Published on February 20th, 2019 📆 | 4256 Views ⚑0
BoNeSi – The DDoS Botnet Simulator
BoNeSi is a network traffic generator for different protocol types. The attributes of the created packets and connections can be controlled by several parameters like send rate or payload size or they are determined by chance. It spoofs the source ip addresses even when generating tcp traffic. Therefor it includes a simple tcp-stack to handle tcp connections in promiscuous mode. For correct work, one has to ensure that the response packets are routed to the host at which BoNeSi is running. Therefore BoNeSi cannot used in arbitrary network infrastructures. The most advanced kind of traffic that can be generated are http requests.
TCP/HTTP In order to make the http requests more realistic, several things are determined by chance:
- source port
- ttl: 3..255
- tcp options: out of seven different real life options with different lengths and probabilities
- user agent for http header: out of a by file given list (an example file is included, see below)
Copyright 2006-2007 Deutsches Forschungszentrum fuer Kuenstliche Intelligenz This is free software. Licensed under the ApacheLicense, Version 2.0. There is NO WARRANTY, to the extent permitted by law.
:~$ ./configure :~$ make :~$ make install
:~$ bonesi [OPTION...] <dst_ip:port> Options: -i, --ips=FILENAME filename with ip list -p, --protocol=PROTO udp (default), icmp or tcp -r, --send_rate=NUM packets per second, 0 = infinite (default) -s, --payload_size=SIZE size of the paylod, (default: 32) -o, --stats_file=FILENAME filename for the statistics, (default: 'stats') -c, --max_packets=NUM maximum number of packets (requests at tcp/http), 0 = infinite (default) --integer IPs are integers in host byte order instead of in dotted notation -t, --max_bots=NUM determine max_bots in the 24bit prefix randomly (1-256) -u, --url=URL the url (default: '/') (only for tcp/http) -l, --url_list=FILENAME filename with url list (only for tcp/http) -b, --useragent_list=FILENAME filename with useragent list (only for tcp/http) -d, --device=DEVICE network listening device (only for tcp/http, e.g. eth1) -m, --mtu=NUM set MTU, (default 1500). Currently only when using TCP. -f, --frag=NUM set fragmentation mode (0=IP, 1=TCP, default: 0). Currently only when using TCP. -v, --verbose print additional debug messages -h, --help print help message and exit
Additionally Included Example Files
- 50,000 ip addresses generated randomly to use with –ips option
- several browser identifications to use with –useragentlist option
- several urls to use with –urllist option