From b0aa60ffe709b023ad698cfa1dc96f523980e24d Mon Sep 17 00:00:00 2001 From: Samuel Kopmann Date: Wed, 8 Feb 2023 09:41:12 +0000 Subject: [PATCH 1/3] Add parameter for port scan duration. Enable stealth scans with random destination ports with short duration. --- code/Attack/PortscanAttack.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/code/Attack/PortscanAttack.py b/code/Attack/PortscanAttack.py index 0b7b283b..bb08df98 100755 --- a/code/Attack/PortscanAttack.py +++ b/code/Attack/PortscanAttack.py @@ -22,6 +22,7 @@ class PortscanAttack(BaseAttack.BaseAttack): PORT_DEST_ORDER_DESC = 'port.dst.order-desc' IP_SOURCE_RANDOMIZE = 'ip.src.shuffle' PORT_SOURCE_RANDOMIZE = 'port.src.shuffle' + SCAN_DURATION = "scan.duration" def __init__(self): """ @@ -45,7 +46,8 @@ def __init__(self): Parameter(self.PORT_DEST_ORDER_DESC, Boolean()), Parameter(self.IP_SOURCE_RANDOMIZE, Boolean()), Parameter(self.PACKETS_PER_SECOND, Float()), - Parameter(self.PORT_SOURCE_RANDOMIZE, Boolean()) + Parameter(self.PORT_SOURCE_RANDOMIZE, Boolean()), + Parameter(self.SCAN_DURATION, Float()), ]) def init_param(self, param: str) -> bool: @@ -95,6 +97,8 @@ def init_param(self, param: str) -> bool: value = rnd.randint(0, self.statistics.get_packet_count()) if value is None: return False + if value == self.SCAN_DURATION: + value = 60.0 return self.add_param_value(param, value) def generate_attack_packets(self): @@ -246,6 +250,9 @@ def generate_attack_packets(self): self.timestamp_controller.set_timestamp(timestamp_next_pkt) timestamp_next_pkt = self.timestamp_controller.next_timestamp() + if timestamp_next_pkt > (self.timestamp_controller.first_timestamp + self.get_param_value(self.SCAN_DURATION)): + break + def generate_attack_pcap(self): """ Creates a pcap containing the attack packets. From 3f842e9a639bd1ef76af5e3dbac88b86818b1800 Mon Sep 17 00:00:00 2001 From: Samuel Kopmann Date: Wed, 8 Feb 2023 11:46:59 +0000 Subject: [PATCH 2/3] Fix port scan duration if parameter not given. --- code/Attack/PortscanAttack.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/code/Attack/PortscanAttack.py b/code/Attack/PortscanAttack.py index bb08df98..d2afca31 100755 --- a/code/Attack/PortscanAttack.py +++ b/code/Attack/PortscanAttack.py @@ -98,7 +98,7 @@ def init_param(self, param: str) -> bool: if value is None: return False if value == self.SCAN_DURATION: - value = 60.0 + value = 0.0 return self.add_param_value(param, value) def generate_attack_packets(self): @@ -250,7 +250,10 @@ def generate_attack_packets(self): self.timestamp_controller.set_timestamp(timestamp_next_pkt) timestamp_next_pkt = self.timestamp_controller.next_timestamp() - if timestamp_next_pkt > (self.timestamp_controller.first_timestamp + self.get_param_value(self.SCAN_DURATION)): + duration = self.get_param_value(self.SCAN_DURATION) + last_timestamp = self.timestamp_controller.first_timestamp + self.get_param_value(self.SCAN_DURATION) + + if duration > 0 and timestamp_next_pkt > last_timestamp: break def generate_attack_pcap(self): From 7112c338b5b86ba42be4581bfe9cfc52f9398067 Mon Sep 17 00:00:00 2001 From: Samuel Kopmann Date: Wed, 8 Feb 2023 11:47:58 +0000 Subject: [PATCH 3/3] Refactoring --- code/Attack/PortscanAttack.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code/Attack/PortscanAttack.py b/code/Attack/PortscanAttack.py index d2afca31..f067a75a 100755 --- a/code/Attack/PortscanAttack.py +++ b/code/Attack/PortscanAttack.py @@ -251,8 +251,8 @@ def generate_attack_packets(self): timestamp_next_pkt = self.timestamp_controller.next_timestamp() duration = self.get_param_value(self.SCAN_DURATION) - last_timestamp = self.timestamp_controller.first_timestamp + self.get_param_value(self.SCAN_DURATION) - + last_timestamp = self.timestamp_controller.first_timestamp + duration + if duration > 0 and timestamp_next_pkt > last_timestamp: break