This will delete the page "Supported Attack Parameters"
. Please be certain.
No parameter is mandatory. If no parameters are specified, default ones are chosen. The default value for every attack parameter is listed below.
Parameters
attack.duration
Specifies the duration of the attack in seconds as an integer.
bots.count
Specifies number of bots that actively initiate communication by sending a HELLO
or NL_REQUEST
to other bots.
An integer is expected as input.
file.csv
Specifies the input CSV file that reflects the abstract bot communication which the packet injection is based on.
Using this parameter also converts the abstract communication in CSV notation to XML notation and stores it in the same directory as the input CSV file.
file.xml
Specifies the input XML file that reflects the abstract bot communication which the packet injection is based on.
hidden_mark
Specifies whether all packets generated by the attack should have a security-ip-option. This ip-option is not used anymore and will not be displayed by wireshark and will most likely not be interpreted by programs operating on the pcap. For that reason this option is the best way to mark packets generated by the attack. To filter for packets with this option use "ip.opt.sec_prot_auth_nsa == 1" in wireshark.
This value is either True
or False
.
inject.after-pkt
Specifies after which packet the attack packets are injected. Note: a value of 1 means that the packets are injected directly at the beginning. An integer is expected as input.
inject.at-timestamp
Specifies at which timestamp the attack packets are injected. Note: the timestamp is relative to the start of the packet capture. The timestamp is a float number.
interval.selection.strategy
Specifies the selection strategy of a communication interval from the input CSV/XML. The three options are random
, optimal
and custom
. For further details, look here.
interval.selection.start
If interval.selection.strategy
is custom
, the selected interval starts with the message at this index/linenumber. Indices/linenumbers start at 1. If interval.selection.strategy
is not selected, specifying interval.selection.start
does not affect the selection of the interval in any way. Can be combined with interval.selection.end
.
interval.selection.end
If interval.selection.strategy
is custom
, the selected interval ends with the message at this index/linenumber. Indices/linenumbers start at 1. If interval.selection.strategy
is not selected, specifying interval.selection.end
does not affect the selection of the interval in any way. Can be combined with interval.selection.start
.
ip.reuse.external
Specifies the percentage of external (e.g. public) IPs contained in the input .pcap file that are to be reused. If additionally parameter ip.reuse.total
is specified, the total percentage of external IP reuse is computed as ip.reuse.total
* ip.reuse.external
. A float number 0 <= x <= 1
is expected.
ip.reuse.local
Specifies the percentage of local (e.g. private) IPs contained in the input .pcap file that are to be reused. If additionally parameter ip.reuse.total
is specified, the total percentage of local IP reuse is computed as ip.reuse.total
* ip.reuse.local
. A float number 0 <= x <= 1
is expected.
ip.reuse.total
Specifies the percentage of all IPs contained in the input .pcap file that are to be reused. This can be combined with ip.reuse.external
or ip.reuse.local
as explained above. A float number 0 <= x <= 1
is expected.
multiport
Specifies the port selection strategy for destinations ports of packets. If True
use the strategy for ephemeral ports, if False
use port generation strategy of the sality botnet. No other values are allowed.
nat.present
Specifies if the injected network-local bots are behind a Network Address Translation (NAT) system. If so, network-external bots cannot initiate communication with network-local bots. Possible values are True
or False
.
packet.padding
Specifies the amount of additional padding that is added to the packets. The padding has to be an integer between 0
and 100
.
ttl.from.caida
Specifies whether the distribution for assigning TTLs is based on the input PCAP or on the CAIDA dataset. To base it on the CAIDA dataset, specify True
, otherwise False
.
Default Values
attack.duration
The attack last as long as the input PCAP does.
bots.count
One (initiator) bot.
file.csv
No default.
file.xml
The default XML file is resources/MembersMgmtComm_example.xml
.
hidden_mark
False
inject.after-pkt
The packet after which the attack is injected is chosen at random, but lies within the first fifth of all packets.
inject.at-timestamp
See default for inject.after-pkt
.
interval.selection.strategy
optimal
.
interval.selection.start
If interval.selection.strategy
is custom
, and no valid start or end index was specified, the start index is chosen at random
.
interval.selection.end
Does not have a default value.
ip.reuse.external
0.5
(reuse half).
ip.reuse.local
0.5
(reuse half).
ip.reuse.total
1
(reuse all).
multiport
False
packet.padding
20
Bytes.
ttl.from.caida
True
, i.e. the TTL distribution is based on the input PCAP.
This will delete the page "Supported Attack Parameters"
. Please be certain.