PortscanAttack.py 7.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168
  1. import logging
  2. from random import shuffle, randint, choice, uniform
  3. from lea import Lea
  4. from Attack import BaseAttack
  5. from Attack.AttackParameters import Parameter as Param
  6. from Attack.AttackParameters import ParameterTypes
  7. logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
  8. # noinspection PyPep8
  9. from scapy.layers.inet import IP, Ether, TCP
  10. class PortscanAttack(BaseAttack.BaseAttack):
  11. def __init__(self, statistics, pcap_file_path):
  12. """
  13. Creates a new instance of the PortscanAttack.
  14. :param statistics: A reference to the statistics class.
  15. """
  16. # Initialize attack
  17. super(PortscanAttack, self).__init__(statistics, "Portscan Attack", "Injects a nmap 'regular scan'",
  18. "Scanning/Probing")
  19. # Define allowed parameters and their type
  20. self.supported_params = {
  21. Param.IP_SOURCE: ParameterTypes.TYPE_IP_ADDRESS,
  22. Param.IP_DESTINATION: ParameterTypes.TYPE_IP_ADDRESS,
  23. Param.PORT_SOURCE: ParameterTypes.TYPE_PORT,
  24. Param.PORT_DESTINATION: ParameterTypes.TYPE_PORT,
  25. Param.PORT_OPEN: ParameterTypes.TYPE_PORT,
  26. Param.MAC_SOURCE: ParameterTypes.TYPE_MAC_ADDRESS,
  27. Param.MAC_DESTINATION: ParameterTypes.TYPE_MAC_ADDRESS,
  28. Param.INJECT_AT_TIMESTAMP: ParameterTypes.TYPE_FLOAT,
  29. Param.INJECT_AFTER_PACKET: ParameterTypes.TYPE_PACKET_POSITION,
  30. Param.PORT_DEST_SHUFFLE: ParameterTypes.TYPE_BOOLEAN,
  31. Param.PORT_DEST_ORDER_DESC: ParameterTypes.TYPE_BOOLEAN,
  32. Param.IP_SOURCE_RANDOMIZE: ParameterTypes.TYPE_BOOLEAN,
  33. Param.PACKETS_PER_SECOND: ParameterTypes.TYPE_FLOAT,
  34. Param.PORT_SOURCE_RANDOMIZE: ParameterTypes.TYPE_BOOLEAN
  35. }
  36. # PARAMETERS: initialize with default values
  37. # (values are overwritten if user specifies them)
  38. most_used_ip_address = self.statistics.get_most_used_ip_address()
  39. if isinstance(most_used_ip_address, list):
  40. most_used_ip_address = most_used_ip_address[0]
  41. self.add_param_value(Param.IP_SOURCE, most_used_ip_address)
  42. self.add_param_value(Param.IP_SOURCE_RANDOMIZE, 'False')
  43. self.add_param_value(Param.MAC_SOURCE, self.statistics.get_mac_address(most_used_ip_address))
  44. random_ip_address = self.statistics.get_random_ip_address()
  45. self.add_param_value(Param.IP_DESTINATION, random_ip_address)
  46. destination_mac = self.statistics.get_mac_address(random_ip_address)
  47. if isinstance(destination_mac, list) and len(destination_mac) == 0:
  48. destination_mac = self.generate_random_mac_address()
  49. self.add_param_value(Param.MAC_DESTINATION, destination_mac)
  50. self.add_param_value(Param.PORT_DESTINATION, '1-1023,1720,1900,8080')
  51. self.add_param_value(Param.PORT_OPEN, '8080,9232,9233')
  52. self.add_param_value(Param.PORT_DEST_SHUFFLE, 'False')
  53. self.add_param_value(Param.PORT_DEST_ORDER_DESC, 'False')
  54. self.add_param_value(Param.PORT_SOURCE, randint(1024, 65535))
  55. self.add_param_value(Param.PORT_SOURCE_RANDOMIZE, 'False')
  56. self.add_param_value(Param.PACKETS_PER_SECOND,
  57. (self.statistics.get_pps_sent(most_used_ip_address) +
  58. self.statistics.get_pps_received(most_used_ip_address)) / 2)
  59. self.add_param_value(Param.INJECT_AFTER_PACKET, randint(0, self.statistics.get_packet_count()))
  60. def generate_attack_pcap(self):
  61. def update_timestamp(timestamp, pps, maxdelay):
  62. """
  63. Calculates the next timestamp to be used based on the packet per second rate (pps) and the maximum delay.
  64. :return: Timestamp to be used for the next packet.
