def get_smb_platform_data(platform: str, timestamp: float): """ Gets platform-dependent data for SMB 2 packets :param platform: the platform for which to get SMB 2 packet data :param timestamp: a timestamp for calculating the boot-time :return: server_guid, security_blob, capabilities, data_size and server_start_time of the given platform """ Util.check_platform(platform) if platform == "linux": server_guid = "ubuntu" security_blob = security_blob_ubuntu capabilities = 0x5 data_size = 0x800000 server_start_time = 0 elif platform == "macos": server_guid = binascii.b2a_hex(os.urandom(15)).decode() security_blob = security_blob_macos capabilities = 0x6 data_size = 0x400000 server_start_time = 0 else: server_guid = binascii.b2a_hex(os.urandom(15)).decode() security_blob = security_blob_windows capabilities = 0x7 data_size = 0x100000 server_start_time = Util.get_filetime_format( Util.get_rnd_boot_time(timestamp)) return server_guid, security_blob, capabilities, data_size, server_start_time
def get_ip_data(self, ip_address: str): """ :param ip_address: the ip of which (packet-)data shall be returned :return: MSS, TTL and Window Size values of the given IP """ # Set MSS (Maximum Segment Size) based on MSS distribution of IP address mss_dist = self.statistics.get_mss_distribution(ip_address) if len(mss_dist) > 0: mss_prob_dict = lea.Lea.fromValFreqsDict(mss_dist) mss_value = mss_prob_dict.random() else: mss_value = Util.handle_most_used_outputs(self.most_used_mss_value) # Set TTL based on TTL distribution of IP address ttl_dist = self.statistics.get_ttl_distribution(ip_address) if len(ttl_dist) > 0: ttl_prob_dict = lea.Lea.fromValFreqsDict(ttl_dist) ttl_value = ttl_prob_dict.random() else: ttl_value = Util.handle_most_used_outputs(self.most_used_ttl_value) # Set Window Size based on Window Size distribution of IP address win_dist = self.statistics.get_win_distribution(ip_address) if len(win_dist) > 0: win_prob_dict = lea.Lea.fromValFreqsDict(win_dist) win_value = win_prob_dict.random() else: win_value = Util.handle_most_used_outputs(self.most_used_win_size) return mss_value, ttl_value, win_value
def get_smb_version(platform: str): """ Returns SMB version based on given platform :param platform: the platform as string :return: SMB version as string """ Util.check_platform(platform) if platform == "linux": return rnd.choice(list(smb_versions_per_samba.values())) elif platform == "macos": return "2.1" else: return smb_versions_per_win[platform]
def generate_attack_packets(self) -> None: ip_attacker = self.get_param_value(self.IP_SOURCE) mac_attacker = self.get_param_value(self.MAC_SOURCE) ip_amplifier = self.get_param_value(self.IP_DESTINATION) mac_amplifier = self.get_param_value(self.MAC_DESTINATION) ip_victim = self.get_param_value(self.IP_VICTIM) timestamp_next_pkt = self.get_param_value(self.INJECT_AT_TIMESTAMP) self.attack_start_utime = timestamp_next_pkt attack_duration = self.get_param_value(self.ATTACK_DURATION) attack_ends_time = timestamp_next_pkt + attack_duration _, src_ttl, _ = self.get_ip_data(ip_attacker) sport = Util.generate_source_port_from_platform('linux') # Use MAC of the actual source, but the IP of the victim attacker_ether = inet.Ether(src=mac_attacker, dst=mac_amplifier) attacker_ip = inet.IP(src=ip_victim, dst=ip_amplifier, ttl=src_ttl, flags='DF') while timestamp_next_pkt <= attack_ends_time: request_udp = inet.UDP(sport=sport, dport=Memcd.memcached_port) request_memcd = Memcd.Memcached_Request(Request=b'stats\r\n', RequestID=inet.RandShort()) request = (attacker_ether / attacker_ip / request_udp / request_memcd) request.time = timestamp_next_pkt self.add_packet(request, ip_victim, ip_amplifier) timestamp_next_pkt = self.timestamp_controller.next_timestamp()
def test_get_smb_platform_data_win(self): guid, blob, cap, d_size, time = SMBLib.get_smb_platform_data( "win7", 100) self.assertEqual((blob, cap, d_size), (SMBLib.security_blob_windows, 0x7, 0x100000)) self.assertTrue(isinstance(guid, str) and len(guid) > 0) self.assertTrue(time <= Utility.get_filetime_format(100))
def test_get_rnd_x86_nop_with_sideeffects(self): result = Utility.get_rnd_x86_nop(1000, False) for i in range(0, len(result)): with self.subTest(i=i): self.assertTrue( result[i].to_bytes(1, "little") in Utility.x86_nops or result[i].to_bytes(1, "little") in Utility.x86_pseudo_nops)
def append_ips( ip_address_input: t.List[str]) -> t.Tuple[bool, t.List[str]]: """ Recursive appending function to handle lists and ranges of IP addresses. :param ip_address_input: The IP address(es) as list of strings, comma-separated or dash-separated string. :return: List of all given IP addresses. """ ip_list = [] is_valid = True for ip in ip_address_input: if '-' in ip: ip_range = ip.split('-') ip_range = Util.get_ip_range(ip_range[0], ip_range[1]) if not ip_range: is_valid = False is_valid, ips = append_ips(ip_range) ip_list.extend(ips) else: try: ipaddress.ip_address(ip) ip_list.append(ip) except ValueError: return False, ip_list return is_valid, ip_list
def __init__(self): """ Creates a new instance of the SMBScanAttack. This Attack injects TCP Syn Requests to the port 445 of several ips and related response into the output pcap file. If port 445 is open, it will simulate and inject the SMB Protocol Negotiation too. """ # Initialize attack super(SMBScanAttack, self).__init__("SMBScan Attack", "Injects an SMB scan", "Scanning/Probing") self.host_os = Util.get_rnd_os() # Define allowed parameters and their type self.update_params([ Parameter(self.IP_SOURCE, IPAddress()), Parameter(self.IP_DESTINATION, IPAddress()), Parameter(self.MAC_DESTINATION, MACAddress()), Parameter(self.TARGET_COUNT, IntegerPositive()), Parameter(self.HOSTING_PERCENTAGE, Percentage()), Parameter(self.PORT_SOURCE, Port()), Parameter(self.MAC_SOURCE, MACAddress()), Parameter(self.IP_SOURCE_RANDOMIZE, Boolean()), Parameter(self.PACKETS_PER_SECOND, Float()), Parameter(self.PORT_SOURCE_RANDOMIZE, Boolean()), Parameter(self.HOSTING_IP, IPAddress()), Parameter(self.HOSTING_VERSION, String()), Parameter(self.SOURCE_PLATFORM, SpecificString(Util.platforms)), Parameter(self.PROTOCOL_VERSION, String()) ])
def test_get_ip_range_backwards(self): end = "192.168.178.254" start = "192.168.179.1" result = [ "192.168.179.1", "192.168.179.0", "192.168.178.255", "192.168.178.254" ] self.assertEqual(Utility.get_ip_range(start, end), result)
def test_get_rnd_x86_nop_without_sideeffects(self): result = Utility.get_rnd_x86_nop(1000, True) for i in range(0, len(result)): with self.subTest(i=i): self.assertIn(result[i].to_bytes(1, "little"), Utility.x86_nops) self.assertNotIn(result[i].to_bytes(1, "little"), Utility.x86_pseudo_nops)
def get_intermediate_timestamp(self, divisor: int = 2, factor: int = 1) -> int: """ Calculates a timestamp, which lays within the input pcap. By default a timestamp in the middle of the pcap. :param divisor: The number of intervals in which the pcap length should be divided. :param factor: The number of the interval from which to get the timestamp. :return: The calculated timestamp. """ start = Util.get_timestamp_from_datetime_str( self.statistics.get_pcap_timestamp_start()) end = Util.get_timestamp_from_datetime_str( self.statistics.get_pcap_timestamp_end()) if factor > divisor: print("Error: timestamp out of range (factor > divisor)") return start return start + ((end - start) / divisor) * factor
def choose_attack(input_name): """" Finds the attack best matching to input_name :param input_name: The name of the attack the user put in :return: The best matching attack in case one was found """ import Attack # Find all attacks, exclude some classes package = Attack available_attacks = [] for _, name, __ in pkgutil.iter_modules(package.__path__): if name != 'BaseAttack' and name != 'AttackParameters': available_attacks.append(name) highest_sim = 0.0 highest_sim_attack = None for attack in available_attacks: # Check if attack name is accurate if input_name == attack: return attack # Compares input with one of the available attacks # Makes comparison with lowercase version with generic endings removed # List of generic attack name endings can be found in ID2TLib.Utility counter_check = attack.lower() if not any(ending in input_name for ending in Util.generic_attack_names): counter_check = Util.remove_generic_ending(counter_check) similarity = difflib.SequenceMatcher(None, input_name.lower(), counter_check).ratio() # Exact match, return appropriate attack name if similarity == 1.0: return attack # Found more likely match if similarity > highest_sim: highest_sim = similarity highest_sim_attack = attack # Found no exactly matching attack name, print best match and exit if highest_sim >= 0.6: print('Found no attack of name ' + input_name + '. The closest match was ' + highest_sim_attack + '. Use ./id2t -l for a list of available attacks.') exit(1) # Found no reasonably matching attack name, recommend -l and exit else: print('Found no attack of name ' + input_name + ' or one similar to it.' ' Use ./id2t -l for an overview of available attacks.') exit(1)
def init_param(self, param: str) -> bool: """ Initialize a parameter with its default values specified in this attack. :param param: parameter, which should be initialized :return: True if initialization was successful, False if not """ value = None if param == self.INJECT_AFTER_PACKET: value = rnd.randint(0, self.statistics.get_packet_count()) # attacker configuration elif param == self.NUMBER_ATTACKERS: # FIXME value = rnd.randint(1, 16) elif param == self.IP_SOURCE: num_attackers = self.get_param_value(self.NUMBER_ATTACKERS) if not num_attackers: return False # The most used IP class in background traffic most_used_ip_class = Util.handle_most_used_outputs( self.statistics.get_most_used_ip_class()) value = self.generate_random_ipv4_address(most_used_ip_class, num_attackers) elif param == self.MAC_SOURCE: num_attackers = self.get_param_value(self.NUMBER_ATTACKERS) if not num_attackers: return False value = self.generate_random_mac_address(num_attackers) elif param == self.PORT_SOURCE: self.default_port = int(inet.RandShort()) value = self.default_port elif param == self.PACKETS_PER_SECOND: value = 0.0 elif param == self.ATTACK_DURATION: value = rnd.randint(5, 30) # victim configuration elif param == self.IP_DESTINATION: value = self.statistics.get_random_ip_address() elif param == self.MAC_DESTINATION: ip_dst = self.get_param_value(self.IP_DESTINATION) if not ip_dst: return False value = self.get_mac_address(ip_dst) elif param == self.VICTIM_BUFFER: value = rnd.randint(1000, 10000) elif param == self.LATENCY_MAX: value = 0 if value is None: return False return self.add_param_value(param, value)
def init_param(self, param: str) -> bool: """ Initialize a parameter with its default values specified in this attack. :param param: parameter, which should be initialized :return: True if initialization was successful, False if not """ value = None if param == self.IP_SOURCE: value = self.statistics.get_most_used_ip_address() elif param == self.IP_SOURCE_RANDOMIZE: value = 'False' elif param == self.MAC_SOURCE: ip_src = self.get_param_value(self.IP_SOURCE) if ip_src is None: return False value = self.get_mac_address(ip_src) elif param == self.TARGET_COUNT: value = 200 elif param == self.IP_DESTINATION: value = "1.1.1.1" elif param == self.MAC_DESTINATION: ip_dst = self.get_param_value(self.IP_DESTINATION) if ip_dst is None: return False value = self.get_mac_address(ip_dst) elif param == self.PORT_SOURCE: value = rnd.randint(1024, 65535) elif param == self.PORT_SOURCE_RANDOMIZE: value = 'True' elif param == self.PACKETS_PER_SECOND: value = self.statistics.get_most_used_pps() elif param == self.INJECT_AFTER_PACKET: value = rnd.randint(0, self.statistics.get_packet_count()) elif param == self.INJECT_AT_TIMESTAMP: value = self.get_intermediate_timestamp() elif param == self.HOSTING_PERCENTAGE: value = 0.5 elif param == self.HOSTING_IP: value = "1.1.1.1" elif param == self.HOSTING_VERSION: value = SMBLib.get_smb_version(platform=self.host_os) elif param == self.SOURCE_PLATFORM: value = Util.get_rnd_os() elif param == self.PROTOCOL_VERSION: value = "1" if value is None: return False return self.add_param_value(param, value)
def get_reply_latency(self, ip_src, ip_dst, default: int = 0, mode: str = None): """ Gets the minimum and the maximum reply latency for all the connections of a specific IP. :param ip_src: The source IP for which to retrieve the reply latency. :param ip_dst: The destination IP for which to retrieve the reply latency. :param default: The default value to return if no latency could be calculated. :param mode: either "local" or "public" :return minimum and maximum latency """ if not mode: mode = Util.get_network_mode(ip_src, ip_dst) minimum = {"local": 900, "public": 3000} if default != 0: minimum[mode] = default result = self.statistics.process_db_query\ ("SELECT minLatency, maxLatency FROM ip_statistics WHERE ipAddress in ('{0}, {1}');". format(ip_src, ip_dst)) min_latency = minimum[mode] max_latency = minimum[mode] for ip in result: # retrieve minimum latency if ip[0]: retrieved = ip[0] else: retrieved = np.median(self.all_min_latencies) min_latency = min(min_latency, retrieved) # retrieve maximum latency if ip[1]: retrieved = ip[1] else: retrieved = np.median(self.all_max_latencies) max_latency = min(max_latency, retrieved) min_latency = int( min_latency) * 10**-6 # convert from micro to seconds max_latency = int(max_latency) * 10**-6 return min_latency, max_latency
def init_param(self, param: str) -> bool: """ Initialize a parameter with its default values specified in this attack. :param param: parameter, which should be initialized :return: True if initialization was successful, False if not """ value = None # The most used IP class in background traffic if param == self.NUMBER_ATTACKERS: value = rnd.randint(1, 16) if param == self.IP_SOURCE: most_used_ip_class = Util.handle_most_used_outputs( self.statistics.get_most_used_ip_class()) num_attackers = self.get_param_value(self.NUMBER_ATTACKERS) if num_attackers is None: return False value = self.generate_random_ipv4_address(most_used_ip_class, num_attackers) elif param == self.MAC_SOURCE: num_attackers = self.get_param_value(self.NUMBER_ATTACKERS) if num_attackers is None: return False value = self.generate_random_mac_address(num_attackers) elif param == self.IP_DESTINATION: value = self.statistics.get_random_ip_address() elif param == self.MAC_DESTINATION: ip_dst = self.get_param_value(self.IP_DESTINATION) if ip_dst is None: return False value = self.get_mac_address(ip_dst) elif param == self.PACKETS_PER_SECOND: value = self.statistics.get_most_used_pps() elif param == self.INJECT_AFTER_PACKET: value = rnd.randint(0, self.statistics.get_packet_count()) elif param == self.ATTACK_DURATION: value = 30 if value is None: return False return self.add_param_value(param, value)
def init_param(self, param: str) -> bool: """ Initialize a parameter with its default values specified in this attack. :param param: parameter, which should be initialized :return: True if initialization was successful, False if not """ value = None if param == self.IP_DESTINATION: # The most used IP class in background traffic most_used_ip_class = Util.handle_most_used_outputs( self.statistics.get_most_used_ip_class()) value = self.generate_random_ipv4_address(most_used_ip_class) elif param == self.MAC_DESTINATION: value = self.generate_random_mac_address() elif param == self.IP_SOURCE: ip_dst = self.get_param_value(self.IP_DESTINATION) if not ip_dst: return False value = self.statistics.get_random_ip_address(ips=[ip_dst]) elif param == self.MAC_SOURCE: ip_src = self.get_param_value(self.IP_SOURCE) if not ip_src: return False value = self.get_mac_address(ip_src) elif param == self.PACKETS_PER_SECOND: value = self.statistics.get_most_used_pps() elif param == self.INJECT_AFTER_PACKET: value = rnd.randint(0, self.statistics.get_packet_count()) elif param == self.IP_SOURCE_RANDOMIZE: value = 'False' elif param == self.CUSTOM_PAYLOAD: value = "" elif param == self.CUSTOM_PAYLOAD_FILE: value = "" if value is None: return False return self.add_param_value(param, value)
def get_remaining_bandwidth(self, timestamp: int = 0, ip_src: str = "", ip_dst: str = ""): """ This function calculates the remaining bandwidth based on the maximum bandwidth available and the kbytes already sent inside the interval corresponding to the timestamp given. !!! custom_max_bandwidth is mutually exclusive to custom_bandwidth_local and/or custom_bandwidth_public :param timestamp: the timestamp of the current packet :param ip_src: the source IP :param ip_dst: the destination IP :return: the remaining bandwidth in kbyte/s """ mode = Util.get_network_mode(ip_src, ip_dst) if self.custom_max_bandwidth != 0: bandwidth = self.custom_max_bandwidth else: bandwidth = self.statistics.get_kbyte_rate( mode, self.custom_bandwidth_local, self.custom_bandwidth_public) remaining_bandwidth = bandwidth current_table = self.statistics.stats_db.get_current_interval_statistics_table( ) kbytes_sent, interval = self.statistics.get_interval_stat( table_name=current_table, field="kbytes", timestamp=timestamp) if not kbytes_sent: kbytes_sent = 0 kbytes_sent = kbytes_sent duration = self.statistics.get_current_interval_len() used_bandwidth = float((kbytes_sent * 1000) / duration) remaining_bandwidth -= used_bandwidth return remaining_bandwidth, interval
def test_generate_source_port_from_platform_oldwin_nextport(self): self.assertEqual( Utility.generate_source_port_from_platform("winxp", 2000), 2001)
h = os.getcwd() inputDir = h + '/Data/' # Check the list of files available inputfiles = os.listdir(inputDir) # eg : file = 'sample.csv' # Load Data Set for file in inputfiles : if not '.csv' in file: continue filename = file filename = filename.split('.')[0] file = inputDir + '/' + file dSet_df = pd.DataFrame() dSet_df = ut.loadData(file) st.backtest(dSet_df,lag,filename)
def test_get_interval_pps_below_max(self): cipps = [(5, 1), (10, 2), (15, 3)] self.assertEqual(Utility.get_interval_pps(cipps, 3), 1) self.assertEqual(Utility.get_interval_pps(cipps, 7), 2) self.assertEqual(Utility.get_interval_pps(cipps, 12), 3)
def generate_attack_packets(self): """ Creates the attack packets. """ # Timestamp timestamp_next_pkt = self.get_param_value(self.INJECT_AT_TIMESTAMP) pps = self.get_param_value(self.PACKETS_PER_SECOND) # calculate complement packet rates of BG traffic per interval complement_interval_pps = self.statistics.calculate_complement_packet_rates( pps) # Initialize parameters mac_source = self.get_param_value(self.MAC_SOURCE) ip_source = self.get_param_value(self.IP_SOURCE) # FIXME: why is port_source never used? port_source = self.get_param_value(self.PORT_SOURCE) mac_destination = self.get_param_value(self.MAC_DESTINATION) ip_destination = self.get_param_value(self.IP_DESTINATION) port_destination = self.get_param_value(self.PORT_DESTINATION) # Check ip.src == ip.dst self.ip_src_dst_catch_equal(ip_source, ip_destination) # Set TTL based on TTL distribution of IP address source_ttl_dist = self.statistics.get_ttl_distribution(ip_source) if len(source_ttl_dist) > 0: source_ttl_prob_dict = lea.Lea.fromValFreqsDict(source_ttl_dist) source_ttl_value = source_ttl_prob_dict.random() else: source_ttl_value = Util.handle_most_used_outputs( self.statistics.get_most_used_ttl_value()) destination_ttl_dist = self.statistics.get_ttl_distribution( ip_destination) if len(destination_ttl_dist) > 0: destination_ttl_prob_dict = lea.Lea.fromValFreqsDict( destination_ttl_dist) destination_ttl_value = destination_ttl_prob_dict.random() else: destination_ttl_value = Util.handle_most_used_outputs( self.statistics.get_most_used_ttl_value()) # Set Window Size based on Window Size distribution of IP address source_win_dist = self.statistics.get_win_distribution(ip_source) if len(source_win_dist) > 0: source_win_prob_dict = lea.Lea.fromValFreqsDict(source_win_dist) else: source_win_dist = self.statistics.get_win_distribution( self.statistics.get_most_used_ip_address()) source_win_prob_dict = lea.Lea.fromValFreqsDict(source_win_dist) destination_win_dist = self.statistics.get_win_distribution( ip_destination) if len(destination_win_dist) > 0: destination_win_prob_dict = lea.Lea.fromValFreqsDict( destination_win_dist) else: destination_win_dist = self.statistics.get_win_distribution( self.statistics.get_most_used_ip_address()) destination_win_prob_dict = lea.Lea.fromValFreqsDict( destination_win_dist) # Set MSS (Maximum Segment Size) based on MSS distribution of IP address mss_value = Util.handle_most_used_outputs( self.statistics.get_most_used_mss_value()) if not mss_value: mss_value = 1465 # Inject EternalBlue exploit packets # Read Win7_eternalblue_exploit pcap file source_origin_wins, destination_origin_wins = {}, {} exploit_raw_packets = scapy.utils.RawPcapReader( self.template_attack_pcap_path) port_source = rnd.randint( self.minDefaultPort, self.maxDefaultPort) # experiments show this range of ports # conversations = {(ip.src, ip.dst, port.src, port.dst): packets} conversations, order_list_conversations = self.packets_to_convs( exploit_raw_packets) exploit_raw_packets.close() conv_start_timesamp = timestamp_next_pkt for conv_index, conv in enumerate(order_list_conversations): # the distance between the starts of the converstaions conv_start_timesamp = conv_start_timesamp + rnd.uniform( 0.001, 0.01) timestamp_next_pkt = conv_start_timesamp conv_pkts = conversations[conv] inter_arrival_times = self.get_inter_arrival_time(conv_pkts) if conv_index == len( order_list_conversations) - 2: # Not the last conversation timestamp_next_pkt = self.packets[-1].time + rnd.uniform( 0.001, 0.01) if conv_index != len( order_list_conversations) - 1: # Not the last conversation port_source += 2 for self.pkt_num, pkt in enumerate(conv_pkts): eth_frame = inet.Ether(pkt[0]) ip_pkt = eth_frame.payload tcp_pkt = ip_pkt.payload if self.pkt_num == 0: if tcp_pkt.getfieldval("dport") == SMBLib.smb_port: orig_ip_dst = ip_pkt.getfieldval("dst") # Request if ip_pkt.getfieldval("dst") == orig_ip_dst: # victim IP # Ether eth_frame.setfieldval("src", mac_source) eth_frame.setfieldval("dst", mac_destination) # IP ip_pkt.setfieldval("src", ip_source) ip_pkt.setfieldval("dst", ip_destination) ip_pkt.setfieldval("ttl", source_ttl_value) # TCP tcp_pkt.setfieldval("sport", port_source) tcp_pkt.setfieldval("dport", port_destination) # Window Size source_origin_win = tcp_pkt.getfieldval("window") if source_origin_win not in source_origin_wins: source_origin_wins[ source_origin_win] = source_win_prob_dict.random( ) new_win = source_origin_wins[source_origin_win] tcp_pkt.setfieldval("window", new_win) # MSS tcp_options = tcp_pkt.getfieldval("options") if tcp_options: if tcp_options[0][0] == "MSS": tcp_options[0] = ("MSS", mss_value) tcp_pkt.setfieldval("options", tcp_options) new_pkt = (eth_frame / ip_pkt / tcp_pkt) new_pkt.time = timestamp_next_pkt pps = max( Util.get_interval_pps(complement_interval_pps, timestamp_next_pkt), 10) timestamp_next_pkt = self.timestamp_controller.next_timestamp( ) + inter_arrival_times[ self.pkt_num] # float(timeSteps.random()) # Reply else: # Ether eth_frame.setfieldval("src", mac_destination) eth_frame.setfieldval("dst", mac_source) # IP ip_pkt.setfieldval("src", ip_destination) ip_pkt.setfieldval("dst", ip_source) ip_pkt.setfieldval("ttl", destination_ttl_value) # TCP tcp_pkt.setfieldval("dport", port_source) tcp_pkt.setfieldval("sport", port_destination) # Window Size destination_origin_win = tcp_pkt.getfieldval("window") if destination_origin_win not in destination_origin_wins: destination_origin_wins[ destination_origin_win] = destination_win_prob_dict.random( ) new_win = destination_origin_wins[ destination_origin_win] tcp_pkt.setfieldval("window", new_win) # MSS tcp_options = tcp_pkt.getfieldval("options") if tcp_options: if tcp_options[0][0] == "MSS": tcp_options[0] = ("MSS", mss_value) tcp_pkt.setfieldval("options", tcp_options) new_pkt = (eth_frame / ip_pkt / tcp_pkt) pps = max( Util.get_interval_pps(complement_interval_pps, timestamp_next_pkt), 10) timestamp_next_pkt = self.timestamp_controller.next_timestamp( ) + inter_arrival_times[ self.pkt_num] # float(timeSteps.random()) new_pkt.time = timestamp_next_pkt self.add_packet(new_pkt, ip_source, ip_destination) else: # Last conversation where the victim start a connection with the attacker timestamp_next_pkt = self.packets[-1].time + rnd.uniform( 0.001, 0.01) port_source = rnd.randint(self.minDefaultPort, self.maxDefaultPort) for self.pkt_num, pkt in enumerate(conv_pkts): eth_frame = inet.Ether(pkt[0]) ip_pkt = eth_frame.payload tcp_pkt = ip_pkt.payload # Request if tcp_pkt.getfieldval("dport") == self.last_conn_dst_port: # Ether eth_frame.setfieldval("src", mac_destination) eth_frame.setfieldval("dst", mac_source) # IP ip_pkt.setfieldval("src", ip_destination) ip_pkt.setfieldval("dst", ip_source) ip_pkt.setfieldval("ttl", destination_ttl_value) # TCP tcp_pkt.setfieldval("sport", port_source) # destination port is fixed 4444 # Window Size destination_origin_win = tcp_pkt.getfieldval("window") if destination_origin_win not in destination_origin_wins: destination_origin_wins[ destination_origin_win] = destination_win_prob_dict.random( ) new_win = destination_origin_wins[ destination_origin_win] tcp_pkt.setfieldval("window", new_win) # MSS tcp_options = tcp_pkt.getfieldval("options") if tcp_options: if tcp_options[0][0] == "MSS": tcp_options[0] = ("MSS", mss_value) tcp_pkt.setfieldval("options", tcp_options) new_pkt = (eth_frame / ip_pkt / tcp_pkt) new_pkt.time = timestamp_next_pkt pps = max( Util.get_interval_pps(complement_interval_pps, timestamp_next_pkt), 10) timestamp_next_pkt = self.timestamp_controller.next_timestamp( ) + inter_arrival_times[ self.pkt_num] # float(timeSteps.random()) # Reply else: # Ether eth_frame.setfieldval("src", mac_source) eth_frame.setfieldval("dst", mac_destination) # IP ip_pkt.setfieldval("src", ip_source) ip_pkt.setfieldval("dst", ip_destination) ip_pkt.setfieldval("ttl", source_ttl_value) # TCP tcp_pkt.setfieldval("dport", port_source) # source port is fixed 4444 # Window Size source_origin_win = tcp_pkt.getfieldval("window") if source_origin_win not in source_origin_wins: source_origin_wins[ source_origin_win] = source_win_prob_dict.random( ) new_win = source_origin_wins[source_origin_win] tcp_pkt.setfieldval("window", new_win) # MSS tcp_options = tcp_pkt.getfieldval("options") if tcp_options: if tcp_options[0][0] == "MSS": tcp_options[0] = ("MSS", mss_value) tcp_pkt.setfieldval("options", tcp_options) new_pkt = (eth_frame / ip_pkt / tcp_pkt) pps = max( Util.get_interval_pps(complement_interval_pps, timestamp_next_pkt), 10) timestamp_next_pkt = self.timestamp_controller.next_timestamp( ) + inter_arrival_times[ self.pkt_num] # float(timeSteps.random()) new_pkt.time = timestamp_next_pkt self.add_packet(new_pkt, ip_source, ip_destination)
if __name__ == '__main__': start = datetime(2013, 1, 2, 0, 0, 0, 0, pytz.utc) end = datetime(2013, 11, 14, 0, 0, 0, 0, pytz.utc) # Path for files h = os.getcwd() inputDir = h + '/Data/' KLSETickerfile = 'KLSETickers.txt' filename = 'Chen_KLCI_Main' filepath = inputDir + KLSETickerfile tickers = ut.readfile(filepath) filepath = inputDir + filename + '.csv' ohlc = pd.read_csv(filepath, parse_dates=True, index_col=0) #ohlc=ohlc.tz_localize('UTC') data = pd.DataFrame(index=ohlc.index) for ticker in tickers: data[ticker] = pd.DataFrame(ohlc[ticker]) ticker = ticker.replace('_Close', "") if ticker == 'KLCI': data[ticker + '_PerChange'] = ohlc[ticker + '_Close'] / ohlc[ ticker + '_Close'].shift(1) - 1 data[ticker + '_PerChange'] = data[ticker + '_PerChange'].shift(1) else:
def generate_attack_packets(self): """ Creates the attack packets. """ # Timestamp timestamp_next_pkt = self.get_param_value(self.INJECT_AT_TIMESTAMP) # Initialize parameters mac_source = self.get_param_value(self.MAC_SOURCE) ip_source = self.get_param_value(self.IP_SOURCE) port_source = self.get_param_value(self.PORT_SOURCE) mac_destination = self.get_param_value(self.MAC_DESTINATION) ip_destination = self.get_param_value(self.IP_DESTINATION) port_destination = self.get_param_value(self.PORT_DESTINATION) # Check ip.src == ip.dst self.ip_src_dst_catch_equal(ip_source, ip_destination) # Set TTL based on TTL distribution of IP address source_ttl_dist = self.statistics.get_ttl_distribution(ip_source) if len(source_ttl_dist) > 0: source_ttl_prob_dict = lea.Lea.fromValFreqsDict(source_ttl_dist) source_ttl_value = source_ttl_prob_dict.random() else: source_ttl_value = Util.handle_most_used_outputs( self.statistics.get_most_used_ttl_value()) destination_ttl_dist = self.statistics.get_ttl_distribution( ip_destination) if len(destination_ttl_dist) > 0: destination_ttl_prob_dict = lea.Lea.fromValFreqsDict( destination_ttl_dist) destination_ttl_value = destination_ttl_prob_dict.random() else: destination_ttl_value = Util.handle_most_used_outputs( self.statistics.get_most_used_ttl_value()) # Set Window Size based on Window Size distribution of IP address source_win_dist = self.statistics.get_win_distribution(ip_source) if len(source_win_dist) > 0: source_win_prob_dict = lea.Lea.fromValFreqsDict(source_win_dist) else: source_win_dist = self.statistics.get_win_distribution( self.statistics.get_most_used_ip_address()) source_win_prob_dict = lea.Lea.fromValFreqsDict(source_win_dist) destination_win_dist = self.statistics.get_win_distribution( ip_destination) if len(destination_win_dist) > 0: destination_win_prob_dict = lea.Lea.fromValFreqsDict( destination_win_dist) else: destination_win_dist = self.statistics.get_win_distribution( self.statistics.get_most_used_ip_address()) destination_win_prob_dict = lea.Lea.fromValFreqsDict( destination_win_dist) # Set MSS (Maximum Segment Size) based on MSS distribution of IP address mss_value = Util.handle_most_used_outputs( self.statistics.get_most_used_mss_value()) if not mss_value: mss_value = 1465 # Scan (MS17) # Read Win7_eternalblue_scan pcap file orig_ip_dst = None exploit_raw_packets = scapy.utils.RawPcapReader( self.template_scan_pcap_path) inter_arrival_times = self.get_inter_arrival_time(exploit_raw_packets) exploit_raw_packets.close() exploit_raw_packets = scapy.utils.RawPcapReader( self.template_scan_pcap_path) source_origin_wins, destination_origin_wins = {}, {} for self.pkt_num, pkt in enumerate(exploit_raw_packets): eth_frame = inet.Ether(pkt[0]) ip_pkt = eth_frame.payload tcp_pkt = ip_pkt.payload if self.pkt_num == 0: if tcp_pkt.getfieldval("dport") == SMBLib.smb_port: orig_ip_dst = ip_pkt.getfieldval("dst") # victim IP # Request if ip_pkt.getfieldval("dst") == orig_ip_dst: # victim IP # Ether eth_frame.setfieldval("src", mac_source) eth_frame.setfieldval("dst", mac_destination) # IP ip_pkt.setfieldval("src", ip_source) ip_pkt.setfieldval("dst", ip_destination) ip_pkt.setfieldval("ttl", source_ttl_value) # TCP tcp_pkt.setfieldval("sport", port_source) tcp_pkt.setfieldval("dport", port_destination) # Window Size (mapping) source_origin_win = tcp_pkt.getfieldval("window") if source_origin_win not in source_origin_wins: source_origin_wins[ source_origin_win] = source_win_prob_dict.random() new_win = source_origin_wins[source_origin_win] tcp_pkt.setfieldval("window", new_win) # MSS tcp_options = tcp_pkt.getfieldval("options") if tcp_options: if tcp_options[0][0] == "MSS": tcp_options[0] = ("MSS", mss_value) tcp_pkt.setfieldval("options", tcp_options) new_pkt = (eth_frame / ip_pkt / tcp_pkt) new_pkt.time = timestamp_next_pkt # FIXME: double check inter_arrival_times calculation timestamp_next_pkt = self.timestamp_controller.next_timestamp( ) + inter_arrival_times[ self.pkt_num] # float(timeSteps.random()) # Reply else: # Ether eth_frame.setfieldval("src", mac_destination) eth_frame.setfieldval("dst", mac_source) # IP ip_pkt.setfieldval("src", ip_destination) ip_pkt.setfieldval("dst", ip_source) ip_pkt.setfieldval("ttl", destination_ttl_value) # TCP tcp_pkt.setfieldval("dport", port_source) tcp_pkt.setfieldval("sport", port_destination) # Window Size destination_origin_win = tcp_pkt.getfieldval("window") if destination_origin_win not in destination_origin_wins: destination_origin_wins[ destination_origin_win] = destination_win_prob_dict.random( ) new_win = destination_origin_wins[destination_origin_win] tcp_pkt.setfieldval("window", new_win) # MSS tcp_options = tcp_pkt.getfieldval("options") if tcp_options: if tcp_options[0][0] == "MSS": tcp_options[0] = ("MSS", mss_value) tcp_pkt.setfieldval("options", tcp_options) new_pkt = (eth_frame / ip_pkt / tcp_pkt) # FIXME: double check inter_arrival_times calculation timestamp_next_pkt = self.timestamp_controller.next_timestamp( ) + inter_arrival_times[ self.pkt_num] # + float(timeSteps.random()) new_pkt.time = timestamp_next_pkt self.add_packet(new_pkt, ip_source, ip_destination) exploit_raw_packets.close()
def test_generate_source_port_from_platform_oldwin_maxport(self): self.assertTrue(1024 <= Utility.generate_source_port_from_platform( "winxp", 5000) <= 5000)
def test_generate_source_port_from_platform_linux(self): self.assertTrue(32768 <= Utility.generate_source_port_from_platform( "linux") <= 61000)
def test_generate_source_port_from_platform_newwinmac_firstport(self): self.assertTrue(49152 <= Utility.generate_source_port_from_platform( "win7") <= 65535)
def process_attack(self, attack: str, params: str, time=False): """ Takes as input the name of an attack (classname) and the attack parameters as string. Parses the string of attack parameters, creates the attack by writing the attack packets and returns the path of the written pcap. :param attack: The classname of the attack to inject. :param params: The parameters for attack customization, see attack class for supported params. :param time: Measure packet generation time or not. :return: The file path to the created pcap file. """ attack = self.choose_attack(attack) self.create_attack(attack, self.seed) print("Validating and adding attack parameters.") # Add attack parameters if provided params_dict = [] if isinstance(params, list) and params: # Convert attack param list into dictionary for entry in params: if entry.count('=') != 1: print( 'ERROR: Incorrect attack parameter syntax (\'{}\'). Ignoring.' .format(entry)) continue params_dict.append(entry.split('=')) params_dict = dict(params_dict) # Check if Parameter.INJECT_AT_TIMESTAMP and Parameter.INJECT_AFTER_PACKET are provided at the same time # if TRUE: delete Parameter.INJECT_AT_TIMESTAMP (lower priority) and use Parameter.INJECT_AFTER_PACKET if (self.current_attack.INJECT_AFTER_PACKET in params_dict) and ( self.current_attack.INJECT_AT_TIMESTAMP in params_dict): print("CONFLICT: Parameters", attack.INJECT_AT_TIMESTAMP, "and", self.current_attack.INJECT_AFTER_PACKET, "given at the same time. Ignoring", self.current_attack.INJECT_AT_TIMESTAMP, "and using", self.current_attack.INJECT_AFTER_PACKET, "instead to derive the timestamp.") del params_dict[self.current_attack.INJECT_AT_TIMESTAMP] # Extract attack_note parameter, if not provided returns an empty string key_attack_note = "attack.note" attack_note = params_dict.get(key_attack_note, "") params_dict.pop( key_attack_note, None ) # delete entry if found, otherwise return an empty string # Pass paramters to attack controller self.set_params(params_dict) else: attack_note = "This attack used only default parameters." self.current_attack.init_mutual_params() self.current_attack.init_params() self.current_attack.init_objects() print("Generating attack packets...", end=" ") sys.stdout.flush() # force python to print text immediately if time: self.current_attack.set_start_time() # Generate attack packets self.current_attack.generate_attack_packets() if time: self.current_attack.set_finish_time() duration = self.current_attack.get_packet_generation_time() # Write attack into pcap file attack_result = self.current_attack.generate_attack_pcap() self.total_packets = attack_result[0] temp_attack_pcap_path = attack_result[1] if len(attack_result) == 3: # Extract the list of additional files, if available self.additional_files += attack_result[2] print("done. (total: " + str(self.total_packets) + " pkts", end="") if time: print(" in ", duration, " seconds", end="") print(".)") # Warning if attack duration gets exceeded by more than 1 second if self.current_attack.ATTACK_DURATION in [x.name for x in self.current_attack.params] and \ self.current_attack.get_param_value(self.current_attack.ATTACK_DURATION) != 0: attack_duration = self.current_attack.get_param_value( self.current_attack.ATTACK_DURATION) packet_duration = abs(self.current_attack.attack_end_utime - self.current_attack.attack_start_utime) time_diff = abs(attack_duration - packet_duration) if self.current_attack.exceeding_packets > 0 and time_diff > 1: exceeding_packets = "" if self.current_attack.exceeding_packets: exceeding_packets = " ({} attack pkts)".format( self.current_attack.exceeding_packets) print( "Warning: attack duration was exceeded by {0} seconds{1}.". format(time_diff, exceeding_packets)) elif time_diff > 1: print( "Warning: attack duration was not reached by generated pkts by {} seconds." .format(time_diff)) # Warning if pcap length gets exceeded pcap_end = Util.get_timestamp_from_datetime_str( self.statistics.get_pcap_timestamp_end()) time_diff = pcap_end - self.current_attack.attack_end_utime if time_diff < 0: print("Warning: end of pcap exceeded by " + str(round(abs(time_diff), 2)) + " seconds.") # Store label into LabelManager label = Label.Label(attack, self.get_attack_start_utime(), self.get_attack_end_utime(), self.total_packets, self.seed, self.current_attack.params, attack_note) self.label_mgr.add_labels(label) return temp_attack_pcap_path, duration
def generate_attack_packets(self): """ Creates the attack packets. """ pps = self.get_param_value(self.PACKETS_PER_SECOND) # Timestamp first_timestamp = self.get_param_value(self.INJECT_AT_TIMESTAMP) # store start time of attack self.attack_start_utime = first_timestamp # Initialize parameters ip_destination = self.get_param_value(self.IP_DESTINATION) mac_destination = self.get_param_value(self.MAC_DESTINATION) # Determine source IP and MAC address num_attackers = self.get_param_value(self.NUMBER_ATTACKERS) # user supplied self.NUMBER_ATTACKERS if (num_attackers != None) and (num_attackers != 0): # The most used IP class in background traffic most_used_ip_class = Util.handle_most_used_outputs( self.statistics.get_most_used_ip_class()) # Create random attackers based on user input self.NUMBER_ATTACKERS ip_source = self.generate_random_ipv4_address( most_used_ip_class, num_attackers) mac_source = self.generate_random_mac_address(num_attackers) else: # user did not supply self.NUMBER_ATTACKS # use default values for IP_SOURCE/MAC_SOURCE or overwritten values # if user supplied any values for those params ip_source = self.get_param_value(self.IP_SOURCE) mac_source = self.get_param_value(self.MAC_SOURCE) ip_source_list = [] mac_source_list = [] if isinstance(ip_source, list): ip_source_list = ip_source else: ip_source_list.append(ip_source) if isinstance(mac_source, list): mac_source_list = mac_source else: mac_source_list.append(mac_source) if (num_attackers == None) or (num_attackers == 0): num_attackers = min(len(ip_source_list), len(mac_source_list)) # Check ip.src == ip.dst self.ip_src_dst_catch_equal(ip_source_list, ip_destination) # Get MSS, TTL and Window size value for destination IP destination_mss_value, destination_ttl_value, destination_win_value = self.get_ip_data( ip_destination) attack_duration = self.get_param_value(self.ATTACK_DURATION) attack_ends_time = first_timestamp + attack_duration victim_pps = pps * num_attackers self.timestamp_controller.set_pps(victim_pps) for attacker in range(num_attackers): # Get MSS, TTL and Window size value for source IP(attacker) source_mss_value, source_ttl_value, source_win_value = self.get_ip_data( ip_source_list[attacker]) attacker_seq = rnd.randint(1000, 50000) victim_seq = rnd.randint(1000, 50000) sport = 1025 min_delay, max_delay = self.get_reply_latency( ip_source_list[attacker], ip_destination) # Timestamps of first self.packets shouldn't be exactly the same to look more realistic timestamp_next_pkt = rnd.uniform( first_timestamp, self.timestamp_controller.next_timestamp()) while timestamp_next_pkt <= attack_ends_time: # Establish TCP connection if sport > 65535: sport = 1025 # prepare reusable Ethernet- and IP-headers attacker_ether = inet.Ether(src=mac_source_list[attacker], dst=mac_destination) attacker_ip = inet.IP(src=ip_source_list[attacker], dst=ip_destination, ttl=source_ttl_value, flags='DF') victim_ether = inet.Ether(src=mac_destination, dst=mac_source_list[attacker]) victim_ip = inet.IP(src=ip_destination, dst=ip_source_list[attacker], ttl=destination_ttl_value, flags='DF') # connection request from attacker (client) syn_tcp = inet.TCP(sport=sport, dport=SMBLib.smb_port, window=source_win_value, flags='S', seq=attacker_seq, options=[('MSS', source_mss_value)]) attacker_seq += 1 syn = (attacker_ether / attacker_ip / syn_tcp) syn.time = timestamp_next_pkt timestamp_next_pkt = self.timestamp_controller.next_timestamp( min_delay) self.add_packet(syn, ip_source_list[attacker], ip_destination) # response from victim (server) synack_tcp = inet.TCP(sport=SMBLib.smb_port, dport=sport, seq=victim_seq, ack=attacker_seq, flags='SA', window=destination_win_value, options=[('MSS', destination_mss_value)]) victim_seq += 1 synack = (victim_ether / victim_ip / synack_tcp) synack.time = timestamp_next_pkt self.timestamp_controller.set_pps(pps) timestamp_next_pkt = self.timestamp_controller.next_timestamp( min_delay) self.add_packet(synack, ip_source_list[attacker], ip_destination) # acknowledgement from attacker (client) ack_tcp = inet.TCP(sport=sport, dport=SMBLib.smb_port, seq=attacker_seq, ack=victim_seq, flags='A', window=source_win_value, options=[('MSS', source_mss_value)]) ack = (attacker_ether / attacker_ip / ack_tcp) ack.time = timestamp_next_pkt timestamp_next_pkt = self.timestamp_controller.next_timestamp() self.add_packet(ack, ip_source_list[attacker], ip_destination) # send NBT session header packet with maximum LENGTH-field req_tcp = inet.TCP(sport=sport, dport=SMBLib.smb_port, seq=attacker_seq, ack=victim_seq, flags='AP', window=source_win_value, options=[('MSS', source_mss_value)]) req_payload = NBTSession(TYPE=0x00, LENGTH=0x1FFFF) attacker_seq += len(req_payload) req = (attacker_ether / attacker_ip / req_tcp / req_payload) req.time = timestamp_next_pkt self.timestamp_controller.set_pps(victim_pps) timestamp_next_pkt = self.timestamp_controller.next_timestamp( min_delay) self.add_packet(req, ip_source_list[attacker], ip_destination) # final ack from victim (server) last_ack_tcp = inet.TCP(sport=SMBLib.smb_port, dport=sport, seq=victim_seq, ack=attacker_seq, flags='A', window=destination_win_value, options=[('MSS', destination_mss_value) ]) last_ack = (victim_ether / victim_ip / last_ack_tcp) last_ack.time = timestamp_next_pkt self.timestamp_controller.set_pps(pps) timestamp_next_pkt = self.timestamp_controller.next_timestamp( min_delay) self.add_packet(last_ack, ip_source_list[attacker], ip_destination) sport += 1
