DDoS分布式拒绝服务>> shroud>> 返回
项目作者: mrnfrancesco

项目描述 :
Proof of concept of a false-positive-based anti SYN scan
高级语言: C
项目地址: git://github.com/mrnfrancesco/shroud.git
创建时间: 2017-04-29T16:53:11Z
项目社区:https://github.com/mrnfrancesco/shroud
开源协议:GNU General Public License v3.0
下载


SHROUD - PoC of an anti port scanner

Shroud is a proof of concept of an anti-SYN scan based on false positive flooding.

Basically it looks for incoming tcp SYN packets on host’s closed ports and reply with SYN-ACK packet to initiate a three way handshake properly.

Below an example of the results of the nmap -sS 127.0.0.1 -p- scan on a sample host not running shroud:

  1. Starting Nmap 7.40 ( https://nmap.org ) at 2017-04-29 19:45 CEST
  2. Nmap scan report for localhost.localdomain (127.0.0.1)
  3. Host is up (0.0000040s latency).
  4. Not shown: 65532 closed ports
  5. PORT     STATE SERVICE
  6. 80/tcp   open  http
  7. 443/tcp  open  https
  8. 22/tcp open  ssh
  10. Nmap done: 1 IP address (1 host up) scanned in 0.76 seconds

And the results of the same scan running shroud:

  1. Starting Nmap 7.40 ( https://nmap.org ) at 2017-04-29 20:37 CEST
  2. Nmap scan report for localhost.localdomain (127.0.0.1)
  3. Host is up (0.021s latency).
  4. PORT      STATE SERVICE
  5. 1/tcp     open  tcpmux
  6. 2/tcp     open  compressnet
  7. 3/tcp     open  compressnet
  8. 4/tcp     open  unknown
  9. 5/tcp     open  rje
  10. 6/tcp     open  unknown
  11. 7/tcp     open  echo
  12. 8/tcp     open  unknown
  13. 9/tcp     open  discard
  14. 10/tcp    open  unknown
  15. 11/tcp    open  systat
  16. 12/tcp    open  unknown
  17. 13/tcp    open  daytime
  18. 14/tcp    open  unknown
  19. 15/tcp    open  netstat
  20. 16/tcp    open  unknown
  21. 17/tcp    open  qotd
  22. 18/tcp    open  msp
  23. 19/tcp    open  chargen
  24. 20/tcp    open  ftp-data
  25. 21/tcp    open  ftp
  26. 22/tcp    open  ssh
  27. 23/tcp    open  telnet
  28. 24/tcp    open  priv-mail
  29. 25/tcp    open  smtp
  30. 26/tcp    open  rsftp
  31. 27/tcp    open  nsw-fe
  32. [...]
  33. 65531/tcp open  unknown
  34. 65532/tcp open  unknown
  35. 65533/tcp open  unknown
  36. 65534/tcp open  unknown
  37. 65535/tcp open  unknown
  39. Nmap done: 1 IP address (1 host up) scanned in 10.88 seconds

Compiling

You can compile shroud with:

  1. mkdir build
  2. cd build
  3. cmake -DCMAKE_BUILD_TYPE=Debug -G "CodeBlocks - Unix Makefiles" <path to shroud project>
  4. make

Running

shroud needs root permission to run properly because of raw socket usage.

Troubleshooting

Ports appear to be closed while running shroud

It happens because you have to disable OS’ RST responses to SYN packet sent to closed ports because if they are sent before the SYN-ACK (and they are!) the port scanner will know the ports are closed.

You could do this with a simple iptables rule:

iptables -A OUTPUT -p tcp --tcp-flags RST RST -j DROP