Created
April 4, 2019 21:35
-
-
Save adriansr/d96201f68c4aa95bc5f85e73579c8aa1 to your computer and use it in GitHub Desktop.
Random log generator for iptables module
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import random as rnd | |
| import re | |
| import sys | |
| random_ips = set() | |
| ips = {} | |
| doc_ips = [[192, 0, 2], [198, 51, 100], [203, 0, 113]] | |
| known_prefixes = set([ '.'.join([str(y) for y in x ]) for x in [ | |
| [0], | |
| [10], | |
| [127], | |
| [169, 254], | |
| [192, 0, 0], | |
| [192, 88, 99], | |
| [192, 168], | |
| [198, 18], | |
| [198, 19], | |
| ] + [ [100, x] for x in range(64, 128) ] | |
| + [ [172, x] for x in range(16, 32) ] | |
| + [ [x] for x in range(224,256) ] | |
| + doc_ips]) | |
| NET_IPV4 = '08:00' | |
| NET_IPV6 = '86:dd' | |
| decide_net = [(0.8, NET_IPV4, NET_IPV6) ] | |
| PROTO_TCP = 'TCP' | |
| PROTO_UDP = 'UDP' | |
| PROTO_ICMP = 'ICMP' | |
| PROTO_ICMP6 = 'ICMPv6' | |
| decide_proto = [ (0.9, PROTO_TCP, PROTO_UDP), (0.3, PROTO_UDP, PROTO_ICMP) ] | |
| decide_icmp = [ (.5, 0, 8), (.8, 3, 9) ] | |
| decide_icmp6 = [(0.75, 1, 2)] | |
| def decide(chances): | |
| itm = rnd.choice(chances) | |
| return itm[1] if rnd.random() <= itm[0] else itm[2] | |
| def random_ip_make_prefix(prefix): | |
| return '.'.join([str(y) for y in (prefix + [ord(x) for x in os.urandom(4 - len(prefix))])]) | |
| def random_ip_make(parts): | |
| for i in range(1,4): | |
| if '.'.join([str(x) for x in parts[:i]]) in known_prefixes: | |
| return random_ip_make_prefix(parts[:i]) | |
| return random_ip_make_prefix(doc_ips[ord(os.urandom(1)) % len(doc_ips)]) | |
| def random_mac(): | |
| return ':'.join([ '{0:02x}'.format(ord(c)) for c in os.urandom(6) ]) | |
| def random_ip(parts): | |
| return random_ip_make_prefix(parts) | |
| def random_ipv6(): | |
| return ':'.join([ '{0:04x}'.format(rnd.randint(0, 65535)) for i in range(0,8) ]) | |
| for i in range(100000): | |
| ethertype = decide(decide_net) | |
| proto = decide(decide_proto) | |
| if ethertype == NET_IPV6 and proto == PROTO_ICMP: | |
| proto = PROTO_ICMP6 | |
| mac='MAC={0}:{1}:{2}'.format(random_mac(), random_mac(), ethertype) | |
| s = [] | |
| if ethertype == NET_IPV6 or rnd.random() < 0.92: | |
| a = 'A' | |
| else: | |
| a = 'D' | |
| if rnd.random() < 0.4: | |
| s = [158, 109] | |
| if proto == PROTO_ICMP: | |
| rest = 'PROTO=ICMP TYPE={0} CODE={1}'.format( | |
| decide(decide_icmp), | |
| 0 | |
| ) | |
| elif proto == PROTO_ICMP6: | |
| # PROTO=ICMPv6 TYPE=128 CODE=0 ID=3427 SEQ=4 | |
| rest = 'PROTO=ICMPv6 TYPE={0} CODE=0 ID=1234 SEQ=4'.format( | |
| decide(decide_icmp6) | |
| ) | |
| elif proto == PROTO_TCP: | |
| # PROTO=TCP SPT=43189 DPT=443 WINDOW=159 RES=0x00 ACK PSH URGP=0 | |
| rest = 'PROTO=TCP SPT={0} DPT={1} WINDOW=128 RES=0x00 ACK PSH URGP=0'.format( | |
| rnd.randint(1024, 65535), | |
| rnd.randint(1024, 65535) | |
| ) | |
| elif proto == PROTO_UDP: | |
| # PROTO=UDP SPT=48689 DPT=48689 LEN=520 | |
| rest = 'PROTO=UDP SPT={0} DPT={1} LEN=520'.format( | |
| rnd.randint(1024, 65535), | |
| rnd.randint(1024, 65535) | |
| ) | |
| else: | |
| raise Exception('wat?') | |
| if ethertype == NET_IPV4: | |
| ipfields = 'SRC={0} DST={1} LEN=123 TOS=0x00 PREC=0x00 TTL=255 ID=12345'.format( | |
| random_ip(s), | |
| random_ip([]) | |
| ) | |
| elif ethertype == NET_IPV6: | |
| ipfields = 'SRC={0} DST={1} LEN=123 TC=0 HOPLIMIT=64 FLOWLBL={2}'.format( | |
| random_ipv6(), | |
| random_ipv6(), | |
| rnd.randrange(42, 65536, 123) | |
| ) | |
| else: | |
| raise Exception('woot') | |
| print 'localhost [demo-1000-{action}]IN=eth0 OUT=lo {mac} {ip} {rest} '.format( | |
| action=a, | |
| mac=mac, | |
| ip=ipfields, | |
| rest=rest) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment