https://geneva.cs.umd.edu/papers/usenix-weaponizing-ddos.pdf
Ddos technique with great amplification factor using MiddleBox
- SRC sends (SYN)
- DEST sends (SYN, ACK)
- SRC sends (ACK)
MiddleBoxes are state's firewalls, sendind RST and sometimes more(like an entire webpage) to the source who wants to connect to a "forbidden site", and also to the destination. The destination could also send a RST to the Middlebox (infinite loop)
Make believe that the (SYN,ACK) packet takes another path and doesn't get through the MiddleBox who have seen the (SYN) packet!
The trick is to send a SYN packet (SRC:Victim, DST:Filtered site) and ACK packet (SRC:Victim, DEST:Filtered site) just after, to trigger a reply from the MiddleBox(at least a RST, sometimes much more !!!)
Sending a spoofed SYN packet(SRC=Victim, DST=Pornhub|Youporn|Bittorrent....)
Sending a spoofed ACK+PSH with a HTTP GET payload packet(SRC=Victim, DST=Pornhub|Youporn|Bittorrent....)
| Don't do anything illegal with that piece of code. |
You need:
- tcpreplay
- mergecap
- scapy
sudo python3 mra.py <duration in seconds> <Target IP>