标题:入侵之前,你伪造你的IP了么?
只看楼主
vcholy
Rank: 1
等 级:新手上路
帖 子:2
专家分:0
注 册:2007-6-6
 问题点数:0 回复次数:0 
入侵之前,你伪造你的IP了么?

本文首先声明仅仅用于技术讨论。 (有问题请到群28397900找群主)
伪造IP的的技术历史悠久,实际原理打个比方,你的电话号码是131,但是打过电话去,对方显示的却是132,或者000,这样就可以达到一定目的,网上关于这方面的讨论的也是大片大片,代码以C的最多,Delphi其次,但是VB来描述的,基本为无.本文便是在VB6.0下结合API讲述,如何修改 IP头来达到伪造的目的。
ICMP / TCP /UDP 这些类型的数据发送都是可以用修改IP头来实现的,ICMP/UDP包的自定义比较常见,但是对TCP包的伪造描述不多,本文主要讲述的是自己构造一个TCP包然后发送出去。
一个正常TCP包的结构,通常是IP头+TCP头+数据,在发送之前最重要的工作是要计算校验和,如果校验和不对,那么尽管能实现修改ip,但是不能发送数据出去。在计算校验和的时候需要注意还有个伪TCP头也需要计算进去,但是并不作为数据发送出去。
在VB6+windows2000+金山防火墙下测试成功,我的ip是10.0.0.100,伪造了1.1.1.1,金山墙拦截数据之后显示的也是,1.1.1.1
代码如下:
Option Explicit
Public Declare Function WSAIoctl Lib "ws2_32.dll" (ByVal s As Long, ByVal dwIoControlCode As Long, lpvInBuffer As Any, ByVal cbInBuffer As Long, lpvOutBuffer As Any, ByVal cbOutBuffer As Long, lpcbBytesReturned As Long, lpOverlapped As Long, lpCompletionRoutine As Long) As Long
Public Declare Function setsockopt Lib "ws2_32" (ByVal s As Long, ByVal level As Integer, ByVal optname As Integer, ByVal optval As Long, ByVal optlen As Long) As Integer
Public Declare Function sendto Lib "ws2_32" (ByVal s As Long, ByVal buf As Long, ByVal BufLen As Integer, ByVal flags As Integer, sckto As SOCK_ADDR, ByVal tolen As Integer) As Integer
Public Declare Function closesocket Lib "wsock32" (ByVal s As Long) As Long
Public Declare Function connect Lib "wsock32" (ByVal s As Long, name As SOCK_ADDR, ByVal namelen As Integer) As Long
Public Declare Function inet_addr Lib "wsock32" (ByVal cp As String) As Long
Public Declare Function htons Lib "wsock32" (ByVal hostshort As Integer) As Integer
Public Declare Function shutdown Lib "wsock32" (ByVal s As Long, ByVal how As Long) As Long
Public Declare Function socket Lib "wsock32" (ByVal af As Long, ByVal type_specification As Long, ByVal Protocol As Long) As Long
Public Declare Function WSACancelBlockingCall Lib "wsock32" () As Long
Public Declare Function WSACleanUp Lib "wsock32" Alias "WSACleanup" () As Long
Public Declare Function WSAStartup Lib "wsock32" (ByVal wVersionRequired As Integer, wsData As WSA_DATA) As Long
Public Declare Function htonl Lib "ws2_32.dll" (ByVal hostlong As Long) As Long
Public Declare Function ntohl Lib "ws2_32.dll" (ByVal netlong As Long) As Long
Public Declare Function ntohs Lib "ws2_32.dll" (ByVal netshort As Integer) As Integer
Public Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (pDst As Any, ByVal pSrc As Long, ByVal ByteLen As Long)
Public Const IPPROTO_RAW = 255
Public Const IP_HDRINCL = 2
Public Const AF_INET = 2 ' { internet : UDP, TCP, etc. }
Public Const IPPROTO_IP = 0
Public Const IPPROTO_TCP = 6
Public Const WSADESCRIPTION_LEN = 256, WSASYS_STATUS_LEN = 128
Public Const SOCK_RAW = 3
Public Const OFFSET_4 = 4294967296#, MAXINT_4 = 2147483647
Public Const OFFSET_2 = 65536, MAXINT_2 = 32767

Public Type WSA_DATA
wVersion As Integer
wHighVersion As Integer
strDescription(WSADESCRIPTION_LEN + 1) As Byte
strSystemStatus(WSASYS_STATUS_LEN + 1) As Byte
iMaxSockets As Integer
iMaxUdpDg As Integer
lpVendorInfo As Long
End Type


Public Type IN_ADDR
S_addr As Long
End Type

Public Type SOCK_ADDR
sin_family As Integer
sin_port As Integer
sin_addr As IN_ADDR
sin_zero(0 To 7) As Byte
End Type

[此贴子已经被作者于2007-6-6 9:10:40编辑过]

搜索更多相关主题的帖子: 伪造 
2007-06-06 09:09



参与讨论请移步原网站贴子:https://bbs.bccn.net/thread-145268-1-1.html




关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.015775 second(s), 8 queries.
Copyright©2004-2024, BCCN.NET, All Rights Reserved