def rest_conn_Ip(out_lck, proto, porta, nconn): cmd = "iptables -A INPUT -p " + proto + " --syn --dport " + porta + " -m connlimit --connlimit-above " + nconn + " -j REJECT" cmd1 = "iptables -A REJECT -j LOG --log-prefix " '[Drop_Packet]' " --log-level 4" failed = os.system(cmd) failed1 = os.system(cmd1) if not (failed and failed1): output(out_lck, "\nApplied rules:") output(out_lck, cmd) output(out_lck, cmd1) else: output(out_lck, "Rules not applied") output(out_lck, "\n")
def corrupt(out_lck, dev, num, num2): cmd = "tc qdisc add dev " + dev + " root netem corrupt " + num + "% duplicate " + num2 + "%" failed = os.system(cmd) if not (failed): output(out_lck, "\nApplied rules:") output(out_lck, cmd) else: output(out_lck, "Rules not applied") output(out_lck, "\n")
def delay2(out_lck, dev, num, num2): cmd = "tc qdisc add dev " + dev + " root netem delay " + num + "ms " + num2 + "ms 25%" failed = os.system(cmd) if not (failed): output(out_lck, "\nApplied rules:") output(out_lck, cmd) else: output(out_lck, "Rules not applied") output(out_lck, "\n")
def duplicate(out_lck, dev, n): cmd = "tc qdisc add dev " + dev + " root netem duplicate " + n + "%" failed = os.system(cmd) if not (failed): output(out_lck, "\nApplied rules:") output(out_lck, cmd) else: output(out_lck, "Rules not applied") output(out_lck, "\n")
def set_MARK(out_lck, mark): cmd = "iptables -t mangle -A POSTROUTING -j MARK --set-mark " + mark failed = os.system(cmd) if not failed: output(out_lck, "\nApplied rules:") output(out_lck, cmd) else: output(out_lck, "Rules not applied") output(out_lck, "\n")
def reordering(out_lck, dev, probability, gap, delay): cmd = "tc qdisc add dev " + dev + " root netem delay " + delay + "ms reorder " + probability + " gap " + gap failed = os.system(cmd) if not (failed): output(out_lck, "\nApplied rules:") output(out_lck, cmd) else: output(out_lck, "Rules not applied") output(out_lck, "\n")
def lim_risp_ping(out_lck): cmd = "iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 4/minute --limit-burst 3 -j ACCEPT" #cmd1 = "iptables -A INPUT -p icmp -j DROP" failed = os.system(cmd) #failed2 = os.system(cmd1) if not (failed): output(out_lck, "\nApplied rules:") output(out_lck, cmd) #output(out_lck, cmd1) else: output(out_lck, "Rules not applied") output(out_lck, "\n")
def connect(self): #Socket TCP if str(self.protocol) == "TCP": for i in range(0, 10): _socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) _socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) try: _socket.connect((self.host, self.port)) message = bytes( self.my_ip + ": Sicurezza, Progettazione e Laboratorio Internet, number " + str(i), encoding="utf8") _socket.sendall(message) except _socket.error as msg: helpers.output(self.out_lck, str(msg)) _socket.close() helpers.output(self.out_lck, "Done!") #Socket Datagram elif str(self.protocol) == "UDP": for i in range(0, 10): _socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) _socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) try: _socket.connect((self.host, self.port)) message = bytes( self.my_ip + ": Sicurezza, Progettazione e Laboratorio Internet, number " + str(i), encoding="utf8") _socket.sendall(message) helpers.output(self.out_lck, "%d" % i) except _socket.error as msg: helpers.output(self.out_lck, str(msg)) _socket.close() else: #errori exit()
def port_forw(out_lck, proto, ip1, port, port2): cmd = "iptables -t nat -A PREROUTING -p " + proto + " -d " + ip1 + " --dport " + str( port) + " -j DNAT --to " + ip1 + ":" + str(port2) cmd1 = "iptables -A DNAT -j LOG --log-prefix " '[Redirect_Packet]' " --log-level 4" # in teoria non servono #cmd1 = "iptables -A INPUT -i " + interf + " -p " + proto + " --dport " + port + " -m state --state NEW,ESTABLISHED -j ACCEPT" #cmd2 = "iptables -A OUTPUT -o " + interf + " -p " + proto + " --sport " + port + " -m state --state ESTABLISHED -j ACCEPT" failed = os.system(cmd) failed1 = os.system(cmd1) #failed1 = os.system(cmd1) #failed2 = os.system(cmd2) #if not (failed and failed1 and failed2): if not (failed and failed1): output(out_lck, "\nApplied rules:") output(out_lck, cmd) output(out_lck, cmd1) #output(out_lck, cmd1) #output(out_lck, cmd2) else: output(out_lck, "Rules not applied") output(out_lck, "\n")
def set_TTL(out_lck, ip_sorg, ip_dest, ttl): cmd = "iptables -t mangle -A FORWARD -s " + ip_sorg + " -d " + ip_dest + " -j TTL --ttl-set " + ttl cmd1 = "iptables -t nat -N PRELOG" cmd2 = "iptables -t nat -A PREROUTING -s " + ip_sorg + " -d " + ip_dest + " -j PRELOG" cmd3 = "iptables -t nat -A PRELOG -j LOG --log-prefix " '[Pre_Mangle]' " --log-level 4" cmd4 = "iptables -t nat -A PRELOG -j ACCEPT" cmd5 = "iptables -t nat -N POSTLOG" cmd6 = "iptables -t nat -A POSTROUTING -s " + ip_sorg + " -d " + ip_dest + " -j POSTLOG" cmd7 = "iptables -t nat -A POSTLOG -j LOG --log-prefix " '[Post_Mangle]' " --log-level 4" cmd8 = "iptables -t nat -A POSTLOG -j ACCEPT" failed = os.system(cmd) failed1 = os.system(cmd1) failed2 = os.system(cmd2) failed3 = os.system(cmd3) failed4 = os.system(cmd4) failed5 = os.system(cmd5) failed6 = os.system(cmd6) failed7 = os.system(cmd7) failed8 = os.system(cmd8) if not (failed and failed1 and failed2 and failed3 and failed4 and failed5 and failed6 and failed7 and failed8): output(out_lck, "\nApplied rules:") output(out_lck, cmd) output(out_lck, cmd1) output(out_lck, cmd2) output(out_lck, cmd3) output(out_lck, cmd4) output(out_lck, cmd5) output(out_lck, cmd6) output(out_lck, cmd7) output(out_lck, cmd8) else: output(out_lck, "Rules not applied") output(out_lck, "\n")
def flush_tables(out_lck): cmd = "iptables -X" cmd1 = "iptables -F" cmd2 = "iptables -t nat -X" cmd3 = "iptables -t nat -F" cmd4 = "iptables -t mangle -X" cmd5 = "iptables -t mangle -F" failed = os.system(cmd) failed1 = os.system(cmd1) failed2 = os.system(cmd2) failed3 = os.system(cmd3) failed4 = os.system(cmd4) failed5 = os.system(cmd5) if not (failed and failed1 and failed2 and failed3 and failed4 and failed5): output(out_lck, "\nApplied rules:") output(out_lck, cmd) output(out_lck, cmd1) output(out_lck, cmd2) output(out_lck, cmd3) output(out_lck, cmd4) output(out_lck, cmd5) else: output(out_lck, "Rules not applied") output(out_lck, "\n")
def redirection(out_lck, ipdest, iplocal, proto, port): cmd1 = "iptables -t nat -N PRELOG" cmd2 = "iptables -t nat -A PREROUTING -d " + iplocal + " -p " + proto + " -m " + proto + " --dport " + port + " -j PRELOG" cmd3 = "iptables -t nat -A PRELOG -j LOG --log-prefix " '[Pre_Redirect]' " --log-level 4" cmd4 = "iptables -t nat -A PRELOG -j DNAT --to-destination " + ipdest cmd5 = "iptables -N POSTLOG" cmd6 = "iptables -A FORWARD -d " + ipdest + " -p " + proto + " -m " + proto + " --dport " + port + " -j POSTLOG" cmd7 = "iptables -A POSTLOG -j LOG --log-prefix " '[Post_Redirect]' " --log-level 4" #cmd8 = "iptables -A POSTLOG -j ACCEPT" #cmd5 = "iptables -t nat -A POSTROUTING -j MASQUERADE" #failed = os.system(cmd) failed1 = os.system(cmd1) failed2 = os.system(cmd2) failed3 = os.system(cmd3) failed4 = os.system(cmd4) failed5 = os.system(cmd5) failed6 = os.system(cmd6) failed7 = os.system(cmd7) #failed8 = os.system(cmd8) #failed5 = os.system(cmd5) #os.system(cmd2) if not (failed1 and failed2 and failed3 and failed4 and failed5 and failed6 and failed7): output(out_lck, "\nApplied rules:") output(out_lck, cmd1) output(out_lck, cmd2) output(out_lck, cmd3) output(out_lck, cmd4) output(out_lck, cmd5) output(out_lck, cmd6) output(out_lck, cmd7) #output(out_lck, cmd8) else: output(out_lck, "Rules not applied") output(out_lck, "\n")
def listen(self): if str(self.protocol) == "TCP": #Ascolto socket TCP self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) try: self.socket.bind( ('', self.port)) # inizializzazione della connessione self.socket.listen(100) helpers.output(self.out_lck, "Listening on port %s" % (self.port)) conn, addr = self.socket.accept() size = 1024 data = conn.recv(size) while len(data) > 0: helpers.output(self.out_lck, "Received: %s" % data) data = conn.recv(size) except socket.error as msg: helpers.output(self.out_lck, str(msg)) #Ascolto socket UDP elif str(self.protocol) == "UDP": _socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) _socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) try: _socket.bind( ("", self.port)) # inizializzazione della connessione helpers.output(self.out_lck, "Listening on port %s" % (self.port)) while True: data, address = _socket.recvfrom(1024) helpers.output(self.out_lck, "Received: %s" % data) except socket.error as msg: helpers.output(self.out_lck, str(msg)) else: #errori exit()
def block_output(out_lck, dip, dport, protocol): # cmd = "iptables -A OUTPUT -p " + protocol + " -d " + dip + " --dport " + dport + " -j DROP" # failed = os.system(cmd) # if not failed: # output(out_lck, "\nApplied rules:") # output(out_lck, cmd) # else: # output(out_lck, "Rules not applied") # # output(out_lck, "\n") cmd = "iptables -N LOGGING" cmd1 = "iptables -A OUTPUT -p " + protocol + " -d " + dip + " --dport " + dport + " -j LOGGING" cmd2 = "iptables -A LOGGING -j LOG --log-prefix " '[Drop_Packet]' " --log-level 4" cmd3 = "iptables -A LOGGING -j DROP" failed = os.system(cmd) failed1 = os.system(cmd1) failed2 = os.system(cmd2) failed3 = os.system(cmd3) if not (failed and failed1 and failed2 and failed3): output(out_lck, "\nApplied rules:") output(out_lck, cmd) output(out_lck, cmd1) output(out_lck, cmd2) output(out_lck, cmd3) else: output(out_lck, "Rules not applied") output(out_lck, "\n")
def block_sel_port(out_lck, interface, proto, ip, porta): cmd = "iptables -N LOGGING" cmd1 = "iptables -A FORWARD -i " + interface + " -p " + proto + " -s " + ip + " --dport " + porta + " -j LOGGING" cmd2 = "iptables -A LOGGING -j LOG --log-prefix " '[Drop_Packet]' " --log-level 4" cmd3 = "iptables -A LOGGING -j DROP" failed = os.system(cmd) failed1 = os.system(cmd1) failed2 = os.system(cmd2) failed3 = os.system(cmd3) if not (failed and failed1 and failed2 and failed3): output(out_lck, "\nApplied rules:") output(out_lck, cmd) output(out_lck, cmd1) output(out_lck, cmd2) output(out_lck, cmd3) else: output(out_lck, "Rules not applied") output(out_lck, "\n")
def receive(self): PORT = 8000 Handler = http.server.SimpleHTTPRequestHandler httpd = socketserver.TCPServer(("", PORT), Handler) helpers.output(self.out_lck, "serving at port: ", PORT) httpd.serve_forever()
def show_tables(out_lck): cmd = "iptables -L" cmd1 = "iptables -t nat -L" cmd2 = "iptables -t mangle -L" output(out_lck, "\n----------------------- MAIN TABLE -----------------------\n") os.system(cmd) output(out_lck, "\n----------------------------------------------------------\n") output(out_lck, "\n----------------------- NAT TABLE ------------------------\n") os.system(cmd1) output(out_lck, "\n----------------------------------------------------------\n") output(out_lck, "\n---------------------- MANGLE TABLE ----------------------\n") os.system(cmd2) output(out_lck, "\n----------------------------------------------------------\n") output(out_lck, "\n")
def show_tc(out_lck): cmd = "tc -s qdisc" os.system(cmd) output(out_lck, "\n")
import threading import sys from helpers.helpers import output from helpers.connection import Connection from helpers import config from helpers.helpers import loop_menu import subprocess from helpers import rules if __name__ == "__main__": out_lck = threading.Lock() output(out_lck, "Insert your IP: ") ip = None while ip is None: try: ip = input() except SyntaxError: ip = None if ip is None: output(out_lck, "Please insert your IP number") else: my_ip = config._base + ip output(out_lck, "Source IP: " + my_ip) while True: # Main Menu #output(out_lck, "Insert your IP: ") main_menu = loop_menu(out_lck, "action", [
def flush_tc(out_lck): cmd = "tc qdisc del dev enp5s8 root" cmd1 = "tc qdisc del dev wlp2s0 root" cmd2 = "iptables -t mangle -F" failed = os.system(cmd) failed1 = os.system(cmd1) failed2 = os.system(cmd2) if not (failed and failed1 and failed2): output(out_lck, "\nApplied rules:") output(out_lck, cmd) output(out_lck, cmd1) output(out_lck, cmd2) else: output(out_lck, "Rules not applied") output(out_lck, "\n")
def limit_bitrate(out_lck, dev, dest, band, mark, classid): cmd = "tc qdisc add dev " + dev + " handle 1: root htb" cmd1 = "tc class add dev " + dev + " parent 1: classid 1:" + classid + " htb rate 100Mbps" cmd2 = "tc class add dev " + dev + " parent 1:" + classid + " classid 1:" + mark + " htb rate " + band + "kbps ceil " + band + "kbps prio 1" cmd3 = "tc filter add dev " + dev + " parent 1:0 prio 1 protocol ip handle " + mark + " fw flowid 1:" + mark cmd4 = "iptables -A POSTROUTING -t mangle -d " + dest + " -p tcp -j MARK --set-mark " + mark failed = os.system(cmd) failed1 = os.system(cmd1) failed2 = os.system(cmd2) failed3 = os.system(cmd3) failed4 = os.system(cmd4) if not (failed and failed1 and failed2 and failed3 and failed4): output(out_lck, "\nApplied rules:") output(out_lck, cmd) output(out_lck, cmd1) output(out_lck, cmd2) output(out_lck, cmd3) output(out_lck, cmd4) else: output(out_lck, "Rules not applied") output(out_lck, "\n")
def block_proto(out_lck, proto): cmd = "iptables -N LOGGING" cmd1 = "iptables -A FORWARD -p " + proto + " -s 0/0 -d 0/0 -j LOGGING" cmd2 = "iptables -A LOGGING -j LOG --log-prefix " '[Drop_Packet]' " --log-level 4" cmd3 = "iptables -A LOGGING -j DROP" failed = os.system(cmd) failed1 = os.system(cmd1) failed2 = os.system(cmd2) failed3 = os.system(cmd3) if not (failed and failed1 and failed2 and failed3): output(out_lck, "\nApplied rules:") output(out_lck, cmd) output(out_lck, cmd1) output(out_lck, cmd2) output(out_lck, cmd3) else: output(out_lck, "Rules not applied") output(out_lck, "\n")
import sys import os from helpers.helpers import output from helpers.connection import Connection from helpers import config from helpers.helpers import loop_menu #import iptc #Daniele: potrebbe servire in un secondo momento... from helpers import rules from helpers import server import subprocess import os if __name__ == "__main__": out_lck = threading.Lock() output(out_lck, "Insert your IP: ") ip = None while ip is None: try: ip = input() except SyntaxError: ip = None if ip is None: output(out_lck, "Please insert your IP number") else: my_ip = config._base + ip output(out_lck, "Source IP: " + my_ip) #my_ip = config._base + "1.254" while True: # Main Menu