PageRenderTime 67ms CodeModel.GetById 16ms app.highlight 25ms RepoModel.GetById 20ms app.codeStats 0ms

/src/honeynet_web/packetAnalysis/analyzers/dos.py

https://bitbucket.org/cpdean/pig
Python | 49 lines | 17 code | 5 blank | 27 comment | 5 complexity | ad24fe8d9cf55286da82c1fd609412d9 MD5 | raw file
Possible License(s): Apache-2.0, LGPL-2.1
 1"""
 2analyzers.py
 3
 4Basic file for defining the different attack profiles
 5Functions to use are:
 6- addPrelimNode() :: adds a Node at the PRELIM threat level
 7    @return - The integer index of the added node
 8- addThreatNode() :: adds a Node at the THREAT threat level
 9    @return - The integer index of the added node
10- addTransition(src, dest, score, triggers) :: adds a scored transition between
11  the src and dest nodes
12    @param src - Integer index of the Node to transition from
13    @param dest - Integer index of the Node to transition to
14    @param score - Numerical attack score to be assigned to the transition
15    @param triggers - List of boolean functions to be satisfied in order to
16        make the transition
17
18"""
19from attackanalyzer import AttackAnalyzer
20
21class DOSAnalyzer(AttackAnalyzer):
22
23    attackType = 'dos'
24
25    def addAttackProfile(self):
26	'''A standard DoS attack shall be a connection that sends more than
27             200 packets over one second.
28	'''
29        funct = lambda x: True
30        for i in range(1000):
31            self.addPrelimNode(1.1)
32            self.addTransition(i, i+1, 1, [funct])
33        threat = self.addThreatNode(5.1)
34        self.addTransition(i+1, threat, 1, [funct])
35        self.addTransition(threat, threat, 1, [funct])
36
37	'''A fraggle attack utilizes the random character generation TCP port
38	     and the Echo port to cause an endless loop.
39	'''
40	charGenPort = 19
41        fraggle = lambda x: x.source_port == charGenPort or \
42		            x.destination_port == charGenPort
43        self.addTransition(0, threat, 100, [fraggle])
44
45	'''A land attack spoofs the victim's IP as the source and dest, 
46     	     causing the machine to try to open a connection with itself.
47	'''
48        land = lambda x: x.source_ip == x.destination_ip
49        self.addTransition(0, threat, 150, [land])