def run(self):
""" Run the experiment """
common.log("Main")
fw_proxy = self.proxy_firewalls[self.firewalls[0]]
# Starting alert timer at the firewall
time.sleep(1.5)
fw_proxy.run("/etc/init.d/snort restart")
time.sleep(1.5)
fw_proxy.run(constant.fw_cmd)
common.log(" >> [Firewall : %s:%d] %s" % (self.firewalls[0][0], self.firewalls[0][1], constant.fw_cmd))
for timing in self.timings:
common.log("Naive Algorithm")
common.log(" %d attackers" % len(self.attackers))
common.log(" %d victims" % len(self.victims))
common.log("")
common.log(">> Timing %s" % timing)
for option, type in self.types:
common.log("")
common.log("")
common.log(" >> Type %s" % type)
# Building command(s)
subparts = self.generate(self.victims, constant.mostusedports)
random.shuffle(subparts)
common.log(" >> Generating %d subparts" % len(subparts))
remotes = list(self.attackers)
nb_detected = 0
i_subpart = 0
i_remote = 0
for remote in remotes:
# Connecting to the remote host
remote_proxy = self.proxy_attackers[remote]
undetected = True
while undetected:
if i_subpart == len(subparts):
break
subpart = subparts[i_subpart]
i_subpart += 1
# Creating the command
cmd = common.convert(subpart, option, timing)
common.log(
" >> [Remote : %s:%d][Subpart : %s - %d/%d][Remote %d/%d]"
% (remote[0], remote[1], cmd, i_subpart, len(subparts), i_remote, len(remotes))
)
remote_proxy.run(cmd)
sys.stdout.write("[%s] << Waiting : " % (time.ctime()))
sys.stdout.flush()
while True:
status = remote_proxy.poll()
if not status:
status = fw_proxy.pollfw()
if status != None and status != False:
undetected = False
else:
undetected = True
break
status = fw_proxy.pollfw()
if status != None and status != False:
undetected = False
remote_proxy.kill()
break
sys.stdout.write(".")
sys.stdout.flush()
common.timing_sleep(timing)
str = "Undetected"
if not undetected:
str = "Detected"
fw_proxy.kill()
fw_proxy.run(constant.fw_cmd)
time.sleep(0.5)
sys.stdout.write(" >> %s\n" % str)
sys.stdout.flush()
if not undetected:
nb_detected += 1
i_remote += 1
# Log time
if i_remote in self.log_nb_attackers:
percentage = float(i_subpart) / len(subparts) * 100
message = "%s - [Remotes detected : %d/%d][Scan accomplished : %.2f%%]" % (
str,
i_remote,
len(remotes),
percentage,
)
common.log(message)
common.logtype(type, timing, message, percentage, "naive", self.logdir, "../log/", i_remote)
if i_subpart == len(subparts):
# Scan has finished
percentage = 100
message = "%s - [Remotes detected : %d/%d][Scan accomplished : %.2f%%]" % (
str,
i_remote,
len(remotes),
percentage,
)
for i in self.log_nb_attackers:
if i > i_remote:
common.log(message)
common.logtype(type, timing, message, percentage, "naive", self.logdir, "../log/", i)
break
common.log(" << Type %s" % type)
common.log("<< Timing %s" % timing)
def run(self):
""" Run the experiment """
common.log("Main")
fw_proxy = self.proxy_firewalls[self.firewalls[0]]
# Starting alert timer at the firewall
for timing in self.timings:
for nb_attackers in self.log_nb_attackers:
attackers = self.attackers[:nb_attackers]
common.log("")
common.log(">> Timing %s" % timing)
for option, type in self.types :
for j in range(1,4):
common.log("")
common.log("")
#common.log("Restarting snort")
#fw_proxy.run("/etc/init.d/snort stop")
#fw_proxy.run("/etc/init.d/snort start")
fw_proxy.run(constant.fw_cmd)
common.log(" >> [Firewall : %s:%d] %s" % (self.firewalls[0][0], self.firewalls[0][1], constant.fw_cmd))
time.sleep(4)
common.log("")
common.log(" >> Type %s" % type)
# Building command(s)
subparts = self.generate(self.victims, constant.mostusedports, len(attackers))
random.shuffle(subparts)
common.log(" >> Generating %d subparts" % len(subparts))
nb_detected = 0
i_remote = 0
subpartsperremotes = len(subparts) / len(attackers)
# Dispatching commands
commands = {}
for remote in attackers:
commands[remote] = []
