示例#1
0
文件: naive.py 项目: driquet/dsbench
    def run(self):
        """ Run the experiment """
        common.log("Main")
        fw_proxy = self.proxy_firewalls[self.firewalls[0]]

        # Starting alert timer at the firewall
        time.sleep(1.5)
        fw_proxy.run("/etc/init.d/snort restart")
        time.sleep(1.5)
        fw_proxy.run(constant.fw_cmd)
        common.log("  >> [Firewall : %s:%d] %s" % (self.firewalls[0][0], self.firewalls[0][1], constant.fw_cmd))

        for timing in self.timings:

            common.log("Naive Algorithm")
            common.log("  %d attackers" % len(self.attackers))
            common.log("  %d victims" % len(self.victims))

            common.log("")
            common.log(">> Timing %s" % timing)
            for option, type in self.types:
                common.log("")
                common.log("")
                common.log("  >> Type %s" % type)

                # Building command(s)
                subparts = self.generate(self.victims, constant.mostusedports)
                random.shuffle(subparts)
                common.log("  >> Generating %d subparts" % len(subparts))

                remotes = list(self.attackers)

                nb_detected = 0
                i_subpart = 0
                i_remote = 0
                for remote in remotes:

                    # Connecting to the remote host
                    remote_proxy = self.proxy_attackers[remote]

                    undetected = True
                    while undetected:

                        if i_subpart == len(subparts):
                            break

                        subpart = subparts[i_subpart]
                        i_subpart += 1

                        # Creating the command
                        cmd = common.convert(subpart, option, timing)
                        common.log(
                            "    >> [Remote : %s:%d][Subpart : %s - %d/%d][Remote %d/%d]"
                            % (remote[0], remote[1], cmd, i_subpart, len(subparts), i_remote, len(remotes))
                        )

                        remote_proxy.run(cmd)
                        sys.stdout.write("[%s]     << Waiting : " % (time.ctime()))
                        sys.stdout.flush()

                        while True:
                            status = remote_proxy.poll()
                            if not status:
                                status = fw_proxy.pollfw()
                                if status != None and status != False:
                                    undetected = False
                                else:
                                    undetected = True
                                break

                            status = fw_proxy.pollfw()
                            if status != None and status != False:
                                undetected = False
                                remote_proxy.kill()
                                break

                            sys.stdout.write(".")
                            sys.stdout.flush()
                            common.timing_sleep(timing)

                        str = "Undetected"
                        if not undetected:
                            str = "Detected"
                            fw_proxy.kill()
                            fw_proxy.run(constant.fw_cmd)
                            time.sleep(0.5)
                        sys.stdout.write(" >> %s\n" % str)
                        sys.stdout.flush()

                    if not undetected:
                        nb_detected += 1
                    i_remote += 1

                    # Log time

                    if i_remote in self.log_nb_attackers:
                        percentage = float(i_subpart) / len(subparts) * 100
                        message = "%s - [Remotes detected : %d/%d][Scan accomplished : %.2f%%]" % (
                            str,
                            i_remote,
                            len(remotes),
                            percentage,
                        )
                        common.log(message)
                        common.logtype(type, timing, message, percentage, "naive", self.logdir, "../log/", i_remote)

                    if i_subpart == len(subparts):
                        # Scan has finished
                        percentage = 100
                        message = "%s - [Remotes detected : %d/%d][Scan accomplished : %.2f%%]" % (
                            str,
                            i_remote,
                            len(remotes),
                            percentage,
                        )
                        for i in self.log_nb_attackers:
                            if i > i_remote:
                                common.log(message)
                                common.logtype(type, timing, message, percentage, "naive", self.logdir, "../log/", i)
                        break

                common.log("  << Type %s" % type)
            common.log("<< Timing %s" % timing)
示例#2
0
    def run(self):
        """ Run the experiment """
        common.log("Main")
        fw_proxy = self.proxy_firewalls[self.firewalls[0]]


        # Starting alert timer at the firewall
        for timing in self.timings:
            for nb_attackers in self.log_nb_attackers:
                attackers = self.attackers[:nb_attackers]
                common.log("")
                common.log(">> Timing %s" % timing)
                for option, type in self.types :
                    for j in range(1,4):
                        common.log("")
                        common.log("")
                        #common.log("Restarting snort")
                        #fw_proxy.run("/etc/init.d/snort stop")
                        #fw_proxy.run("/etc/init.d/snort start")
                        fw_proxy.run(constant.fw_cmd)
                        common.log("  >> [Firewall : %s:%d] %s" % (self.firewalls[0][0], self.firewalls[0][1], constant.fw_cmd))
                        time.sleep(4)

                        common.log("")
                        common.log("  >> Type %s" % type)

                        # Building command(s)
                        subparts = self.generate(self.victims, constant.mostusedports, len(attackers))
                        random.shuffle(subparts)
                        common.log("  >> Generating %d subparts" % len(subparts))


                        nb_detected = 0
                        i_remote = 0

                        subpartsperremotes = len(subparts) / len(attackers)

                        # Dispatching commands
                        commands = {}
                        for remote in attackers:
                            commands[remote] = []
                            for i in range(i_remote * subpartsperremotes, (i_remote + 1) * subpartsperremotes):
                                command = common.convert(subparts[i], option, timing)
                                commands[remote].append(command)
                            i_remote += 1

                        if len(subparts) % len(attackers) != 0:
                            i_remote = 0
                            for i in range(i_remote * subpartsperremotes + 1, len(attackers)):
                                command = common.convert(subparts[i], option, timing)
                                commands[attackers[i_remote]].append(command)
                                i_remote += 1


                        i_remote = 0

                        # Loading scan on all remotes
                        for remote in attackers:
                            # Connecting to the remote host
                            i_remote += 1
                            remote_proxy = self.proxy_attackers[remote]
                            remote_commands = commands[remote]

                            common.log("    >> LOADING [Remote : %s:%d][Nb Subparts :  %d/%d][Remote %d/%d]"
                                    % (remote[0], remote[1], len(remote_commands), len(subparts), i_remote, len(attackers)))

                            # Sending command
                            remote_proxy.loadmultiple(remote_commands)

                            # Sending command
                            remote_proxy.runmultiple()
                            common.log("    >> RUN     [Remote : %s:%d][Nb Subparts :  %d/%d][Remote %d/%d]"
                                    % (remote[0], remote[1], len(remote_commands), len(subparts), i_remote, len(attackers)))


                        common.log("    >> Monitoring")
                        time.sleep(0.5)

                        # Monitoring remotes
                        remotes = list(attackers)
                        common.log("        << Waitings scans to be finished >>")
                        while len(remotes) != 0:
                            for remote in remotes:
                                remote_proxy = self.proxy_attackers[remote]
                                try:
                                    if not remote_proxy.poll():
                                        remotes.remove(remote)
                                        common.log("          => Scan finished for remote %s" % remote[0])
                                except:
                                    pass
                        common.log("        << Scans are finished >>")

                        time.sleep(0.5)
                        # Monitoring firewall state
                        common.log("        << Asking firewall state >>")
                        remotes_percentage = dict([remote[0], [False, 100]] for remote in attackers)
                        # Fetching timestamps
                        # Fetching detected scanners list
                        detected = fw_proxy.pollfw()

                        percentage = 100
                        if detected != None and detected != False:
                            percentage = 0
                            for ip, timestamp in detected[1]:
                                if ip in remotes_percentage and not remotes_percentage[ip][0]:
                                    nb_detected += 1
                                    remotes_percentage[ip][0] = True

                                    # Compute remote percentage
                                    remote_percentage = 0
                                    remote_proxy = self.proxy_attackers[(ip,8000)]
                                    detection_timestamp = float(timestamp)
                                    remote_timestamps = remote_proxy.gettimestamps()
                                    for remote_timestamp in remote_timestamps:                                
                                        if len(remote_timestamp) == 1:
                                            remote_timestamp.append(time.time())
                                        remote_duration = remote_timestamp[1] - remote_timestamp[0]
                                        remote_detection = detection_timestamp - remote_timestamp[0]
                                        remote_percentage += max(0, float(remote_detection) / remote_duration)
                                    remote_percentage /= len(remote_timestamps)
                                    remote_percentage *= 100
                                    remote_percentage = min(remote_percentage,100)
                                    percentage += remote_percentage

                                    common.log("    /!\ Scanner detected : IP %s - Stopped at %.2f%% " % (ip, remote_percentage))
                            percentage += (len(attackers) - nb_detected) * 100
                            percentage /= len(attackers)


                        message = "Scan accomplished [%.2f%%] - [detected %d/%d]" % (percentage, nb_detected, len(attackers)) 

                        common.logtype(type, timing, message, percentage, 'parallel', self.logdir, '../log/', len(attackers))
                        message = "%s - [Scan accomplished : %.2f%%]" % (message, percentage)
                        common.log(message)




                    fw_proxy.kill()
                    common.log("  << Type %s" % type)
                common.log("<< Timing %s" % timing)
示例#3
0
文件: dnmap.py 项目: driquet/dsbench
    if (
        len(attackers) == 0
        or len(victims) == 0
        or len(timings) == 0
        or len(modes) == 0
        or len(types) == 0
        or len(firewalls) == 0
        or len(nb_victims) == 0
        or len(log_nb_attackers) == 0
    ):
        usage(sys.argv[0])
        sys.exit()

    log_nb_attackers.sort()

    common.log("Attackers are : %s" % attackers)
    common.log("Victims are   : %s" % victims)
    common.log("Timings are   : %s" % timings)
    common.log("Modes are     : %s" % modes)
    common.log("nb_attackers are     : %s" % log_nb_attackers)
    common.log("nb_victims are     : %s" % nb_victims)

    try:
        print "You can stop me anytime by pressing ^C"

        for i in range(count):
            common.log("### COUNT %d ###" % count)
            for nb_victim in nb_victims:
                common.log("##### Nb victims %d " % nb_victim)
                vic = victims[:nb_victim]
                for mode in modes: