|
@@ -69,6 +69,7 @@ from ID2TLib.CommunicationProcessor import CommunicationProcessor
|
|
from ID2TLib.Botnet.MessageMapping import MessageMapping
|
|
from ID2TLib.Botnet.MessageMapping import MessageMapping
|
|
from ID2TLib.PcapFile import PcapFile
|
|
from ID2TLib.PcapFile import PcapFile
|
|
from ID2TLib.Statistics import Statistics
|
|
from ID2TLib.Statistics import Statistics
|
|
|
|
+from scapy.layers.inet import IP, IPOption_Security
|
|
|
|
|
|
|
|
|
|
class MembersMgmtCommAttack(BaseAttack.BaseAttack):
|
|
class MembersMgmtCommAttack(BaseAttack.BaseAttack):
|
|
@@ -119,7 +120,8 @@ class MembersMgmtCommAttack(BaseAttack.BaseAttack):
|
|
# information about the interval selection strategy
|
|
# information about the interval selection strategy
|
|
Param.INTERVAL_SELECT_STRATEGY: ParameterTypes.TYPE_INTERVAL_SELECT_STRAT,
|
|
Param.INTERVAL_SELECT_STRATEGY: ParameterTypes.TYPE_INTERVAL_SELECT_STRAT,
|
|
Param.INTERVAL_SELECT_START: ParameterTypes.TYPE_INTEGER_POSITIVE,
|
|
Param.INTERVAL_SELECT_START: ParameterTypes.TYPE_INTEGER_POSITIVE,
|
|
- Param.INTERVAL_SELECT_END: ParameterTypes.TYPE_INTEGER_POSITIVE
|
|
|
|
|
|
+ Param.INTERVAL_SELECT_END: ParameterTypes.TYPE_INTEGER_POSITIVE,
|
|
|
|
+ Param.HIDDEN_MARK: ParameterTypes.TYPE_BOOLEAN
|
|
}
|
|
}
|
|
|
|
|
|
# create dict with MessageType values for fast name lookup
|
|
# create dict with MessageType values for fast name lookup
|
|
@@ -171,6 +173,8 @@ class MembersMgmtCommAttack(BaseAttack.BaseAttack):
|
|
# interval selection strategy
|
|
# interval selection strategy
|
|
self.add_param_value(Param.INTERVAL_SELECT_STRATEGY, "optimal")
|
|
self.add_param_value(Param.INTERVAL_SELECT_STRATEGY, "optimal")
|
|
|
|
|
|
|
|
+ self.add_param_value(Param.HIDDEN_MARK, False)
|
|
|
|
+
|
|
def generate_attack_pcap(self, context):
|
|
def generate_attack_pcap(self, context):
|
|
"""
|
|
"""
|
|
Injects the packets of this attack into a PCAP and stores it as a temporary file.
|
|
Injects the packets of this attack into a PCAP and stores it as a temporary file.
|
|
@@ -270,6 +274,18 @@ class MembersMgmtCommAttack(BaseAttack.BaseAttack):
|
|
# Store timestamp of last packet
|
|
# Store timestamp of last packet
|
|
self.attack_end_utime = last_packet.time
|
|
self.attack_end_utime = last_packet.time
|
|
|
|
|
|
|
|
+ if self.get_param_value(Param.HIDDEN_MARK):
|
|
|
|
+ # insert an unused ip-option
|
|
|
|
+ for p in total_pkts:
|
|
|
|
+ if isinstance(p.payload, IP): # do this only for ip-packets
|
|
|
|
+ ip_data = p.payload
|
|
|
|
+ hidden_opt = IPOption_Security()
|
|
|
|
+ hidden_opt.option = 2 # "normal" security opt
|
|
|
|
+ hidden_opt.compartment = 16 # magic value indicating NSA
|
|
|
|
+
|
|
|
|
+ ip_data.options = hidden_opt
|
|
|
|
+
|
|
|
|
+
|
|
# Return packets sorted by packet by timestamp and total number of packets (sent)
|
|
# Return packets sorted by packet by timestamp and total number of packets (sent)
|
|
return total_pkts , path_attack_pcap
|
|
return total_pkts , path_attack_pcap
|
|
|
|
|