def generate_attack_packets(self): """ Creates the attack packets. """ # Timestamp timestamp_next_pkt = self.get_param_value(self.INJECT_AT_TIMESTAMP) # Initialize parameters mac_source = self.get_param_value(self.MAC_SOURCE) ip_source = self.get_param_value(self.IP_SOURCE) if isinstance(ip_source, list): ip_source = ip_source[0] mac_destination = self.get_param_value(self.MAC_DESTINATION) ip_destination = self.get_param_value(self.IP_DESTINATION) if isinstance(ip_destination, list): ip_destination = ip_destination[0] port_destination = self.get_param_value(self.PORT_DESTINATION) target_host = self.get_param_value(self.TARGET_HOST) target_uri = "/" # self.get_param_value(self.TARGET_URI) # Check ip.src == ip.dst self.ip_src_dst_catch_equal(ip_source, ip_destination) # Set TTL based on TTL distribution of IP address source_ttl_dist = self.statistics.get_ttl_distribution(ip_source) if len(source_ttl_dist) > 0: source_ttl_prob_dict = lea.Lea.fromValFreqsDict(source_ttl_dist) source_ttl_value = source_ttl_prob_dict.random() else: source_ttl_value = Util.handle_most_used_outputs(self.statistics.get_most_used_ttl_value()) destination_ttl_dist = self.statistics.get_ttl_distribution(ip_destination) if len(destination_ttl_dist) > 0: destination_ttl_prob_dict = lea.Lea.fromValFreqsDict(destination_ttl_dist) destination_ttl_value = destination_ttl_prob_dict.random() else: destination_ttl_value = Util.handle_most_used_outputs( self.statistics.get_most_used_ttl_value()) # Inject SQLi Attack # Read SQLi Attack pcap file orig_ip_dst = None exploit_raw_packets = scapy.utils.RawPcapReader(self.template_attack_pcap_path) inter_arrival_times, inter_arrival_time_dist = self.get_inter_arrival_time(exploit_raw_packets, True) time_steps = lea.Lea.fromValFreqsDict(inter_arrival_time_dist) exploit_raw_packets.close() exploit_raw_packets = scapy.utils.RawPcapReader(self.template_attack_pcap_path) port_source = rnd.randint(self.minDefaultPort, self.maxDefaultPort) # experiments show this range of ports # Random TCP sequence numbers global attacker_seq attacker_seq = rnd.randint(1000, 50000) global victim_seq victim_seq = rnd.randint(1000, 50000) for self.pkt_num, pkt in enumerate(exploit_raw_packets): eth_frame = inet.Ether(pkt[0]) ip_pkt = eth_frame.payload tcp_pkt = ip_pkt.payload str_tcp_seg = str(tcp_pkt.payload) # Clean payloads eth_frame.payload = inet.NoPayload() ip_pkt.payload = inet.NoPayload() tcp_pkt.payload = inet.NoPayload() # FIXME: no getfieldval in class bytes if self.pkt_num == 0: prev_orig_port_source = tcp_pkt.getfieldval("sport") orig_ip_dst = ip_pkt.getfieldval("dst") # victim IP # Last connection if tcp_pkt.getfieldval("dport") != 80 and tcp_pkt.getfieldval("sport") != 80: # New connection, new random TCP sequence numbers attacker_seq = rnd.randint(1000, 50000) victim_seq = rnd.randint(1000, 50000) # First packet in a connection has ACK = 0 tcp_pkt.setfieldval("ack", 0) # Attacker --> vicitm if ip_pkt.getfieldval("dst") == orig_ip_dst: # victim IP # There are 363 TCP connections with different source ports, for each of them we generate random port if tcp_pkt.getfieldval("sport") != prev_orig_port_source and tcp_pkt.getfieldval("dport") != 4444 \ and (tcp_pkt.getfieldval("dport") == 80 or tcp_pkt.getfieldval("sport") == 80): port_source = rnd.randint(self.minDefaultPort, self.maxDefaultPort) prev_orig_port_source = tcp_pkt.getfieldval("sport") # New connection, new random TCP sequence numbers attacker_seq = rnd.randint(1000, 50000) victim_seq = rnd.randint(1000, 50000) # First packet in a connection has ACK = 0 tcp_pkt.setfieldval("ack", 0) # Ether eth_frame.setfieldval("src", mac_source) eth_frame.setfieldval("dst", mac_destination) # IP ip_pkt.setfieldval("src", ip_source) ip_pkt.setfieldval("dst", ip_destination) ip_pkt.setfieldval("ttl", source_ttl_value) # TCP # Regular connection if tcp_pkt.getfieldval("dport") == 80 or tcp_pkt.getfieldval("sport") == 80: tcp_pkt.setfieldval("sport", port_source) tcp_pkt.setfieldval("dport", port_destination) str_tcp_seg = self.modify_http_header(str_tcp_seg, '/ATutor', target_uri, orig_ip_dst, target_host) # TCP Seq, Ack if tcp_pkt.getfieldval("ack") != 0: tcp_pkt.setfieldval("ack", victim_seq) tcp_pkt.setfieldval("seq", attacker_seq) if not (tcp_pkt.getfieldval("flags") == 16 and len(str_tcp_seg) == 0): # flags=A: attacker_seq += max(len(str_tcp_seg), 1) new_pkt = (eth_frame / ip_pkt / tcp_pkt / str_tcp_seg) new_pkt.time = timestamp_next_pkt timestamp_next_pkt = self.timestamp_controller.next_timestamp() + float(time_steps.random()) # Victim --> attacker else: # Ether eth_frame.setfieldval("src", mac_destination) eth_frame.setfieldval("dst", mac_source) # IP ip_pkt.setfieldval("src", ip_destination) ip_pkt.setfieldval("dst", ip_source) ip_pkt.setfieldval("ttl", destination_ttl_value) # TCP # Regular connection if tcp_pkt.getfieldval("dport") == 80 or tcp_pkt.getfieldval("sport") == 80: tcp_pkt.setfieldval("dport", port_source) tcp_pkt.setfieldval("sport", port_destination) str_tcp_seg = self.modify_http_header(str_tcp_seg, '/ATutor', target_uri, orig_ip_dst, target_host) # TCP Seq, ACK tcp_pkt.setfieldval("ack", attacker_seq) tcp_pkt.setfieldval("seq", victim_seq) strLen = len(str_tcp_seg) if not (tcp_pkt.getfieldval("flags") == 16 and strLen == 0): # flags=A: victim_seq += max(strLen, 1) new_pkt = (eth_frame / ip_pkt / tcp_pkt / str_tcp_seg) timestamp_next_pkt = self.timestamp_controller.next_timestamp() + float(time_steps.random()) new_pkt.time = timestamp_next_pkt self.add_packet(new_pkt, ip_source, ip_destination) exploit_raw_packets.close()
print "Initialising BackTest 0.1. Please enjoy a drink while I crunch the numbers" lag = 2 #inputDir = os.path.dirname(__file__) + '/Forex Input' h = os.getcwd() inputDir = h + '/Data/' # Check the list of files available inputfiles = os.listdir(inputDir) # eg : file = 'sample.csv' # Load Data Set for file in inputfiles: if not '.csv' in file: continue filename = file filename = filename.split('.')[0] file = inputDir + '/' + file dSet_df = pd.DataFrame() dSet_df = ut.loadData(file) st.backtest(dSet_df, lag, filename)
if __name__ == '__main__': start = datetime(2013, 1, 2, 0, 0, 0, 0, pytz.utc) end = datetime(2013, 11, 14, 0, 0, 0, 0, pytz.utc) # Path for files h = os.getcwd() inputDir = h + '/Data/' KLSETickerfile = 'KLSETickers.txt' filename = 'Chen_KLCI_Main' filepath = inputDir + KLSETickerfile tickers = ut.readfile(filepath) filepath = inputDir + filename + '.csv' ohlc = pd.read_csv(filepath,parse_dates=True,index_col=0) #ohlc=ohlc.tz_localize('UTC') data = pd.DataFrame(index=ohlc.index) for ticker in tickers: data[ticker]=pd.DataFrame(ohlc[ticker]) ticker = ticker.replace('_Close',"") if ticker == 'KLCI': data[ticker + '_PerChange'] = ohlc[ticker + '_Close']/ohlc[ticker + '_Close'].shift(1)-1 data[ticker + '_PerChange'] = data[ticker + '_PerChange'].shift(1)