Skip to content

Ddos technique with great amplification factor from using MiddleBox

Notifications You must be signed in to change notification settings

moloch54/Ddos-TCP-Middlebox-Reflection-Attack

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 

Repository files navigation

Ddos-TCP-Middlebox-Reflection-Attack

https://geneva.cs.umd.edu/papers/usenix-weaponizing-ddos.pdf
Ddos technique with great amplification factor using MiddleBox

The technique

middle

Reminder: TCP Handshake

  1. SRC sends (SYN)
  2. DEST sends (SYN, ACK)
  3. SRC sends (ACK)

Reminder 2: MiddleBox

MiddleBoxes are state's firewalls, sendind RST and sometimes more(like an entire webpage) to the source who wants to connect to a "forbidden site", and also to the destination. The destination could also send a RST to the Middlebox (infinite loop)

The trick

Make believe that the (SYN,ACK) packet takes another path and doesn't get through the MiddleBox who have seen the (SYN) packet!
The trick is to send a SYN packet (SRC:Victim, DST:Filtered site) and ACK packet (SRC:Victim, DEST:Filtered site) just after, to trigger a reply from the MiddleBox(at least a RST, sometimes much more !!!)

PoC

Sending a spoofed SYN packet(SRC=Victim, DST=Pornhub|Youporn|Bittorrent....)
Sending a spoofed ACK+PSH with a HTTP GET payload packet(SRC=Victim, DST=Pornhub|Youporn|Bittorrent....)

⚠️ WARNING
Don't do anything illegal with that piece of code.

Requirements

You need:

  • tcpreplay
  • mergecap
  • scapy

Usage

sudo python3 mra.py <duration in seconds> <Target IP>

About

Ddos technique with great amplification factor from using MiddleBox

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages