change WinSize

code/Attack/EternalBlueExploit.py

@@ -13,7 +13,8 @@ from scapy.utils import RawPcapReader
 from scapy.layers.inet import IP, Ether, TCP, RandShort
 
 class EternalBlueExploit(BaseAttack.BaseAttack):
-    template_attack_pcap_path = "resources/Win7_eternalblue_scan.pcap"
+    template_scan_pcap_path = "resources/Win7_eternalblue_scan.pcap"
+    template_attack_pcap_path = "resources/Win7_eternalblue_exploit.pcap"
     # SMB port
     smb_port = 445
     # Empirical values from Metasploit experiments
@@ -127,16 +128,33 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
         else:
             destination_ttl_value = self.statistics.process_db_query("most_used(ttlValue)")
 
+        # Set Window Size based on Window Size distribution of IP address
+        source_win_dist = self.statistics.get_win_distribution(ip_source)
+        if len(source_win_dist) > 0:
+            source_win_prob_dict = Lea.fromValFreqsDict(source_win_dist)           
+        else:
+            source_win_dist =  self.statistics.get_win_distribution(self.statistics.get_most_used_ip_address())
+            source_win_prob_dict = Lea.fromValFreqsDict(source_win_dist)
+      
+        destination_win_dist = self.statistics.get_win_distribution(ip_destination)
+        if len(destination_win_dist) > 0:
+            destination_win_prob_dict = Lea.fromValFreqsDict(destination_win_dist)
+        else:
+            destination_win_dist = self.statistics.get_win_distribution(self.statistics.get_most_used_ip_address())
+            destination_win_prob_dict = Lea.fromValFreqsDict(destination_win_dist)
+
         # Scan (MS17) for EternalBlue
-        # Read Win7_eternalblue_scan_vulnerable pcap file
+        # Read Win7_eternalblue_scan pcap file
         orig_ip_dst = None
-        exploit_raw_packets = RawPcapReader(self.template_attack_pcap_path)
+        exploit_raw_packets = RawPcapReader(self.template_scan_pcap_path)
         inter_arrival_time_dist = self.get_inter_arrival_time_dist(exploit_raw_packets)
         timeSteps = Lea.fromValFreqsDict(inter_arrival_time_dist)
-        exploit_raw_packets = RawPcapReader(self.template_attack_pcap_path)
+        exploit_raw_packets = RawPcapReader(self.template_scan_pcap_path)
 
         port_source = randint(self.minDefaultPort,self.maxDefaultPort) # experiments show this range of ports
 
+        source_origin_wins, destination_origin_wins = {}, {}
+
         for pkt_num, pkt in enumerate(exploit_raw_packets):
             eth_frame = Ether(pkt[0])
             ip_pkt = eth_frame.payload
@@ -158,6 +176,12 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
                 # TCP
                 tcp_pkt.setfieldval("sport",port_source)
 
+                source_origin_win = tcp_pkt.getfieldval("window")
+                if source_origin_win not in source_origin_wins:
+                    source_origin_wins[source_origin_win] = source_win_prob_dict.random()
+                new_win = source_origin_wins[source_origin_win]
+                tcp_pkt.setfieldval("window", new_win)
+
                 new_pkt = (eth_frame / ip_pkt / tcp_pkt)
                 new_pkt.time = timestamp_next_pkt
 
@@ -174,6 +198,12 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
                 ip_pkt.setfieldval("ttl", destination_ttl_value)
                 # TCP
                 tcp_pkt.setfieldval("dport", port_source)
+                
+                destination_origin_win = tcp_pkt.getfieldval("window")
+                if destination_origin_win not in destination_origin_wins:
+                    destination_origin_wins[destination_origin_win] = destination_win_prob_dict.random()
+                new_win = destination_origin_wins[destination_origin_win]
+                tcp_pkt.setfieldval("window", new_win)
 
                 new_pkt = (eth_frame / ip_pkt / tcp_pkt)
                 timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps) + float(timeSteps.random())
@@ -184,7 +214,7 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
 
         # Inject EternalBlue exploit packets
         # Read Win7_eternalblue_exploit pcap file
-        exploit_raw_packets = RawPcapReader("resources/Win7_eternalblue_exploit.pcap")
+        exploit_raw_packets = RawPcapReader(self.template_attack_pcap_path)
 
         port_source = randint(self.minDefaultPort,self.maxDefaultPort) # experiments show this range of ports
         # conversations = {(ip.src, ip.dst, port.src, port.dst): packets}
@@ -224,6 +254,13 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
                         ip_pkt.setfieldval("ttl", source_ttl_value)
                         # TCP
                         tcp_pkt.setfieldval("sport", port_source)
+
+                        source_origin_win = tcp_pkt.getfieldval("window")
+                        if source_origin_win not in source_origin_wins:
+                            source_origin_wins[source_origin_win] = source_win_prob_dict.random()
+                        new_win = source_origin_wins[source_origin_win]
+                        tcp_pkt.setfieldval("window", new_win)
+
                         new_pkt = (eth_frame / ip_pkt / tcp_pkt)
                         new_pkt.time = timestamp_next_pkt
 
@@ -241,6 +278,13 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
                         ip_pkt.setfieldval("ttl", destination_ttl_value)
                         # TCP
                         tcp_pkt.setfieldval("dport", port_source)
+
+                        destination_origin_win = tcp_pkt.getfieldval("window")
+                        if destination_origin_win not in destination_origin_wins:
+                            destination_origin_wins[destination_origin_win] = destination_win_prob_dict.random()
+                        new_win = destination_origin_wins[destination_origin_win]
+                        tcp_pkt.setfieldval("window", new_win)
+
                         new_pkt = (eth_frame / ip_pkt / tcp_pkt)
 
                         pps = max(getIntervalPPS(complement_interval_pps, timestamp_next_pkt), 10)
@@ -258,8 +302,6 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
                     ip_pkt = eth_frame.payload
                     tcp_pkt = ip_pkt.payload
 
-                    # defining req/rep should be adapted to fit the last converstaion where
-                    # victim start a connection with the attacker
                     # Request
                     if tcp_pkt.getfieldval("dport") == self.last_conn_dst_port:
                         # Ether
@@ -271,6 +313,13 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
                         ip_pkt.setfieldval("ttl", destination_ttl_value)
                         # TCP
                         tcp_pkt.setfieldval("sport", port_source)
+
+                        destination_origin_win = tcp_pkt.getfieldval("window")
+                        if destination_origin_win not in destination_origin_wins:
+                            destination_origin_wins[destination_origin_win] = destination_win_prob_dict.random()
+                        new_win = destination_origin_wins[destination_origin_win]
+                        tcp_pkt.setfieldval("window", new_win)
+
                         new_pkt = (eth_frame / ip_pkt / tcp_pkt)
                         new_pkt.time = timestamp_next_pkt
 
@@ -288,6 +337,13 @@ class EternalBlueExploit(BaseAttack.BaseAttack):
                         ip_pkt.setfieldval("ttl", source_ttl_value)
                         # TCP
                         tcp_pkt.setfieldval("dport", port_source)
+
+                        source_origin_win = tcp_pkt.getfieldval("window")
+                        if source_origin_win not in source_origin_wins:
+                            source_origin_wins[source_origin_win] = source_win_prob_dict.random()
+                        new_win = source_origin_wins[source_origin_win]
+                        tcp_pkt.setfieldval("window", new_win)
+
                         new_pkt = (eth_frame / ip_pkt / tcp_pkt)
 
                         pps = max(getIntervalPPS(complement_interval_pps, timestamp_next_pkt), 10)