for i in range(i_remote * subpartsperremotes, (i_remote + 1) * subpartsperremotes):
command = common.convert(subparts[i], option, timing)
commands[remote].append(command)
i_remote += 1
if len(subparts) % len(attackers) != 0:
i_remote = 0
for i in range(i_remote * subpartsperremotes + 1, len(attackers)):
command = common.convert(subparts[i], option, timing)
commands[attackers[i_remote]].append(command)
i_remote += 1
i_remote = 0
# Loading scan on all remotes
for remote in attackers:
# Connecting to the remote host
i_remote += 1
remote_proxy = self.proxy_attackers[remote]
remote_commands = commands[remote]
common.log(" >> LOADING [Remote : %s:%d][Nb Subparts : %d/%d][Remote %d/%d]"
% (remote[0], remote[1], len(remote_commands), len(subparts), i_remote, len(attackers)))
# Sending command
remote_proxy.loadmultiple(remote_commands)
# Sending command
remote_proxy.runmultiple()
common.log(" >> RUN [Remote : %s:%d][Nb Subparts : %d/%d][Remote %d/%d]"
% (remote[0], remote[1], len(remote_commands), len(subparts), i_remote, len(attackers)))
common.log(" >> Monitoring")
time.sleep(0.5)
# Monitoring remotes
remotes = list(attackers)
common.log(" << Waitings scans to be finished >>")
while len(remotes) != 0:
for remote in remotes:
remote_proxy = self.proxy_attackers[remote]
try:
if not remote_proxy.poll():
remotes.remove(remote)
common.log(" => Scan finished for remote %s" % remote[0])
except:
pass
common.log(" << Scans are finished >>")
time.sleep(0.5)
# Monitoring firewall state
common.log(" << Asking firewall state >>")
remotes_percentage = dict([remote[0], [False, 100]] for remote in attackers)
# Fetching timestamps
# Fetching detected scanners list
detected = fw_proxy.pollfw()
percentage = 100
if detected != None and detected != False:
percentage = 0
for ip, timestamp in detected[1]:
if ip in remotes_percentage and not remotes_percentage[ip][0]:
nb_detected += 1
remotes_percentage[ip][0] = True
# Compute remote percentage
remote_percentage = 0
remote_proxy = self.proxy_attackers[(ip,8000)]
detection_timestamp = float(timestamp)
remote_timestamps = remote_proxy.gettimestamps()
for remote_timestamp in remote_timestamps:
if len(remote_timestamp) == 1:
remote_timestamp.append(time.time())
remote_duration = remote_timestamp[1] - remote_timestamp[0]
remote_detection = detection_timestamp - remote_timestamp[0]
remote_percentage += max(0, float(remote_detection) / remote_duration)
remote_percentage /= len(remote_timestamps)
remote_percentage *= 100
remote_percentage = min(remote_percentage,100)
percentage += remote_percentage
common.log(" /!\ Scanner detected : IP %s - Stopped at %.2f%% " % (ip, remote_percentage))
percentage += (len(attackers) - nb_detected) * 100
percentage /= len(attackers)
message = "Scan accomplished [%.2f%%] - [detected %d/%d]" % (percentage, nb_detected, len(attackers))
common.logtype(type, timing, message, percentage, 'parallel', self.logdir, '../log/', len(attackers))
message = "%s - [Scan accomplished : %.2f%%]" % (message, percentage)
common.log(message)
fw_proxy.kill()
common.log(" << Type %s" % type)
common.log("<< Timing %s" % timing)
if (
len(attackers) == 0
or len(victims) == 0
or len(timings) == 0
or len(modes) == 0
or len(types) == 0
or len(firewalls) == 0
or len(nb_victims) == 0
or len(log_nb_attackers) == 0
):
usage(sys.argv[0])
sys.exit()
log_nb_attackers.sort()
common.log("Attackers are : %s" % attackers)
common.log("Victims are : %s" % victims)
common.log("Timings are : %s" % timings)
common.log("Modes are : %s" % modes)
common.log("nb_attackers are : %s" % log_nb_attackers)
common.log("nb_victims are : %s" % nb_victims)
try:
print "You can stop me anytime by pressing ^C"
for i in range(count):
common.log("### COUNT %d ###" % count)
for nb_victim in nb_victims:
common.log("##### Nb victims %d " % nb_victim)
vic = victims[:nb_victim]
for mode in modes: