def __init__(self, debug=False, interface=None):
"""
Initialize R2LEngine.
Args:
interface (str): Name of interface on which to monitor
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Create objects of all the imported class
self.arp_spoof = ARPCache(debug=debug)
self.cam_attack = CAM(debug=debug)
self.dhcp = DHCP(debug=debug)
self.ping_of_death = PingOfDeath(debug=debug)
self.land_attack = LandAttack(debug=debug)
self.ddos = DDoS(debug=debug)
self.syn_flood = SynFlood(debug=debug)
self.dns_amp = DNS_Amplification(debug=debug)
self.bgp_abuse = BGP_Abuse(debug=debug)
# Wireless
self.deauth = Deauth(debug=debug)
self.fake_access = FakeAccessPoint(debug=debug)
self.hidden_node = HiddenNode(debug=debug)
self.ssid_spoof = SSIDSpoof(debug=debug, interface=interface)
class TestPingOfDeath(unittest.TestCase):
"""
Test class for SecureTea IDS PingOfDeath Attack Detection.
"""
def setUp(self):
"""
Setup class for PingOfDeath.
"""
# Packet with load < 60000
self.pkt1 = scapy.IP(src="192.168.0.1") \
/ scapy.ICMP() / scapy.Raw(load="*")
# Packet with load > 60000 (attack)
self.pkt2 = scapy.IP(src="192.168.0.1") \
/ scapy.ICMP() / scapy.Raw(load="*" * 65535)
# Initialize PingOfDeath object
self.ping_of_death = PingOfDeath()
@patch.object(OSINT, "perform_osint_scan")
@patch.object(SecureTeaLogger, 'log')
def test_detect(self, mock_log, mck_osint):
"""
Test detect_ping_of_death.
"""
mck_osint.return_value = True
# Case 1: Non suspicious packet
self.ping_of_death.detect(self.pkt1)
self.assertFalse(mock_log.called)
# Case 2: Suspicious packet
self.ping_of_death.detect(self.pkt2)
msg = "Possible ping of death attack detected " \
"from: 192.168.0.1"
mock_log.assert_called_with(msg, logtype="warning")
class R2LEngine(object):
"""R2LEngine class."""
def __init__(self, debug=False, interface=None):
"""
Initialize R2LEngine.
Args:
interface (str): Name of interface on which to monitor
debug (bool): Log on terminal or not
Raises:
None
Returns:
None
"""
# Create objects of all the imported class
self.arp_spoof = ARPCache(debug=debug)
self.cam_attack = CAM(debug=debug)
self.dhcp = DHCP(debug=debug)
self.ping_of_death = PingOfDeath(debug=debug)
self.land_attack = LandAttack(debug=debug)
self.ddos = DDoS(debug=debug)
self.syn_flood = SynFlood(debug=debug)
# Wireless
self.deauth = Deauth(debug=debug)
self.fake_access = FakeAccessPoint(debug=debug)
self.hidden_node = HiddenNode(debug=debug)
self.ssid_spoof = SSIDSpoof(debug=debug, interface=interface)
def run(self, pkt):
"""
Pass the packet through all the
filter rules.
Args:
pkt (scapy_object): Packet to dissect and observe
Raises:
None
Returns:
None
"""
# Pass the packets
self.arp_spoof.proces_packet(pkt)
self.cam_attack.detect_cam(pkt)
self.dhcp.detect_dhcp(pkt)
self.land_attack.detect_land_attack(pkt)
self.ping_of_death.detect(pkt)
self.ddos.classify_ddos(pkt)
self.syn_flood.detect_syn_flood(pkt)
# Wireless
self.deauth.detect_deauth(pkt)
self.fake_access.detect_fake_ap(pkt)
self.hidden_node.detect_hidden_node(pkt)
self.ssid_spoof.start_process()
def setUp(self):
"""
Setup class for PingOfDeath.
"""
# Packet with load < 60000
self.pkt1 = scapy.IP(src="192.168.0.1") \
/ scapy.ICMP() / scapy.Raw(load="*")
# Packet with load > 60000 (attack)
self.pkt2 = scapy.IP(src="192.168.0.1") \
/ scapy.ICMP() / scapy.Raw(load="*" * 65535)
# Initialize PingOfDeath object
self.ping_of_death = PingOfDeath()