Jelajahi Sumber

Untested commit containing the logic between stealthy packet marking. I'll test this when my setup is running again and i can see the sun.

Denis Waßmann 6 tahun lalu
induk
melakukan
8ec896a20d
2 mengubah file dengan 19 tambahan dan 1 penghapusan
  1. 2 0
      code/Attack/AttackParameters.py
  2. 17 1
      code/Attack/MembersMgmtCommAttack.py

+ 2 - 0
code/Attack/AttackParameters.py

@@ -55,6 +55,8 @@ class Parameter(Enum):
     PACKET_PADDING = 'packet.padding'
     #recommended type: interval selection strategy, i.e. 'random', 'optimal' or 'custom' ------------------------------------
     INTERVAL_SELECT_STRATEGY = 'interval.selection.strategy'
+    # indicating if the attack will mark generated packets
+    HIDDEN_MARK = "hidden_mark"
 
 class ParameterTypes(Enum):
     """

+ 17 - 1
code/Attack/MembersMgmtCommAttack.py

@@ -69,6 +69,7 @@ from ID2TLib.CommunicationProcessor import CommunicationProcessor
 from ID2TLib.Botnet.MessageMapping import MessageMapping
 from ID2TLib.PcapFile import PcapFile
 from ID2TLib.Statistics import Statistics
+from scapy.layers.inet import IP, IPOption_Security
 
 
 class MembersMgmtCommAttack(BaseAttack.BaseAttack):
@@ -119,7 +120,8 @@ class MembersMgmtCommAttack(BaseAttack.BaseAttack):
             # information about the interval selection strategy
             Param.INTERVAL_SELECT_STRATEGY: ParameterTypes.TYPE_INTERVAL_SELECT_STRAT,
             Param.INTERVAL_SELECT_START: ParameterTypes.TYPE_INTEGER_POSITIVE,
-            Param.INTERVAL_SELECT_END: ParameterTypes.TYPE_INTEGER_POSITIVE
+            Param.INTERVAL_SELECT_END: ParameterTypes.TYPE_INTEGER_POSITIVE,
+            Param.HIDDEN_MARK: ParameterTypes.TYPE_BOOLEAN
         }
 
         # create dict with MessageType values for fast name lookup
@@ -171,6 +173,8 @@ class MembersMgmtCommAttack(BaseAttack.BaseAttack):
         # interval selection strategy
         self.add_param_value(Param.INTERVAL_SELECT_STRATEGY, "optimal")
 
+        self.add_param_value(Param.HIDDEN_MARK, False)
+
     def generate_attack_pcap(self, context):
         """
         Injects the packets of this attack into a PCAP and stores it as a temporary file.
@@ -270,6 +274,18 @@ class MembersMgmtCommAttack(BaseAttack.BaseAttack):
         # Store timestamp of last packet
         self.attack_end_utime = last_packet.time
 
+        if self.get_param_value(Param.HIDDEN_MARK):
+            # insert an unused ip-option
+            for p in total_pkts:
+                if isinstance(p.payload, IP): # do this only for ip-packets
+                    ip_data = p.payload
+                    hidden_opt = IPOption_Security()
+                    hidden_opt.option = 2  # "normal" security opt
+                    hidden_opt.compartment = 16  # magic value indicating NSA
+
+                    ip_data.options = hidden_opt
+
+
         # Return packets sorted by packet by timestamp and total number of packets (sent)
         return total_pkts , path_attack_pcap