PortscanAttack.py 7.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153
  1. import logging
  2. from random import shuffle, randint, choice, uniform
  3. from lea import Lea
  4. from Attack import BaseAttack
  5. from Attack.AttackParameters import Parameter as Param
  6. from Attack.AttackParameters import ParameterTypes
  7. logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
  8. # noinspection PyPep8
  9. from scapy.layers.inet import IP, Ether, TCP
  10. class PortscanAttack(BaseAttack.BaseAttack):
  11. def __init__(self, statistics, pcap_file_path):
  12. """
  13. Creates a new instance of the PortscanAttack.
  14. :param statistics: A reference to the statistics class.
  15. """
  16. # Initialize attack
  17. super(PortscanAttack, self).__init__(statistics, "Portscan Attack", "Injects a nmap 'regular scan'",
  18. "Scanning/Probing")
  19. # Define allowed parameters and their type
  20. self.supported_params = {
  21. Param.IP_SOURCE: ParameterTypes.TYPE_IP_ADDRESS,
  22. Param.IP_DESTINATION: ParameterTypes.TYPE_IP_ADDRESS,
  23. Param.PORT_SOURCE: ParameterTypes.TYPE_PORT,
  24. Param.PORT_DESTINATION: ParameterTypes.TYPE_PORT,
  25. Param.PORT_OPEN: ParameterTypes.TYPE_PORT,
  26. Param.MAC_SOURCE: ParameterTypes.TYPE_MAC_ADDRESS,
  27. Param.MAC_DESTINATION: ParameterTypes.TYPE_MAC_ADDRESS,
  28. Param.INJECT_AT_TIMESTAMP: ParameterTypes.TYPE_FLOAT,
  29. Param.INJECT_AFTER_PACKET: ParameterTypes.TYPE_PACKET_POSITION,
  30. Param.PORT_DEST_SHUFFLE: ParameterTypes.TYPE_BOOLEAN,
  31. Param.PORT_ORDER_DESC: ParameterTypes.TYPE_BOOLEAN,
  32. Param.IP_SOURCE_RANDOMIZE: ParameterTypes.TYPE_BOOLEAN,
  33. Param.PACKETS_PER_SECOND: ParameterTypes.TYPE_FLOAT,
  34. Param.PORT_SOURCE_RANDOM: ParameterTypes.TYPE_BOOLEAN}
  35. # PARAMETERS: initialize with default values
  36. # (values are overwritten if user specifies them)
  37. most_used_ipAddress = self.statistics.process_db_query("most_used(ipAddress)")
  38. self.add_param_value(Param.IP_SOURCE, most_used_ipAddress)
  39. self.add_param_value(Param.IP_SOURCE_RANDOMIZE, 'False')
  40. self.add_param_value(Param.IP_DESTINATION, '192.168.178.13')
  41. self.add_param_value(Param.PORT_DESTINATION, '1-1023,1720,1900,8080')
  42. self.add_param_value(Param.PORT_SOURCE, '8542')
  43. self.add_param_value(Param.PORT_OPEN, '8080,9232,9233')
  44. self.add_param_value(Param.PORT_SOURCE_RANDOM, 'False')
  45. self.add_param_value(Param.PORT_DEST_SHUFFLE, 'False')
  46. self.add_param_value(Param.PORT_ORDER_DESC, 'False')
  47. self.add_param_value(Param.MAC_SOURCE, 'macAddress(ipAddress=' + most_used_ipAddress + ')')
  48. self.add_param_value(Param.MAC_DESTINATION, 'A0:1A:28:0B:62:F4')
  49. self.add_param_value(Param.PACKETS_PER_SECOND,
  50. (self.statistics.get_pps_sent(most_used_ipAddress) +
  51. self.statistics.get_pps_received(most_used_ipAddress)) / 2)
  52. self.add_param_value(Param.INJECT_AT_TIMESTAMP, '1410733342') # Sun, 14 Sep 2014 22:22:22 GMT
  53. def get_packets(self):
  54. def get_timestamp():
  55. """
  56. Calculates the next timestamp and returns the timestamp to be used for the current packet.
  57. :return: Timestamp to be used for the current packet.
  58. """
  59. nonlocal timestamp_next_pkt, pps, maxdelay
  60. timestamp_current_packet = timestamp_next_pkt # current timestamp
  61. timestamp_next_pkt = timestamp_next_pkt + uniform(0.1 / pps, maxdelay) # timestamp for next pkt
  62. return timestamp_current_packet
  63. # Determine ports
  64. dest_ports = self.get_param_value(Param.PORT_DESTINATION)
  65. if self.get_param_value(Param.PORT_ORDER_DESC):
  66. dest_ports.reverse()
  67. elif self.get_param_value(Param.PORT_DEST_SHUFFLE):
  68. shuffle(dest_ports)
  69. if self.get_param_value(Param.PORT_SOURCE_RANDOM):
  70. sport = randint(0, 65535)
  71. else:
  72. sport = self.get_param_value(Param.PORT_SOURCE)
  73. # Get TTL distribution
  74. # keys = list(self.statistics.get_ttl_distribution().vals()
  75. # values = list(self.statistics.get_ttl_distribution().pmf())
  76. # TTL_samples = numpy.random.choice(keys, size=len(dest_ports), replace=True, dport=values)
  77. ttl_value = self.statistics.process_db_query("most_used(ttlValue)")
  78. # MSS (Maximum Segment Size) for Ethernet. Allowed values [536,1500]
  79. mss = ('MSS', int(self.statistics.process_db_query('avg(mss)')))
  80. # Timestamp
  81. timestamp_next_pkt = self.get_param_value(Param.INJECT_AT_TIMESTAMP)
  82. self.attack_start_utime = timestamp_next_pkt # store start time of attack
  83. pps = self.get_param_value(Param.PACKETS_PER_SECOND)
  84. randomdelay = Lea.fromValFreqsDict({1 / pps: 70, 2 / pps: 30, 5 / pps: 15, 10 / pps: 3})
  85. maxdelay = randomdelay.random()
  86. # Initialize parameters
  87. packets = []
  88. ip_source = self.get_param_value(Param.IP_SOURCE)
  89. ip_destination = self.get_param_value(Param.IP_DESTINATION)
  90. mac_source = self.get_param_value(Param.MAC_SOURCE)
  91. mac_destination = self.get_param_value(Param.MAC_DESTINATION)
  92. for dport in dest_ports:
  93. # Parameters changing each iteration
  94. if self.get_param_value(Param.IP_SOURCE_RANDOMIZE) and isinstance(ip_source, list):
  95. ip_source = choice(ip_source)
  96. # 1) Build request package
  97. request_ether = Ether(src=mac_source, dst=mac_destination)
  98. request_ip = IP(src=ip_source, dst=ip_destination, ttl=ttl_value)
  99. request_tcp = TCP(sport=sport, dport=dport)
  100. request = (request_ether / request_ip / request_tcp)
  101. request.time = get_timestamp()
  102. packets.append(request)
  103. # 2) Build reply package
  104. reply_ether = Ether(src=mac_destination, dst=mac_source)
  105. reply_ip = IP(src=ip_destination, dst=ip_source, flags='DF')
  106. if dport in self.get_param_value(Param.PORT_OPEN): # destination port is OPEN
  107. # target answers
  108. reply_tcp = TCP(sport=dport, dport=sport, seq=0, ack=1, flags='SA', window=29200,
  109. options=[mss])
  110. # reply_tcp.time = time_sec_start + random.uniform(0.00005, 0.00013)
  111. reply = (reply_ether / reply_ip / reply_tcp)
  112. reply.time = get_timestamp()
  113. packets.append(reply)
  114. # requester confirms
  115. confirm_ether = request_ether
  116. confirm_ip = request_ip
  117. confirm_tcp = TCP(sport=sport, dport=dport, seq=1, window=0, flags='R')
  118. reply = (confirm_ether / confirm_ip / confirm_tcp)
  119. reply.time = get_timestamp()
  120. packets.append(reply)
  121. else: # destination port is NOT OPEN
  122. reply_tcp = TCP(sport=dport, dport=sport, flags='RA', seq=1, ack=1, window=0)
  123. # reply_tcp.time = time_sec_start + random.uniform(0.00005, 0.00013)
  124. reply = (reply_ether / reply_ip / reply_tcp)
  125. reply.time = get_timestamp()
  126. packets.append(reply)
  127. # store end time of attack
  128. self.attack_end_utime = reply.time
  129. # return packets sorted by packet time_sec_start
  130. return sorted(packets, key=lambda pkt: pkt.time)