  65. """
  66. return timestamp + uniform(0.1 / pps, maxdelay)
  67. # Determine ports
  68. dest_ports = self.get_param_value(Param.PORT_DESTINATION)
  69. if self.get_param_value(Param.PORT_DEST_ORDER_DESC):
  70. dest_ports.reverse()
  71. elif self.get_param_value(Param.PORT_DEST_SHUFFLE):
  72. shuffle(dest_ports)
  73. if self.get_param_value(Param.PORT_SOURCE_RANDOMIZE):
  74. sport = randint(0, 65535)
  75. else:
  76. sport = self.get_param_value(Param.PORT_SOURCE)
  77. # Timestamp
  78. timestamp_next_pkt = self.get_param_value(Param.INJECT_AT_TIMESTAMP)
  79. # store start time of attack
  80. self.attack_start_utime = timestamp_next_pkt
  81. # Initialize parameters
  82. packets = []
  83. ip_source = self.get_param_value(Param.IP_SOURCE)
  84. ip_destination = self.get_param_value(Param.IP_DESTINATION)
  85. mac_source = self.get_param_value(Param.MAC_SOURCE)
  86. mac_destination = self.get_param_value(Param.MAC_DESTINATION)
  87. pps = self.get_param_value(Param.PACKETS_PER_SECOND)
  88. randomdelay = Lea.fromValFreqsDict({1 / pps: 70, 2 / pps: 30, 5 / pps: 15, 10 / pps: 3})
  89. maxdelay = randomdelay.random()
  90. # MSS (Maximum Segment Size) for Ethernet. Allowed values [536,1500]
  91. mss = self.statistics.get_mss(ip_destination)
  92. # Set TTL based on TTL distribution of IP address
  93. ttl_dist = self.statistics.get_ttl_distribution(ip_source)
  94. if len(ttl_dist) > 0:
  95. ttl_prob_dict = Lea.fromValFreqsDict(ttl_dist)
  96. ttl_value = ttl_prob_dict.random()
  97. else:
  98. ttl_value = self.statistics.process_db_query("most_used(ttlValue)")
  99. for dport in dest_ports:
  100. # Parameters changing each iteration
  101. if self.get_param_value(Param.IP_SOURCE_RANDOMIZE) and isinstance(ip_source, list):
  102. ip_source = choice(ip_source)
  103. # 1) Build request package
  104. request_ether = Ether(src=mac_source, dst=mac_destination)
  105. request_ip = IP(src=ip_source, dst=ip_destination, ttl=ttl_value)
  106. request_tcp = TCP(sport=sport, dport=dport, flags='S')
  107. request = (request_ether / request_ip / request_tcp)
  108. # first packet uses timestamp provided by attack parameter Param.INJECT_AT_TIMESTAMP
  109. if len(packets) > 0:
  110. timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps, maxdelay)
  111. request.time = timestamp_next_pkt
  112. packets.append(request)
  113. # 2) Build reply package
  114. if dport in self.get_param_value(Param.PORT_OPEN): # destination port is OPEN
  115. reply_ether = Ether(src=mac_destination, dst=mac_source)
  116. reply_ip = IP(src=ip_destination, dst=ip_source, flags='DF')
  117. if mss is None:
  118. reply_tcp = TCP(sport=dport, dport=sport, seq=0, ack=1, flags='SA', window=29200)
  119. else:
  120. reply_tcp = TCP(sport=dport, dport=sport, seq=0, ack=1, flags='SA', window=29200,
  121. options=[('MSS', mss)])
  122. reply = (reply_ether / reply_ip / reply_tcp)
  123. timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps, maxdelay)
  124. reply.time = timestamp_next_pkt
  125. packets.append(reply)
  126. # requester confirms
  127. confirm_ether = request_ether
  128. confirm_ip = request_ip
  129. confirm_tcp = TCP(sport=sport, dport=dport, seq=1, window=0, flags='R')
  130. reply = (confirm_ether / confirm_ip / confirm_tcp)
  131. timestamp_next_pkt = update_timestamp(timestamp_next_pkt, pps, maxdelay)
  132. reply.time = timestamp_next_pkt
  133. packets.append(reply)
  134. # else: destination port is NOT OPEN -> no reply is sent by target
  135. # store end time of attack
  136. self.attack_end_utime = packets[-1].time
  137. # write attack packets to pcap
  138. pcap_path = self.write_attack_pcap(sorted(packets, key=lambda pkt: pkt.time))
  139. # return packets sorted by packet time_sec_start
  140. return len(packets), pcap_path