ソースを参照

- Makes the PortscanAttack compatible to the new attack pcap writing architecture
- Adds a fallback option if the IP address' used MAC address cannot be determined by use of the statistics database

Patrick Jattke 8 年 前
コミット
a7cbfc38a9
4 ファイル変更44 行追加29 行削除
  1. 6 3
      code/Attack/DDoSAttack.py
  2. 9 3
      code/Attack/PortscanAttack.py
  3. 27 21
      code/CLI.py
  4. 2 2
      code/ID2TLib/AttackController.py

+ 6 - 3
code/Attack/DDoSAttack.py

@@ -51,7 +51,10 @@ class DDoSAttack(BaseAttack.BaseAttack):
         # victim configuration
         random_ip_address = self.statistics.get_random_ip_address()
         self.add_param_value(Param.IP_DESTINATION, random_ip_address)
-        self.add_param_value(Param.MAC_DESTINATION, self.statistics.get_mac_address(random_ip_address))
+        destination_mac = self.statistics.get_mac_address(random_ip_address)
+        if isinstance(destination_mac, list) and len(destination_mac) == 0:
+            destination_mac = self.generate_random_mac_address()
+        self.add_param_value(Param.MAC_DESTINATION, destination_mac)
         port_destination = self.statistics.process_db_query(
             "SELECT portNumber FROM ip_ports WHERE portDirection='in' ORDER BY RANDOM() LIMIT 1;")
         if port_destination is None:
@@ -152,7 +155,7 @@ class DDoSAttack(BaseAttack.BaseAttack):
         gd = gamma.rvs(alpha, loc=loc, scale=beta, size=len(ip_source_list))
 
         path_attack_pcap = None
-        for pkt_num in range(self.get_param_value(Param.PACKETS_LIMIT)):
+        for pkt_num in range(self.get_param_value(Param.PACKETS_LIMIT) + 1):
             # Select one IP address and its corresponding MAC address
             (ip_source, mac_source) = get_nth_random_element(ip_source_list, mac_source_list)
 
@@ -184,4 +187,4 @@ class DDoSAttack(BaseAttack.BaseAttack):
         self.attack_end_utime = last_packet.time
 
         # return packets sorted by packet time_sec_start
-        return path_attack_pcap
+        return pkt_num, path_attack_pcap

+ 9 - 3
code/Attack/PortscanAttack.py

@@ -53,7 +53,10 @@ class PortscanAttack(BaseAttack.BaseAttack):
 
         random_ip_address = self.statistics.get_random_ip_address()
         self.add_param_value(Param.IP_DESTINATION, random_ip_address)
-        self.add_param_value(Param.MAC_DESTINATION, self.statistics.get_mac_address(random_ip_address))
+        destination_mac = self.statistics.get_mac_address(random_ip_address)
+        if isinstance(destination_mac, list) and len(destination_mac) == 0:
+            destination_mac = self.generate_random_mac_address()
+        self.add_param_value(Param.MAC_DESTINATION, destination_mac)
 
         self.add_param_value(Param.PORT_DESTINATION, '1-1023,1720,1900,8080')
         self.add_param_value(Param.PORT_OPEN, '8080,9232,9233')
@@ -156,7 +159,10 @@ class PortscanAttack(BaseAttack.BaseAttack):
                 # else: destination port is NOT OPEN -> no reply is sent by target
 
         # store end time of attack
-        self.attack_end_utime = reply.time
+        self.attack_end_utime = packets[-1].time
+
+        # write attack packets to pcap
+        pcap_path = self.write_attack_pcap(sorted(packets, key=lambda pkt: pkt.time))
 
         # return packets sorted by packet time_sec_start
-        return sorted(packets, key=lambda pkt: pkt.time)
+        return len(packets), pcap_path

+ 27 - 21
code/CLI.py

@@ -105,26 +105,32 @@ def main(args):
 
 
 # Uncomment to enable calling by terminal
+# if __name__ == '__main__':
+#    main(sys.argv[1:])
+
 if __name__ == '__main__':
-    main(sys.argv[1:])
+    INPUT = ['-i']
 
-# if __name__ == '__main__':
-#     FILE = ['-i', '/mnt/hgfs/datasets/95M.pcap']
-#     FILE2 = ['-i', '/mnt/hgfs/datasets/95M_20161103-185151.pcap']
-#     FILE3 = ['-i', '/home/pjattke/temp/test_me_short.pcap']
-#     ATTACK_NO_PARAM = ['-a', 'DDoSAttack', 'attackers.count=10']
-#
-#     ATTACK = ['-a', 'PortscanAttack', 'ip.src=10.2.2.4', 'mac.dst=05:AB:47:B5:19:11',
-#               'inject.at-timestamp=1449038705.316721', 'attack.note=Portscan2']
-#     ATTACK2 = ['-a', 'PortscanAttack', 'ip.dst=193.133.122.23', 'ip.src=192.124.34.12', 'inject.after-pkt=34']
-#
-#     STATS_RECALC = ['-r']
-#     STATS_PRINT = ['-s']
-#     STATS_PLOT = ['-p', 'format=pdf']
-#
-#     QUERY_MODE_LOOP = ['-q']
-#     QUERY_DB = ['-q', 'ipAddress(pktsSent > 1000, kbytesSent >= 20)']
-#
-#     main(FILE + STATS_PLOT)
-
-    # main(['-c', '/home/pjattke/Thesis/development/code/config'])
+    #    FILES = ['/root/datasets/201506021400_1G.pcap',
+    #             '/root/datasets/201506021400_2G.pcap',
+    #             '/root/datasets/201506021400_5G.pcap']
+
+    FILES = ['/mnt/hgfs/datasets/201506021400_2G.pcap']
+
+    #    FILES = ['/mnt/hgfs/datasets/95M.pcap']
+
+    ATTACK_PS = ['-a', 'PortscanAttack', 'ip.src=10.2.2.4', 'mac.dst=05:AB:47:B5:19:11',
+                 'inject.at-timestamp=1449038705.316721', 'attack.note=Portscan2']
+    ATTACK_PS2 = ['-a', 'PortscanAttack', 'port.dst=1-1024']
+    ATTACK_DD = ['-a', 'DDoSAttack', 'attackers.count=10', 'packets.limit=1000']
+
+    STATS_RECALC = ['-r']
+    STATS_PRINT = ['-s']
+    STATS_PLOT = ['-p']
+
+    QUERY_MODE_LOOP = ['-q']
+    QUERY_DB = ['-q', 'ipAddress(pktsSent > 1000, kbytesSent >= 20)']
+
+    for f in FILES:
+        main(INPUT + [f] + ATTACK_PS2 + ATTACK_DD)  # Statistics Calculation
+        #main(INPUT + ATTACK_DD)  # Attack Packet Generation -> insert exit() | Merging

+ 2 - 2
code/ID2TLib/AttackController.py

@@ -83,8 +83,8 @@ class AttackController:
         # Write attack into pcap file
         print("Generating attack packets...", end=" ")
         sys.stdout.flush()  # force python to print text immediately
-        temp_attack_pcap_path = self.current_attack.generate_attack_pcap()
-        print("done.")
+        total_packets, temp_attack_pcap_path = self.current_attack.generate_attack_pcap()
+        print("done. (total: " + str(total_packets) + " pkts.)")
 
         # Merge attack with existing pcap
         pcap_dest_path = self.pcap_file.merge_attack(temp_attack_pcap_path)