3.2.7-rawsendto-10.00.Custom_amd64.deb
sudo reboot

About

Efficient network DDOS attacker tool for testing

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages