def rest_conn_Ip(out_lck, proto, porta, nconn):
cmd = "iptables -A INPUT -p " + proto + " --syn --dport " + porta + " -m connlimit --connlimit-above " + nconn + " -j REJECT"
cmd1 = "iptables -A REJECT -j LOG --log-prefix " '[Drop_Packet]' " --log-level 4"
failed = os.system(cmd)
failed1 = os.system(cmd1)
if not (failed and failed1):
output(out_lck, "\nApplied rules:")
output(out_lck, cmd)
output(out_lck, cmd1)
else:
output(out_lck, "Rules not applied")
output(out_lck, "\n")
def corrupt(out_lck, dev, num, num2):
cmd = "tc qdisc add dev " + dev + " root netem corrupt " + num + "% duplicate " + num2 + "%"
failed = os.system(cmd)
if not (failed):
output(out_lck, "\nApplied rules:")
output(out_lck, cmd)
else:
output(out_lck, "Rules not applied")
output(out_lck, "\n")
def delay2(out_lck, dev, num, num2):
cmd = "tc qdisc add dev " + dev + " root netem delay " + num + "ms " + num2 + "ms 25%"
failed = os.system(cmd)
if not (failed):
output(out_lck, "\nApplied rules:")
output(out_lck, cmd)
else:
output(out_lck, "Rules not applied")
output(out_lck, "\n")
def duplicate(out_lck, dev, n):
cmd = "tc qdisc add dev " + dev + " root netem duplicate " + n + "%"
failed = os.system(cmd)
if not (failed):
output(out_lck, "\nApplied rules:")
output(out_lck, cmd)
else:
output(out_lck, "Rules not applied")
output(out_lck, "\n")
def set_MARK(out_lck, mark):
cmd = "iptables -t mangle -A POSTROUTING -j MARK --set-mark " + mark
failed = os.system(cmd)
if not failed:
output(out_lck, "\nApplied rules:")
output(out_lck, cmd)
else:
output(out_lck, "Rules not applied")
output(out_lck, "\n")
def reordering(out_lck, dev, probability, gap, delay):
cmd = "tc qdisc add dev " + dev + " root netem delay " + delay + "ms reorder " + probability + " gap " + gap
failed = os.system(cmd)
if not (failed):
output(out_lck, "\nApplied rules:")
output(out_lck, cmd)
else:
output(out_lck, "Rules not applied")
output(out_lck, "\n")
def lim_risp_ping(out_lck):
cmd = "iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 4/minute --limit-burst 3 -j ACCEPT"
#cmd1 = "iptables -A INPUT -p icmp -j DROP"
failed = os.system(cmd)
#failed2 = os.system(cmd1)
if not (failed):
output(out_lck, "\nApplied rules:")
output(out_lck, cmd)
#output(out_lck, cmd1)
else:
output(out_lck, "Rules not applied")
output(out_lck, "\n")
def connect(self):
#Socket TCP
if str(self.protocol) == "TCP":
for i in range(0, 10):
_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
try:
_socket.connect((self.host, self.port))
message = bytes(
self.my_ip +
": Sicurezza, Progettazione e Laboratorio Internet, number "
+ str(i),
encoding="utf8")
_socket.sendall(message)
except _socket.error as msg:
helpers.output(self.out_lck, str(msg))
_socket.close()
helpers.output(self.out_lck, "Done!")
#Socket Datagram
elif str(self.protocol) == "UDP":
for i in range(0, 10):
_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
try:
_socket.connect((self.host, self.port))
message = bytes(
self.my_ip +
": Sicurezza, Progettazione e Laboratorio Internet, number "
+ str(i),
encoding="utf8")
_socket.sendall(message)
helpers.output(self.out_lck, "%d" % i)
except _socket.error as msg:
helpers.output(self.out_lck, str(msg))
_socket.close()
else:
#errori
exit()
def port_forw(out_lck, proto, ip1, port, port2):
cmd = "iptables -t nat -A PREROUTING -p " + proto + " -d " + ip1 + " --dport " + str(
port) + " -j DNAT --to " + ip1 + ":" + str(port2)
cmd1 = "iptables -A DNAT -j LOG --log-prefix " '[Redirect_Packet]' " --log-level 4"
# in teoria non servono
#cmd1 = "iptables -A INPUT -i " + interf + " -p " + proto + " --dport " + port + " -m state --state NEW,ESTABLISHED -j ACCEPT"
#cmd2 = "iptables -A OUTPUT -o " + interf + " -p " + proto + " --sport " + port + " -m state --state ESTABLISHED -j ACCEPT"
failed = os.system(cmd)
failed1 = os.system(cmd1)
#failed1 = os.system(cmd1)
#failed2 = os.system(cmd2)
#if not (failed and failed1 and failed2):
if not (failed and failed1):
output(out_lck, "\nApplied rules:")
output(out_lck, cmd)
output(out_lck, cmd1)
#output(out_lck, cmd1)
#output(out_lck, cmd2)
else:
output(out_lck, "Rules not applied")
output(out_lck, "\n")
def set_TTL(out_lck, ip_sorg, ip_dest, ttl):
cmd = "iptables -t mangle -A FORWARD -s " + ip_sorg + " -d " + ip_dest + " -j TTL --ttl-set " + ttl
cmd1 = "iptables -t nat -N PRELOG"
cmd2 = "iptables -t nat -A PREROUTING -s " + ip_sorg + " -d " + ip_dest + " -j PRELOG"
cmd3 = "iptables -t nat -A PRELOG -j LOG --log-prefix " '[Pre_Mangle]' " --log-level 4"
cmd4 = "iptables -t nat -A PRELOG -j ACCEPT"
cmd5 = "iptables -t nat -N POSTLOG"
cmd6 = "iptables -t nat -A POSTROUTING -s " + ip_sorg + " -d " + ip_dest + " -j POSTLOG"
cmd7 = "iptables -t nat -A POSTLOG -j LOG --log-prefix " '[Post_Mangle]' " --log-level 4"
cmd8 = "iptables -t nat -A POSTLOG -j ACCEPT"
failed = os.system(cmd)
failed1 = os.system(cmd1)
failed2 = os.system(cmd2)
failed3 = os.system(cmd3)
failed4 = os.system(cmd4)
failed5 = os.system(cmd5)
failed6 = os.system(cmd6)
failed7 = os.system(cmd7)
failed8 = os.system(cmd8)
if not (failed and failed1 and failed2 and failed3 and failed4 and failed5
and failed6 and failed7 and failed8):
output(out_lck, "\nApplied rules:")
output(out_lck, cmd)
output(out_lck, cmd1)
output(out_lck, cmd2)
output(out_lck, cmd3)
output(out_lck, cmd4)
output(out_lck, cmd5)
output(out_lck, cmd6)
output(out_lck, cmd7)
output(out_lck, cmd8)
else:
output(out_lck, "Rules not applied")
output(out_lck, "\n")
def flush_tables(out_lck):
cmd = "iptables -X"
cmd1 = "iptables -F"
cmd2 = "iptables -t nat -X"
cmd3 = "iptables -t nat -F"
cmd4 = "iptables -t mangle -X"
cmd5 = "iptables -t mangle -F"
failed = os.system(cmd)
failed1 = os.system(cmd1)
failed2 = os.system(cmd2)
failed3 = os.system(cmd3)
failed4 = os.system(cmd4)
failed5 = os.system(cmd5)
if not (failed and failed1 and failed2 and failed3 and failed4
and failed5):
output(out_lck, "\nApplied rules:")
output(out_lck, cmd)
output(out_lck, cmd1)
output(out_lck, cmd2)
output(out_lck, cmd3)
output(out_lck, cmd4)
output(out_lck, cmd5)
else:
output(out_lck, "Rules not applied")
output(out_lck, "\n")
def redirection(out_lck, ipdest, iplocal, proto, port):
cmd1 = "iptables -t nat -N PRELOG"
cmd2 = "iptables -t nat -A PREROUTING -d " + iplocal + " -p " + proto + " -m " + proto + " --dport " + port + " -j PRELOG"
cmd3 = "iptables -t nat -A PRELOG -j LOG --log-prefix " '[Pre_Redirect]' " --log-level 4"
cmd4 = "iptables -t nat -A PRELOG -j DNAT --to-destination " + ipdest
cmd5 = "iptables -N POSTLOG"
cmd6 = "iptables -A FORWARD -d " + ipdest + " -p " + proto + " -m " + proto + " --dport " + port + " -j POSTLOG"
cmd7 = "iptables -A POSTLOG -j LOG --log-prefix " '[Post_Redirect]' " --log-level 4"
#cmd8 = "iptables -A POSTLOG -j ACCEPT"
#cmd5 = "iptables -t nat -A POSTROUTING -j MASQUERADE"
#failed = os.system(cmd)
failed1 = os.system(cmd1)
failed2 = os.system(cmd2)
failed3 = os.system(cmd3)
failed4 = os.system(cmd4)
failed5 = os.system(cmd5)
failed6 = os.system(cmd6)
failed7 = os.system(cmd7)
#failed8 = os.system(cmd8)
#failed5 = os.system(cmd5)
#os.system(cmd2)
if not (failed1 and failed2 and failed3 and failed4 and failed5 and failed6
and failed7):
output(out_lck, "\nApplied rules:")
output(out_lck, cmd1)
output(out_lck, cmd2)
output(out_lck, cmd3)
output(out_lck, cmd4)
output(out_lck, cmd5)
output(out_lck, cmd6)
output(out_lck, cmd7)
#output(out_lck, cmd8)
else:
output(out_lck, "Rules not applied")
output(out_lck, "\n")
def listen(self):
if str(self.protocol) == "TCP":
#Ascolto socket TCP
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
try:
self.socket.bind(
('', self.port)) # inizializzazione della connessione
self.socket.listen(100)
helpers.output(self.out_lck,
"Listening on port %s" % (self.port))
conn, addr = self.socket.accept()
size = 1024
data = conn.recv(size)
while len(data) > 0:
helpers.output(self.out_lck, "Received: %s" % data)
data = conn.recv(size)
except socket.error as msg:
helpers.output(self.out_lck, str(msg))
#Ascolto socket UDP
elif str(self.protocol) == "UDP":
_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
try:
_socket.bind(
("", self.port)) # inizializzazione della connessione
helpers.output(self.out_lck,
"Listening on port %s" % (self.port))
while True:
data, address = _socket.recvfrom(1024)
helpers.output(self.out_lck, "Received: %s" % data)
except socket.error as msg:
helpers.output(self.out_lck, str(msg))
else:
#errori
exit()
def block_output(out_lck, dip, dport, protocol):
# cmd = "iptables -A OUTPUT -p " + protocol + " -d " + dip + " --dport " + dport + " -j DROP"
# failed = os.system(cmd)
# if not failed:
# output(out_lck, "\nApplied rules:")
# output(out_lck, cmd)
# else:
# output(out_lck, "Rules not applied")
#
# output(out_lck, "\n")
cmd = "iptables -N LOGGING"
cmd1 = "iptables -A OUTPUT -p " + protocol + " -d " + dip + " --dport " + dport + " -j LOGGING"
cmd2 = "iptables -A LOGGING -j LOG --log-prefix " '[Drop_Packet]' " --log-level 4"
cmd3 = "iptables -A LOGGING -j DROP"
failed = os.system(cmd)
failed1 = os.system(cmd1)
failed2 = os.system(cmd2)
failed3 = os.system(cmd3)
if not (failed and failed1 and failed2 and failed3):
output(out_lck, "\nApplied rules:")
output(out_lck, cmd)
output(out_lck, cmd1)
output(out_lck, cmd2)
output(out_lck, cmd3)
else:
output(out_lck, "Rules not applied")
output(out_lck, "\n")
def block_sel_port(out_lck, interface, proto, ip, porta):
cmd = "iptables -N LOGGING"
cmd1 = "iptables -A FORWARD -i " + interface + " -p " + proto + " -s " + ip + " --dport " + porta + " -j LOGGING"
cmd2 = "iptables -A LOGGING -j LOG --log-prefix " '[Drop_Packet]' " --log-level 4"
cmd3 = "iptables -A LOGGING -j DROP"
failed = os.system(cmd)
failed1 = os.system(cmd1)
failed2 = os.system(cmd2)
failed3 = os.system(cmd3)
if not (failed and failed1 and failed2 and failed3):
output(out_lck, "\nApplied rules:")
output(out_lck, cmd)
output(out_lck, cmd1)
output(out_lck, cmd2)
output(out_lck, cmd3)
else:
output(out_lck, "Rules not applied")
output(out_lck, "\n")
def receive(self):
PORT = 8000
Handler = http.server.SimpleHTTPRequestHandler
httpd = socketserver.TCPServer(("", PORT), Handler)
helpers.output(self.out_lck, "serving at port: ", PORT)
httpd.serve_forever()
def show_tables(out_lck):
cmd = "iptables -L"
cmd1 = "iptables -t nat -L"
cmd2 = "iptables -t mangle -L"
output(out_lck,
"\n----------------------- MAIN TABLE -----------------------\n")
os.system(cmd)
output(out_lck,
"\n----------------------------------------------------------\n")
output(out_lck,
"\n----------------------- NAT TABLE ------------------------\n")
os.system(cmd1)
output(out_lck,
"\n----------------------------------------------------------\n")
output(out_lck,
"\n---------------------- MANGLE TABLE ----------------------\n")
os.system(cmd2)
output(out_lck,
"\n----------------------------------------------------------\n")
output(out_lck, "\n")
def show_tc(out_lck):
cmd = "tc -s qdisc"
os.system(cmd)
output(out_lck, "\n")
import threading
import sys
from helpers.helpers import output
from helpers.connection import Connection
from helpers import config
from helpers.helpers import loop_menu
import subprocess
from helpers import rules
if __name__ == "__main__":
out_lck = threading.Lock()
output(out_lck, "Insert your IP: ")
ip = None
while ip is None:
try:
ip = input()
except SyntaxError:
ip = None
if ip is None:
output(out_lck, "Please insert your IP number")
else:
my_ip = config._base + ip
output(out_lck, "Source IP: " + my_ip)
while True:
# Main Menu
#output(out_lck, "Insert your IP: ")
main_menu = loop_menu(out_lck, "action", [
def flush_tc(out_lck):
cmd = "tc qdisc del dev enp5s8 root"
cmd1 = "tc qdisc del dev wlp2s0 root"
cmd2 = "iptables -t mangle -F"
failed = os.system(cmd)
failed1 = os.system(cmd1)
failed2 = os.system(cmd2)
if not (failed and failed1 and failed2):
output(out_lck, "\nApplied rules:")
output(out_lck, cmd)
output(out_lck, cmd1)
output(out_lck, cmd2)
else:
output(out_lck, "Rules not applied")
output(out_lck, "\n")
def limit_bitrate(out_lck, dev, dest, band, mark, classid):
cmd = "tc qdisc add dev " + dev + " handle 1: root htb"
cmd1 = "tc class add dev " + dev + " parent 1: classid 1:" + classid + " htb rate 100Mbps"
cmd2 = "tc class add dev " + dev + " parent 1:" + classid + " classid 1:" + mark + " htb rate " + band + "kbps ceil " + band + "kbps prio 1"
cmd3 = "tc filter add dev " + dev + " parent 1:0 prio 1 protocol ip handle " + mark + " fw flowid 1:" + mark
cmd4 = "iptables -A POSTROUTING -t mangle -d " + dest + " -p tcp -j MARK --set-mark " + mark
failed = os.system(cmd)
failed1 = os.system(cmd1)
failed2 = os.system(cmd2)
failed3 = os.system(cmd3)
failed4 = os.system(cmd4)
if not (failed and failed1 and failed2 and failed3 and failed4):
output(out_lck, "\nApplied rules:")
output(out_lck, cmd)
output(out_lck, cmd1)
output(out_lck, cmd2)
output(out_lck, cmd3)
output(out_lck, cmd4)
else:
output(out_lck, "Rules not applied")
output(out_lck, "\n")
def block_proto(out_lck, proto):
cmd = "iptables -N LOGGING"
cmd1 = "iptables -A FORWARD -p " + proto + " -s 0/0 -d 0/0 -j LOGGING"
cmd2 = "iptables -A LOGGING -j LOG --log-prefix " '[Drop_Packet]' " --log-level 4"
cmd3 = "iptables -A LOGGING -j DROP"
failed = os.system(cmd)
failed1 = os.system(cmd1)
failed2 = os.system(cmd2)
failed3 = os.system(cmd3)
if not (failed and failed1 and failed2 and failed3):
output(out_lck, "\nApplied rules:")
output(out_lck, cmd)
output(out_lck, cmd1)
output(out_lck, cmd2)
output(out_lck, cmd3)
else:
output(out_lck, "Rules not applied")
output(out_lck, "\n")
import sys
import os
from helpers.helpers import output
from helpers.connection import Connection
from helpers import config
from helpers.helpers import loop_menu
#import iptc #Daniele: potrebbe servire in un secondo momento...
from helpers import rules
from helpers import server
import subprocess
import os
if __name__ == "__main__":
out_lck = threading.Lock()
output(out_lck, "Insert your IP: ")
ip = None
while ip is None:
try:
ip = input()
except SyntaxError:
ip = None
if ip is None:
output(out_lck, "Please insert your IP number")
else:
my_ip = config._base + ip
output(out_lck, "Source IP: " + my_ip)
#my_ip = config._base + "1.254"
while True:
# Main Menu
