-
-
Save marciolm/0f34cfac7763e7065565 to your computer and use it in GitHub Desktop.
Exemplo DDOS Pyresonance
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################################################ | |
| # Resonance Project # | |
| # Resonance implemented with Pyretic platform # | |
| # author: Hyojoon Kim (joonk@gatech.edu) # | |
| # author: Nick Feamster (feamster@cc.gatech.edu) # | |
| # author: Muhammad Shahbaz (muhammad.shahbaz@gatech.edu) # | |
| ################################################################################ | |
| from pyretic.lib.corelib import * | |
| from pyretic.lib.std import * | |
| from ..FSMs.base_fsm import * | |
| from ..policies.base_policy import * | |
| from ..drivers.json_event import * | |
| from ..globals import * | |
| HOST = '127.0.0.1' | |
| PORT = 50003 | |
| ################################################################################ | |
| # Run Mininet: | |
| # $ sudo mn --controller=remote,ip=127.0.0.1 --custom mininet_topos/example_topos.py | |
| # --topo linear --link=tc --mac --arp | |
| ################################################################################ | |
| ################################################################################ | |
| # Start ping from 10.0.0.1 to 10.0.0.2 | |
| # mininet> h1 ping h2 | |
| ################################################################################ | |
| ################################################################################ | |
| # 1. To allow traffic between 10.0.0.1 and 10.0.0.2 | |
| # $ python json_sender.py --flow='{srcip=10.0.0.1}' -e ids -s clean -a 127.0.0.1 -p 50003 | |
| # | |
| # 2. To block traffic from 10.0.0.1 | |
| # $ python json_sender.py --flow='{srcip=10.0.0.1}' -e ids -s attack -a 127.0.0.1 -p 50003 | |
| ################################################################################ | |
| class DOSFSM(BaseFSM): | |
| def default_handler(self, message, queue): | |
| return_value = 'ok' | |
| if DEBUG == True: | |
| print "DOS handler: ", message['flow'] | |
| if message['event_type'] == EVENT_TYPES['ids']: | |
| if message['message_type'] == MESSAGE_TYPES['state']: | |
| self.state_transition(message['message_value'], message['flow'], queue) | |
| elif message['message_type'] == MESSAGE_TYPES['info']: | |
| pass | |
| else: | |
| return_value = self.debug_handler(message, queue) | |
| else: | |
| print "DOS: ignoring message type." | |
| return return_value | |
| class DOSPolicy(BasePolicy): | |
| def __init__(self, fsm): | |
| self.fsm = fsm | |
| def attack_policy(self): | |
| return drop | |
| def allow_policy(self): | |
| return passthrough | |
| def action(self): | |
| if self.fsm.trigger.value == 0: | |
| # Match incoming flow with each state's flows | |
| match_attack_flows = self.fsm.get_policy('attack') | |
| match_clean_flows = self.fsm.get_policy('clean') | |
| # Create state policies for each state | |
| # p1 = if_(match_attack_flows, self.attack_policy(), drop) | |
| # p2 = if_(match_clean_flows, self.allow_policy(), drop) | |
| p3 = if_(match_attack_flows, drop, self.allow_policy()) | |
| # Parallel composition | |
| # return p1 + p2 | |
| return p3 | |
| else: | |
| return self.turn_off_module(self.fsm.comp.value) | |
| def main(queue): | |
| # Create FSM object | |
| fsm = DOSFSM() | |
| # Create policy using state machine | |
| policy = DOSPolicy(fsm) | |
| # Create an event source (i.e., JSON) | |
| json_event = JSONEvent(fsm.default_handler, HOST, PORT) | |
| json_event.start(queue) | |
| return fsm, policy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################################################ | |
| # Resonance Project # | |
| # Resonance implemented with Pyretic platform # | |
| # author: Hyojoon Kim (joonk@gatech.edu) # | |
| # author: Nick Feamster (feamster@cc.gatech.edu) # | |
| # author: Muhammad Shahbaz (muhammad.shahbaz@gatech.edu) # | |
| ################################################################################ | |
| ################################################################################ | |
| # 1. Fill in modules in MODULES clause, separating each with ",". | |
| # - You can disable modules by commenting them out by putting "#" in front. | |
| ################################################################################ | |
| ################################################################################ | |
| # 2. Specify the composition of modules in COMPOSITION clause. | |
| # - You can disable lines by commenting them by putting "#" in front. | |
| # - Specify only one composition here. The FIRST line with NO "#" will be | |
| # be used for the composition. | |
| ################################################################################ | |
| ################################################################################ | |
| # DON'T PUT ANYTHING BETWEEN MODULES AND COMPOSITION CLAUSES! # | |
| ################################################################################ | |
| APPLICATIONS = { | |
| # pyretic.pyresonance.apps.auth, | |
| # pyretic.pyresonance.apps.ids, | |
| # pyretic.pyresonance.apps.passthrough, | |
| # pyretic.pyresonance.apps.server_lb, | |
| # pyretic.pyresonance.apps.ddos, | |
| # pyretic.pyresonance.apps.auth_new, | |
| # pyretic.pyresonance.apps.ratelimit, | |
| pyretic.pyresonance.apps.dos_external, | |
| } | |
| COMPOSITION = { | |
| # auth >> ids | |
| # server_lb | |
| # passthrough | |
| # auth_new | |
| # auth | |
| # ratelimit | |
| # ddos | |
| # ids | |
| dos_external | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment