/src/honeynet_web/packetAnalysis/analyzers/dos.py
Python | 49 lines | 17 code | 5 blank | 27 comment | 5 complexity | ad24fe8d9cf55286da82c1fd609412d9 MD5 | raw file
Possible License(s): Apache-2.0, LGPL-2.1
1"""
2analyzers.py
3
4Basic file for defining the different attack profiles
5Functions to use are:
6- addPrelimNode() :: adds a Node at the PRELIM threat level
7 @return - The integer index of the added node
8- addThreatNode() :: adds a Node at the THREAT threat level
9 @return - The integer index of the added node
10- addTransition(src, dest, score, triggers) :: adds a scored transition between
11 the src and dest nodes
12 @param src - Integer index of the Node to transition from
13 @param dest - Integer index of the Node to transition to
14 @param score - Numerical attack score to be assigned to the transition
15 @param triggers - List of boolean functions to be satisfied in order to
16 make the transition
17
18"""
19from attackanalyzer import AttackAnalyzer
20
21class DOSAnalyzer(AttackAnalyzer):
22
23 attackType = 'dos'
24
25 def addAttackProfile(self):
26 '''A standard DoS attack shall be a connection that sends more than
27 200 packets over one second.
28 '''
29 funct = lambda x: True
30 for i in range(1000):
31 self.addPrelimNode(1.1)
32 self.addTransition(i, i+1, 1, [funct])
33 threat = self.addThreatNode(5.1)
34 self.addTransition(i+1, threat, 1, [funct])
35 self.addTransition(threat, threat, 1, [funct])
36
37 '''A fraggle attack utilizes the random character generation TCP port
38 and the Echo port to cause an endless loop.
39 '''
40 charGenPort = 19
41 fraggle = lambda x: x.source_port == charGenPort or \
42 x.destination_port == charGenPort
43 self.addTransition(0, threat, 100, [fraggle])
44
45 '''A land attack spoofs the victim's IP as the source and dest,
46 causing the machine to try to open a connection with itself.
47 '''
48 land = lambda x: x.source_ip == x.destination_ip
49 self.addTransition(0, threat, 150, [land])