gosynflood

gosynflood - Repeatedly Send Crafted TCP SYN Packets with Raw Sockets
intended for Ubuntu and other Debian distributions

USAGE:
  
# go get or git clone the project
go get github.com/rootVIII/gosynflood
git clone https://github.com/rootVIII/gosynflood.git


# Navigate to project root and build:
go build .

# raw sockets require root privileges when executing:
sudo ./gosynflood -t <target IPV4 address> -p <port number> -i <network interface>

# Example:
sudo ./gosynflood -t 192.168.1.120 -p 80 -i wlp3s0

** The bin/builds directory has a compiled executable if you do not have
Golang installed or do not want to build it yourself.
  
CLI OPTIONS:
  
-t private or public IP address of target webserver
-p target webserver's port number (defaults to port 80 if not provided)
-i your network interface (running without -i will fail,
     but it will suggest all found interfaces, ie: lo, wlpxxx, eth0 etc.)

Enter control-c to stop the flood attack.
  

Each packet's IP address is spoofed. MAC addresses are not spoofed.
It is up to you to spoof your MAC Address beforehand if desired.

This attack may only work on web servers susceptible to numerous half-open connections (SYN_RECV).

To demonstrate this, a small Ubuntu Mate running Apache2 will act as the target.
It's a physical machine on a private network.


1. The tcp_syncookies flag was set to 0 (to make the target vulnerable for demonstration purposes) and the webserver was started on the target: ![1](/content/images/2020/11/1.png)
  1. The attacker machine (a separate physical machine also running Ubuntu) executes the gosynflood exe with root privileges:
    5

  2. The initial SYNs are visible in Wireshark on the target, purposefully never completing the thee 3-way handshake:
    2

3

  1. During the attack the webserver should be unreachable at it's URL if it is susceptible. The half-open connections are visible via the command netstat -na --tcp
    4

This was developed on Ubuntu 18.04 LTS.


Author: rootVIII 2020

GitHub