def test_query_limit(self, users=None, rate_limit_only=False, rate=2): """Initializes a test for speed constraints @users: a user list to be used for this experiment @rate_limit_only: only check rate limiting (do not attempt continuous queries but only a certain number of queries / min) @rate: start rate limiting check with this many queries per second and adjust accordintgly. """ vb.vb_print(self.verbose, "Initiating query limit test") if users is None: users = self._db.get_ordered_users() if len(users) == 1: raise SystemExit("Not enough users! At least two users required") self.attackers = [AuditorUser(self.service_id, u) for u in users] self.attacker = self.attackers.pop() victim = self.attackers.pop(0) self._db.insert_test("query_limit") self.test_id = self._db.get_test_id("query_limit") # limit on update location queries self.qps_u_limit = self._query_rate_limit_update(rate_limit_only, rate) # limit on get_distance queries self.qps_r_limit = self._query_rate_limit_request(rate_limit_only, rate) # total query limit should be the minimum of update/request limits self.absq_limit = math.min(self.absq_u_limit, self.absq_r_limit) self.qps_limit = math.min(self.qps_u_limit, self.qps_r_limit)
def test_rudp_attack(self, rounding_classes, victim=None, users=None, kml=None, grid=20): """Run the RUDP attack and set the accuracy in the Auditor class """ vb.vb_print(self.verbose, "Testing accuracy of RUDP attack") # FIXME check rounding classes if users is None: users = self._db.get_ordered_users() if victim is not None: self.victim = AuditorUser(self.service_id, victim) # make sure that victim is not in users #users.remove(victim) # and create instances of AuditorUser for attackers self.attackers = [AuditorUser(self.service_id, u) for u in users] self.attacker = self.attackers.pop() else: # and create instances of AuditorUser for attackers self.attackers = [AuditorUser(self.service_id, u) for u in users] self.attacker = self.attackers.pop() # pick the guy with the most queries to be the victim self.victim = self.attackers.pop(0) [ny_lat, ny_lon] = [40.753506, -73.988800] ny_lat += random.uniform(-0.01, 0.01) ny_lon += random.uniform(-0.01, 0.01) # place victim (success, queries) = self.auditor_handled_place_at_coords(self.victim, ny_lat, ny_lon, self.test_id) if not success: raise SystemExit("Could not place user 1") self._db.insert_test("rudp") self.test_id = self._db.get_test_id("rudp") if self.query_limit is None: query_limit = self.absq_limit disc_attack = auditor_discovery_attack.DiscoveryAttack(self, self.attackers, self.attacker, self.victim, self.proj, self.oracle, self.test_id, self.__serv_name, "rudp", self.verbose, self.query_limit, self.speed_limit) self.rudp_accuracy = disc_attack.rudp_attack(rounding_classes, kml, grid)
def _update_attacker(self): """Get a new attacker from the available users """ if len(self.attackers) == 0: raise SystemExit("Run out of attackers") vb.vb_print(self.verbose, " *** updating attacker ***", None, True) self.attacker = self.attackers.pop() # sleep for some period sleep(10)
def _query_rate_limit_update(self, rate_limit_only=False, rate=2): """Check limits on update location queries """ vb.vb_print(self.verbose, "Examining limits on update queries") # Pass the arguments for update location: # attacker, distance to move, angle, test_id, ERROR_VALUE for function args = (self.attacker, 0.001, randint(0, 360), self.test_id, False) return self.__limit_check(self.auditor_handled_place_at_dist, rate_limit_only, rate, *args)
def _query_rate_limit_request(self, rate_limit_only=False, rate=2): """Check query limit when we get distance of a user """ vb.vb_print(self.verbose, "Examining limits on update queries") # Pass the arguments for update location: # attacker, victim, test_id, ERROR_VALUE of function args = (self.attacker, self.victim, self.test_id, None) return self.__limit_check(self.auditor_handled_distance, rate_limit_only, rate, *args)
def in_proximity(self, auditor_user_a, auditor_user_b, test_id): """auditor_user_a examines if auditor_user_b is in proximity radius (in km) using a disk proximity oracle Args: auditor_user_a: auditor user instance for attacker auditor_user_b: auditor user instance for target radius: radius of disk in km Returns: (answer, queries) where @answer is True if user_b is in proximity to user_a with respect to the oracle else False. """ vb.vb_print(self.verbose, "Examining oracle:", "DUDP", True) query_id = int(time()) (dist, q) = self.auditor.auditor_handled_distance( auditor_user_a, auditor_user_b, test_id, auditor_user_a.loc, query_id) if dist is None: vb.vb_print(self.verbose, " |-- None", "DUDP", True) return (None, 1) if dist < self.radius: vb.vb_print(self.verbose, " |-- True", "DUDP", True) return (True, q) else: vb.vb_print(self.verbose, " |-- False", "DUDP", True) return (False, q)
def in_proximity(self, auditor_user_a, auditor_user_b, test_id): """auditor_user_a gets the distance from auditor_user_b using the disk proximity oracle Args: auditor_user_a: auditor user instance for attacker auditor_user_b: auditor user instance for target """ vb.vb_print(self.verbose, "Examining oracle:", "RUDP", True) query_id = int(time()) return self.auditor.auditor_handled_distance(auditor_user_a, auditor_user_b, test_id, auditor_user_a.loc, query_id)
def _update_attacker(self): """Get a new attacker from the available users """ if len(self.attackers) == 0: vb.vb_print(self.verbose, " *** RUN OUT OF ATTACKERS - RESTARTING ***", "UDP", True) self.attackers = self.attackers_backup self.restart_times += 1 vb.vb_print(self.verbose, " *** updating attacker ***", "UDP", True) self.attacker = self.attackers.pop() # sleep for some period sleep(10)
def _place_at_coords(self, attacker, lat, lon, test_id): """Attempt to update attacker location until we succeed """ while True: vb.vb_print(self.verbose, "Placing user at " + str(lat) + ", " + str(lon), "UDP", True) query_id = int(time()) res = self.auditor.auditor_handled_place_at_coords(attacker, lat, lon, test_id, query_id) # sleep until location is updated sleep(2) # add queries regardless of whether we failed self.attack_queries += res[1] if res[0] is False: # if for any reason update failed, change attacker self._update_attacker() else: return res
def __limit_check(self, function, rate_limit_only=False, rate=2, *args): """Check query limit when we update the location of the user Initially we check Args: function: function to be checked against query limiting rate_limit_only: Only perform rate limiting check rate: starting rate of queries per second args: the argumetns of the function with the error value being the last argument """ limit = None if not rate_limit_only: vb.vb_print(self.verbose, "Testing if there is a global limit on query number", "query-limit", True) # Query once per second: our attacks require around # 100 queries so lets do 1000 queries for the worst case sleep_time = 1 total_queries = 1000 # place the user 2 meters away for i in range(total_queries): # perform micro-adjustments in location so as to # not trigger any speed constraints success, queries = function(*args[:-1]) if success is args[-1]: limit = i break sleep(sleep_time) # if we did not have a limit return None if limit is None: vb.vb_print(self.verbose, " |--> False", "query-limit", True) return None vb.vb_print(self.verbose, " |--> True: stopped at " + str(limit), "query-limit", True) # update absolute limits depending on the functions if function == self.auditor_handled_distance: self.absq_u_limit = limit else: self.absq_r_limit = limit vb.vb_print(self.verbose, "Testing if there is rate limiting on queries", "query-limit", True) # If we were blocked check rate limiting # Currently rate limiting is eq. to @limit queries / sec # Initialize minimum and maximum queries / sec if limit is not None: [min_rate, max_rate] = [0, limit] else: [min_rate, max_rate] = [0, rate] while min_rate < max_rate: cur_rate = float(min_rate + max_rate) / 2 vb.vb_print(self.verbose, " |--current rate: " + str(cur_rate), "query-limit", True) # we apply each rate per second thus total_queries = cur_rate * 60 # calculate sleep time per queries approximately sleep_time = float(1 / cur_rate) counter = 0 while counter < total_queries: successful = function(*args[:-1]) if successful is args[-1]: # if we are blocked change attacker self._update_attacker() max_rate = cur_rate else: # if we succeeded increase min_rate to cur_rate min_rate = cur_rate # sleep till the next query sleep(sleep_time) counter += 1 return cur_rate
def __init__(self, auditor, attackers, attacker, victim, proj, oracle, test_id, service, test_name, verbose, kml=None, query_lim=None, speed_limit=None): """Initializes a Discovery attack Args: users: the users in our user pool proj : the projection used oracle: an instance of the ProximityOracle class, either DUDP RUDP or a custom oracle defined by the inherited service kml: a path of a kml file with the search area for the victim """ # FIXME add sleep times depending on query rate self.kmlparser = KMLParser(proj) # pass Auditor class self.auditor = auditor self.attackers_backup = list(attackers) self.attackers = attackers self.restart_times = 0 self.attacker = attacker self.victim = victim self.proj = proj self.oracle = oracle self.verbose = verbose self.test_id = test_id # if limit is None set it to infinity self.query_limit = query_lim if query_lim is not None else float('inf') # # Attack parameters # # grid size for calculations: can be modified by user in xxx_attack call self.grid_size = 20 # query no in the current attack self.attack_queries = 0 self.test_name = test_name self.service_name = service # # Create directories for attack # self.kml_dir = ''.join(os.getcwd() + "/" + self.KML_DIR) if not os.path.exists(self.kml_dir): os.makedirs(self.kml_dir) self.json_dir = ''.join(os.getcwd() + "/" + self.JSON_DIR) if not os.path.exists(self.json_dir): os.makedirs(self.json_dir) # # Set up victim and seaerth area # if kml is None: self.kml = ''.join(os.getcwd() + "/" + self.NY_METROPOLITAN) self.search_area = self.kmlparser.poly_from_kml(self.kml) else: if os.path.isfile(kml): self.kml = kml self.search_area = self.kmlparser.poly_from_kml(kml) else: raise SystemExit("No such kml file") # get random victim location in projected coordinates (vict_x, vict_y) = self.kmlparser.random_from_polygon(self.search_area, 1)[0] (vict_lon, vict_lat) = proj(vict_x, vict_y, inverse=True) vb.vb_print(self.verbose, "Placing victim at " + str([vict_lat, vict_lon])) # place victim (success, queries) = auditor.auditor_handled_place_at_coords(victim, vict_lat, vict_lon, test_id) self.attack_queries += queries if not success: raise SystemExit("Could not place victim")
def _run_binary(self, inter, radius, grid_size=20): """Runs binary on area Args: @inter: the projected polygon in which we are running the binary attack algorithm @radius: the radius of the disk to perform the cuts """ vb.vb_print(self.verbose, "Running Binary", "UDP", True) last_inter_area = float('inf') while (inter.area > self.BINARY_STOP_AREA and self.attack_queries < self.query_limit): vb.vb_print(self.verbose, "Estimating cut", "UDP", True) # find projected coordinates that cut inter in half proj_coords = cells.cut(inter, self.proj, radius, grid_size) circle = Point(proj_coords[0], proj_coords[1]).buffer(radius * 1000) self.json_out["DUDP"].append({"query": self.attack_queries, "disk": self._log_kml("disk", circle), "active_area": self._log_kml("inter", inter), }) # calculate the coordinates for the new cut query (query_lon, query_lat) = self.proj(proj_coords[0], proj_coords[1], inverse=True) self._place_at_coords(self.attacker, query_lat, query_lon, self.test_id) if self.oracle is None: raise SystemExit("oracle should not be None after coverage") oracle_rspn = [None, None] attempts = 0 while oracle_rspn[0] is None: # ask the oracle if the victim is in proximity oracle_rspn = self.oracle.in_proximity(self.attacker, self.victim, self.test_id) # increase queries self.attack_queries += oracle_rspn[1] if oracle_rspn[0] is None and attempts > 5: self._update_attacker() attempts += 1 if oracle_rspn[0] is True: # if in proximity take the intersection inter_new = inter.intersection(circle) else: # else take the difference inter_new = inter.difference(circle) if inter_new.is_empty: print "\n\n\t ***WARNING!! EMPTY INTERSECTION***\n\n" inter = circle else: inter = inter_new # log kml self._log_kml("inter", inter) # if area is not reduced after intersection # break to avoid an infinite loop. area = inter.area if math.fabs(last_inter_area - area) < self.MIN_REDUCTION * area: vb.vb_print(self.verbose, "Area not significantly reduced ..stopping", "UDP", True) break else: last_inter_area = inter.area est_location = cells.poly_centroid(inter, self.proj) vb.vb_print(self.verbose, "Estimated Location: " + str(est_location), "UDP", True) real_est_distance = earth.distance_on_unit_sphere(self.victim.loc[0], self.victim.loc[1], est_location[0], est_location[1]) # convert to m real_est_distance *= 1000 vb.vb_print(self.verbose, "Distance from real loc: " + str(real_est_distance) + "m", "UDP", True) self.json_out["est_location"].append({"query": self.attack_queries, "area" : inter.area, "coords": [est_location[0], est_location[1]]}) self.json_out["real_location"].append({"query": -1, "coords": [self.victim.loc[0], self.victim.loc[1]]}) output_json = ''.join(os.getcwd() + "/" + self.JSON_DIR) output_json += self.service_name + "_UDP_" with open(output_json + str(self.test_id) + ".json", "w") as outfile: json.dump(self.json_out, outfile) return real_est_distance
def _run_coverage(self, disk_radii): """Runs coverage algorithm on search_area disk_radii contains the list of available radii by the service This routine attempts to cover the search_area with as few disks as possible for the given set of disk_radii and then queries the proximity oracle for each of the disks until that returns true. Once the proximity oracle is true (the target is found in the disk) the routine returns the respective disk Args: disk_radii: the list of available radii for the disks used by the service in km Returns: A polygon in projected coordinates with the disk containing the target. """ vb.vb_print(self.verbose, "Running Coverage", "UDP", True) grid = cells.Cells(self.proj) # get largest radius and try to create a grid # with hexagons defined by r. sorted_radii = sorted(disk_radii, reverse=True) disk_radius = sorted_radii[0] # pdict is a dictionary with all the grid points. # If no keys are found the radius r is too big to # create a grid in the search area FIXME should we go for # binary directly the moment we have one succesful query? while len(grid.pdict.keys()) == 0: vb.vb_print(self.verbose, "Attempting to create grid with R=" + str(disk_radius), "UDP", True) # Attempt to construct grid with this radius grid.construct_grid_in_polygon(self.search_area, disk_radius * 1000) try: # get the next smaller radius in case this disk_radius = sorted_radii[next(x[0] for x in enumerate(sorted_radii) if x[1] < disk_radius)] except StopIteration: # Normally this should never trigger with the default kml raise SystemExit("Can't create grid with the available radii") vb.vb_print(self.verbose, "|--> Success!", "UDP", True) idx = sorted_radii.index(disk_radius) # Take previous r which is what the grid was made with # since we have already decreased this once disk_radius = sorted_radii[idx - 1] if self.oracle is None: self.oracle = apo.DiskProximityOracle(self.auditor, disk_radius, self.verbose) else: # set this radius in the oracle self.oracle.set_radius(disk_radius) # create the oracle grid_points = grid.pdict.keys() # FIXME we should update points based on the speed limits # currently let it randomly selects points. # # As a proper solution we should traverse the squares in a # consistent manner (like following a path zig-zag from left # to right then up then left etc). The problem is that if the # current location of the attacker is in the middle we would # have to do like a spiral which complicates stuff. So perhaps, # | # v # Replace the for loop with a while loop and after every iteration, # re-sort the remaining circles based on the distance from the # current point. Ugly but works and hopefully we won't have many circles random.shuffle(grid_points) for point in grid_points: # FIXME update depending on query limiting rates (lon, lat) = self.proj(float(point[0]), float(point[1]), inverse=True) # Place the user there respecting any speed constraints # Since the points are ordered based on the distance from # the current location, this is the closest point self._place_at_coords(self.attacker, lat, lon, self.test_id) # ask oracle until we get a response oracle_rspn = [None, None] attempts = 0 while oracle_rspn[0] is None: # ask the oracle if the victim is in proximity oracle_rspn = self.oracle.in_proximity(self.attacker, self.victim, self.test_id) # increase total queries of the attack self.attack_queries += oracle_rspn[1] if oracle_rspn[0] is None and attempts > 5: self._update_attacker() attempts +=1 circle = cells.circle(lat, lon, disk_radius * 1000, self.proj) self._log_kml("coverage", circle) self.json_out["coverage"].append({"query": self.attack_queries, "disk": [lat, lon, disk_radius * 1000]}) if oracle_rspn[0] is not None: if oracle_rspn[0] is True: vb.vb_print(self.verbose, "Found at " + vector.to_str([lat, lon]) + " !", "DUDP", True) return (circle, disk_radius) # if not found return None return None, None
def _run_trilateration(self, rounding_classes): """Runs a variance of the trilateration attack on the search_area Args: rouding_classes: a list of intervals with the radiuses Returns: A polygon in projected coordinates containing the target """ vb.vb_print(self.verbose, "Running trilateration", "UDP", True) # get minimum radius in the rounding classes MIN_R = sorted([cl[0] for cl in rounding_classes])[0][0] #initially the intersection is the whole area inter = self.search_area # place the attacker in the center if self.attacker.loc is None or self.attacker.loc[0] is None: starting_loc = cells.poly_centroid(inter, self.proj) self._place_at_coords(self.attacker, starting_loc[0], starting_loc[1], self.test_id) if self.oracle is None: self.oracle = apo.RoundingProximityOracle(self.auditor, rounding_classes, self.verbose) # initially get a rough estimate with 3 queries from # three locations at a distance of 120 degrees. # Initiate intersection rings rings = [] for i in range(3): # get a ring and check if we are switching to binary ring_response = self.__get_ring(MIN_R) if ring_response is None: raise SystemExit("victim not found") else: distance_range, ring = ring_response self._log_kml("ring", ring) rings.append(ring) #XXX no need to check for multipolygon in case of DUDP # as we are working inside a polygonal area inter_new = None if inter.geom_type == "MultiPolygon": for p in inter: cut_inter = p.intersection(ring) if inter_new is None: inter_new = cut_inter else: inter_new = inter_new.union(cut_inter) else: inter_new = inter.intersection(ring) # update the intersection inter = ring if inter_new.is_empty else inter_new # log kml files self.json_out["RUDP"].append({"query": self.attack_queries, "ring": self._log_kml("ring", ring), "active_area": self._log_kml("inter", inter), }) # update attacker location dist = float(distance_range[0] + distance_range[1]) / 2 # calculate new location for the next query new_loc = earth.point_on_earth(self.attacker.loc[0], self.attacker.loc[1], dist, i * 120) self._place_at_coords(self.attacker, new_loc[0], new_loc[1], self.test_id) # switch to binary return inter
def __get_ring(self, minR): """Asks the proximity oracle and creates a ring respectively If we are in the base rounding class, we switch to binary """ # we expect to get an answer from the oracle # loop if there is an error and change attacker dist = None attempts = 0 while dist is None: # get distance and queries from the oracle (dist, queries) = self.oracle.in_proximity(self.attacker, self.victim, self.test_id) sleep(2) # increase total queries self.attack_queries += queries # increase queries if dist is None and attempts > 5: self._update_attacker() attempts += 1 # at this poing we god a distance from the proximity oracle # see in which rounding class this oracle belongs to for round_class in sorted([cl[0] for cl in self.oracle.round_cl]): # get the ranges for which this rounding class is active # e.x. from 100 to 200m --> [0.1, 0.2] [small_radius, big_radius] = round_class if dist >= small_radius and dist <= big_radius: vb.vb_print(self.verbose, "Distance returned: " + str(dist), "UDP", True) for cl in self.oracle.round_cl: if cl[0] == round_class: # see what the real distance might be (in km) real_dist = self.__get_candidate_dist(dist, cl) break if real_dist is None: return None vb.vb_print(self.verbose, "Candidate distances: " + str(real_dist), "UDP", True) attacker_location = self.attacker.loc # if we got a rounding class create a ring else return None # round_class should have the proper value from the last iteration # in the for loop. FIXME messy ring = cells.ring(attacker_location[0], attacker_location[1], float(real_dist[0]) * 1000, float(real_dist[1]) * 1000, self.proj) # return minimum distance and ring return real_dist, ring
def test_speed_limit(self, users=None): """Run a speed limit test binary searching for the max allowed speed """ vb.vb_print(self.verbose, "Initiating speed limit test") if users is None: users = self._db.get_ordered_users() self.attackers = [AuditorUser(self.service_id, u) for u in users] self.attacker = self.attackers.pop() self._db.insert_test("speed_limit") self.test_id = self._db.get_test_id("speed_limit") # set a sleep time between queries sleep_time = 5 # First we test teleportation: No speed constraints. # We set the user in New York and subsequently in San Fransisco # Hardcode coordinates for first check (ny_lat, ny_lon) = (40.708306, -74.008839) (sf_lat, sf_lon) = (37.761398, -122.415413) vb.vb_print(self.verbose, "testing teleportation", "speed-limit", True) # place user in New York (success, queries) = self.auditor_handled_place_at_coords(self.attacker, ny_lat, ny_lon, self.test_id) if not success: raise SystemExit("Could not place user at New York") # Wait some time for the query to be processed. sleep(sleep_time) # Teleport! (success, queries) = self.auditor_handled_place_at_coords(self.attacker, sf_lat, sf_lon, self.test_id) # Wait some time for the query to be processed. sleep(sleep_time) if success: # back in New York! (success, q_n) = self.auditor_handled_place_at_coords(self.attacker, ny_lat, ny_lon, self.test_id) # Wait some time for the query to be processed. sleep(sleep_time) if success: self.speed_limit = None vb.vb_print(self.verbose, " |->..Success!", "speed-limit", True) return None vb.vb_print(self.verbose, " |->..Failed", "speed-limit", True) # If we could not teleport, binary search in distances # Hardcode max speed in km/h [min_speed, max_speed] = [1, 1024] vb.vb_print(self.verbose, "Searching cut-off", "speed-limit", True) while min_speed < max_speed: cur_speed = float(min_speed + max_speed) / 2 dist = float(cur_speed * sleep_time) / 3600 # output speed if verbose vb.vb_print(self.verbose, " |--current speed: " + str(cur_speed), "speed-limit", True) # keep a bearing of 70 degrees to make sure we place # the user over mainland and not at sea (success, q_no) = self.auditor_handled_place_at_dist(self.attacker, dist, 70, self.test_id) if success: # if we succeeded increase min to cur_speed min_speed = cur_speed else: # if we are blocked change attacker self._update_attacker() max_speed = cur_speed # sleep till the next query sleep(sleep_time) self.speed_limit = cur_speed return cur_speed
def test_location_verification(self, users=None): """Checks whether the service verifies the location of a user when they perform a query """ if users is None: users = self._db.get_ordered_users(2) if len(users) < 2: raise SystemExit("Not enough users! Three users required") user_list = [AuditorUser(self.service_id, u) for u in users] vb.vb_print(self.verbose, "Examining if service verifies coordinates") self._db.insert_test("coordinate_verification") self.test_id = self._db.get_test_id("coordinate_verification") # place user1 and user2 at a fixed distance (say 1km) user_1 = user_list.pop() user_2 = user_list.pop() [ny_lat1, ny_lon1] = [40.708306, -74.008839] [ny_lat2, ny_lon2] = [40.725412, -73.995323] [ny_lat3, ny_lon3] = [40.753506, -73.988800] # place user1 (success, queries) = self.auditor_handled_place_at_coords(user_1, ny_lat1, ny_lon1, self.test_id) if not success: raise SystemExit("Could not place user 1") # place user2 (success, queries) = self.auditor_handled_place_at_coords(user_2, ny_lat2, ny_lon2, self.test_id) if not success: raise SystemExit("Could not place user 2") # measure current distance of user1, user2 (distance1, queries) = self.auditor_handled_distance(user_1, user_2, self.test_id, [ny_lat1, ny_lon1]) (distance2, queries) = self.auditor_handled_distance(user_1, user_2, self.test_id, [ny_lat3, ny_lon3]) location_verified = (distance1 == distance2 and (distance1 is not None)) self.service_verifies_location = location_verified vb.vb_print(self.verbose, " |-->" + str(location_verified), "verification check", True) return location_verified
def test_dudp_attack(self, disk_radii, victim=None, users=None, kml=None, grid=20): """Run the DUDP attack and set the accuracy in the Auditor class """ # TODO add documentation & user checking add check for no of users # but provision for the case where the auditor supplied victim and # not user! vb.vb_print(self.verbose, "Testing accuracy of DUDP attack") if users is None: users = self._db.get_ordered_users() if victim is not None: self.victim = AuditorUser(self.service_id, victim) # make sure that victim is not in users #users.remove(victim) # and create instances of AuditorUser for attackers self.attackers = [AuditorUser(self.service_id, u) for u in users] self.attacker = self.attackers.pop() else: # and create instances of AuditorUser for attackers self.attackers = [AuditorUser(self.service_id, u) for u in users] self.attacker = self.attackers.pop() # pick the guy with the most queries to be the victim self.victim = self.attackers.pop(0) [ny_lat, ny_lon] = [40.753506, -73.988800] ny_lat += random.uniform(-0.01, 0.01) ny_lon += random.uniform(-0.01, 0.01) # place victim (success, queries) = self.auditor_handled_place_at_coords(self.victim, ny_lat, ny_lon, self.test_id) if type(disk_radii) != list: raise TypeError("Expecting a list of radii in km") if len(disk_radii) == 0: raise SystemExit("At least one radius in km is required!") if not success: raise SystemExit("Could not place user 1") self._db.insert_test("dudp") self.test_id = self._db.get_test_id("dudp") # FIXME check query rate limiting for both dudp and rudp self.query_limit = self.absq_limit disc_attack = auditor_discovery_attack.DiscoveryAttack(self, self.attackers, self.attacker, self.victim, self.proj, self.oracle, self.test_id, self.__serv_name, "dudp", self.verbose, self.query_limit, self.speed_limit) self.dudp_accuracy = disc_attack.dudp_attack(disk_radii, kml, grid)