Home Explore Help
Sign In
stefan.schmidt
/
ID2T-toolkit
forked from SPIN/ID2T-toolkit
3
0
Fork 0
Files
Browse Source

most used ip class can now return lists
destination port SQL query in DDoS attack can now return lists
handle ipclass and port-list in DDoS attack

Stefano Acquaviti 6 years ago
parent
c1c4f09f2f
commit
c5fafcfc85
2 changed files with 13 additions and 3 deletions
Split View Show Diff Stats
  1. 12 2
      code/Attack/DDoSAttack.py
  2. 1 1
      code/ID2TLib/StatsDatabase.py

+ 12 - 2
code/Attack/DDoSAttack.py
View File 

@@ -56,6 +56,9 @@ class DDoSAttack(BaseAttack.BaseAttack):
 
         num_attackers = randint(1, 16)
 
         # The most used IP class in background traffic
 
         most_used_ip_class = self.statistics.process_db_query("most_used(ipClass)")
 
+        if isinstance(most_used_ip_class, list):
 
+            most_used_ip_class.sort()
 
+            most_used_ip_class = most_used_ip_class[0]
 
 
         self.add_param_value(Param.IP_SOURCE, self.generate_random_ipv4_address(most_used_ip_class, num_attackers))
 
         self.add_param_value(Param.MAC_SOURCE, self.generate_random_mac_address(num_attackers))
 
@@ -111,6 +114,9 @@ class DDoSAttack(BaseAttack.BaseAttack):
 
         if num_attackers is not None:  # user supplied Param.NUMBER_ATTACKERS
 
             # The most used IP class in background traffic
 
             most_used_ip_class = self.statistics.process_db_query("most_used(ipClass)")
 
+            if isinstance(most_used_ip_class, list):
 
+                most_used_ip_class.sort()
 
+                most_used_ip_class = most_used_ip_class[0]
 
             # Create random attackers based on user input Param.NUMBER_ATTACKERS
 
             ip_source_list = self.generate_random_ipv4_address(most_used_ip_class, num_attackers)
 
             mac_source_list = self.generate_random_mac_address(num_attackers)
 
@@ -147,13 +153,17 @@ class DDoSAttack(BaseAttack.BaseAttack):
 
         port_destination = self.get_param_value(Param.PORT_DESTINATION)
 
         if not port_destination:  # user did not define port_dest
 
             port_destination = self.statistics.process_db_query(
 
-                "SELECT portNumber FROM ip_ports WHERE portDirection='in' AND ipAddress='" + ip_destination + "' ORDER BY portCount DESC LIMIT 1;")
 
+                "SELECT portNumber FROM ip_ports WHERE portDirection='in' AND ipAddress='" + ip_destination + "' AND portCount==(SELECT MAX(portCount) FROM ip_ports WHERE portDirection='in' AND ipAddress='" + ip_destination + "');")
 
         if not port_destination:  # no port was retrieved
 
             port_destination = self.statistics.process_db_query(
 
-                "SELECT portNumber FROM ip_ports WHERE portDirection='in' GROUP BY portNumber ORDER BY SUM(portCount) DESC LIMIT 1;")
 
+                "SELECT portNumber FROM (SELECT portNumber, SUM(portCount) as occ FROM ip_ports WHERE portDirection='in' GROUP BY portNumber ORDER BY occ DESC) WHERE occ=(SELECT SUM(portCount) FROM ip_ports WHERE portDirection='in' GROUP BY portNumber ORDER BY SUM(portCount) DESC LIMIT 1);")
 
         if not port_destination:
 
             port_destination = max(1, str(RandShort()))
 
 
+        if isinstance(port_destination, list):
 
+            port_destination.sort()
 
+            port_destination = port_destination[0]
 
+
 
         attacker_port_mapping = {}
 
         attacker_ttl_mapping = {}

+ 1 - 1
code/ID2TLib/StatsDatabase.py
View File 

@@ -176,7 +176,7 @@ class StatsDatabase:
 
             "most_used.ttlvalue": "SELECT ttlValue FROM ip_ttl GROUP BY ttlValue ORDER BY SUM(ttlCount) DESC LIMIT 1",
 
             "most_used.mssvalue": "SELECT mssValue FROM tcp_mss GROUP BY mssValue ORDER BY SUM(mssCount) DESC LIMIT 1",
 
             "most_used.winsize": "SELECT winSize FROM tcp_win GROUP BY winSize ORDER BY SUM(winCount) DESC LIMIT 1",
 
-            "most_used.ipclass": "SELECT ipClass FROM ip_statistics GROUP BY ipClass ORDER BY COUNT(*) DESC LIMIT 1",
 
+            "most_used.ipclass": "SELECT ipClass FROM (SELECT ipClass, COUNT(*) as occ from ip_statistics GROUP BY ipClass ORDER BY occ DESC) WHERE occ=(SELECT COUNT(*) as occ from ip_statistics GROUP BY ipClass ORDER BY occ DESC LIMIT 1)",
 
             #FIXME ORDER BY ASC ? check queries for os dependency!!
 
             "least_used.ipaddress": "SELECT ipAddress FROM ip_statistics WHERE (pktsSent+pktsReceived) == (SELECT MIN(pktsSent+pktsReceived) from ip_statistics)",
 
             "least_used.macaddress": "SELECT * FROM (SELECT macAddress, COUNT(*) as occ from ip_mac GROUP BY macAddress ORDER BY occ ASC) WHERE occ=(SELECT COUNT(*) as occ from ip_mac GROUP BY macAddress ORDER BY occ ASC LIMIT 1)",