quarta-feira, 18 de junho de 2014

DDOS com o Pyresonance

Alterei o exemplo IDS do Pyresonance para receber eventos JSON para bloquear um fluxo ou liberá-lo. O comportamento inicial da FSM é liberar todos os fluxos.O programa e o globals estão no Gist.

Os eventos JSON para bloquear o host e liberá-lo são:
python ~/pyretic/pyretic/pyresonance/json_sender.py --flow='{srcip=10.0.0.1}' -e ids -s attack -a 127.0.0.1 -p 50003
python ~/pyretic/pyretic/pyresonance/json_sender.py --flow='{srcip=10.0.0.1}' -e ids -s clean -a 127.0.0.1 -p 50003

Agora, para verificar os fluxos instalados no mininet:
sudo mn --topo=single,3 --controller=remote
cd ~mininet/pyretic
./pyretic.py pyretic.pyresonance.main --config=./pyretic/pyresonance/global.config.dos_external --mode=manual

mininet: h1 ping h2

[mininet@mininet-vm:~]$sudo ovs-appctl bridge/dump-flows s1
duration=56s, priority=0, n_packets=1, n_bytes=42, priority=0,arp,in_port=3,dl_src=aa:d0:ed:f7:e4:83,dl_dst=8a:3a:15:ce:f1:17,nw_src=10.0.0.2,nw_dst=10.0.0.1,arp_op=1,actions=output:2,output:1
duration=61s, priority=0, n_packets=0, n_bytes=0, priority=0,arp,in_port=3,dl_src=aa:d0:ed:f7:e4:83,dl_dst=8a:3a:15:ce:f1:17,nw_src=10.0.0.2,nw_dst=10.0.0.1,arp_op=2,actions=output:2,output:1
duration=56s, priority=0, n_packets=1, n_bytes=42, priority=0,arp,in_port=1,dl_src=8a:3a:15:ce:f1:17,dl_dst=aa:d0:ed:f7:e4:83,nw_src=10.0.0.1,nw_dst=10.0.0.2,arp_op=2,actions=output:3,output:2
duration=61s, priority=0, n_packets=0, n_bytes=0, priority=0,arp,in_port=1,dl_src=8a:3a:15:ce:f1:17,dl_dst=ff:ff:ff:ff:ff:ff,nw_src=10.0.0.1,nw_dst=10.0.0.2,arp_op=1,actions=output:2,output:3
duration=61s, priority=0, n_packets=60, n_bytes=5880, priority=0,icmp,in_port=1,dl_src=8a:3a:15:ce:f1:17,dl_dst=aa:d0:ed:f7:e4:83,nw_src=10.0.0.1,nw_dst=10.0.0.2,nw_tos=0,icmp_type=8,icmp_code=0,actions=output:2,output:3
duration=61s, priority=0, n_packets=60, n_bytes=5880, priority=0,icmp,in_port=3,dl_src=aa:d0:ed:f7:e4:83,dl_dst=8a:3a:15:ce:f1:17,nw_src=10.0.0.2,nw_dst=10.0.0.1,nw_tos=0,icmp_type=0,icmp_code=0,actions=output:1,output:2
duration=62s, priority=0, n_packets=15, n_bytes=1054, priority=0,actions=CONTROLLER:65535

[mininet@mininet-vm:~]$python ~/pyretic/pyretic/pyresonance/json_sender.py --flow='{srcip=10.0.0.1}' -e ids -s attack -a 127.0.0.1 -p 50003

Flow = {srcip=10.0.0.1}
Data Payload = {'dstip': None, 'protocol': None, 'srcmac': None, 'tos': None, 'vlan_pcp': None, 'dstmac': None, 'inport': None, 'ethtype': None, 'srcip': '10.0.0.1', 'dstport': None, 'srcport': None, 'vlan_id': None}
ok

[mininet@mininet-vm:~]$sudo ovs-appctl bridge/dump-flows s1

duration=13s, priority=0, n_packets=12, n_bytes=1176, priority=0,icmp,in_port=1,dl_src=8a:3a:15:ce:f1:17,dl_dst=aa:d0:ed:f7:e4:83,nw_src=10.0.0.1,nw_dst=10.0.0.2,nw_tos=0,icmp_type=8,icmp_code=0,drop
duration=14s, priority=0, n_packets=1, n_bytes=98, priority=0,actions=CONTROLLER:65535

h2 ping h3

[mininet@mininet-vm:~]$sudo ovs-appctl bridge/dump-flows s1
duration=10s, priority=0, n_packets=0, n_bytes=0, priority=0,arp,in_port=3,dl_src=aa:d0:ed:f7:e4:83,dl_dst=ff:ff:ff:ff:ff:ff,nw_src=10.0.0.2,nw_dst=10.0.0.3,arp_op=1,actions=output:1,output:2
duration=5s, priority=0, n_packets=0, n_bytes=0, priority=0,arp,in_port=3,dl_src=aa:d0:ed:f7:e4:83,dl_dst=aa:b5:d9:88:c5:ba,nw_src=10.0.0.2,nw_dst=10.0.0.3,arp_op=2,actions=output:2,output:1
duration=10s, priority=0, n_packets=0, n_bytes=0, priority=0,arp,in_port=2,dl_src=aa:b5:d9:88:c5:ba,dl_dst=aa:d0:ed:f7:e4:83,nw_src=10.0.0.3,nw_dst=10.0.0.2,arp_op=2,actions=output:3,output:1
duration=5s, priority=0, n_packets=0, n_bytes=0, priority=0,arp,in_port=2,dl_src=aa:b5:d9:88:c5:ba,dl_dst=aa:d0:ed:f7:e4:83,nw_src=10.0.0.3,nw_dst=10.0.0.2,arp_op=1,actions=output:3,output:1
duration=46s, priority=0, n_packets=25, n_bytes=2450, priority=0,icmp,in_port=1,dl_src=8a:3a:15:ce:f1:17,dl_dst=aa:d0:ed:f7:e4:83,nw_src=10.0.0.1,nw_dst=10.0.0.2,nw_tos=0,icmp_type=8,icmp_code=0,drop
duration=10s, priority=0, n_packets=10, n_bytes=980, priority=0,icmp,in_port=3,dl_src=aa:d0:ed:f7:e4:83,dl_dst=aa:b5:d9:88:c5:ba,nw_src=10.0.0.2,nw_dst=10.0.0.3,nw_tos=0,icmp_type=8,icmp_code=0,actions=output:1,output:2
duration=10s, priority=0, n_packets=10, n_bytes=980, priority=0,icmp,in_port=2,dl_src=aa:b5:d9:88:c5:ba,dl_dst=aa:d0:ed:f7:e4:83,nw_src=10.0.0.3,nw_dst=10.0.0.2,nw_tos=0,icmp_type=0,icmp_code=0,actions=output:3,output:1
duration=47s, priority=0, n_packets=7, n_bytes=462, priority=0,actions=CONTROLLER:65535

[mininet@mininet-vm:~]$python ~/pyretic/pyretic/pyresonance/json_sender.py --flow='{srcip=10.0.0.1}' -e ids -s clean -a 127.0.0.1 -p 50003

[mininet@mininet-vm:~]$sudo ovs-appctl bridge/dump-flows s1                                                              duration=925s, priority=0, n_packets=28, n_bytes=1176, priority=0,arp,in_port=3,dl_src=aa:d0:ed:f7:e4:83,dl_dst=8a:3a:15:ce:f1:17,nw_src=10.0.0.2,nw_dst=10.0.0.1,arp_op=1,actions=output:2,output:1
duration=930s, priority=0, n_packets=0, n_bytes=0, priority=0,arp,in_port=3,dl_src=aa:d0:ed:f7:e4:83,dl_dst=8a:3a:15:ce:f1:17,nw_src=10.0.0.2,nw_dst=10.0.0.1,arp_op=2,actions=output:2,output:1
duration=925s, priority=0, n_packets=28, n_bytes=1176, priority=0,arp,in_port=1,dl_src=8a:3a:15:ce:f1:17,dl_dst=aa:d0:ed:f7:e4:83,nw_src=10.0.0.1,nw_dst=10.0.0.2,arp_op=2,actions=output:3,output:2
duration=930s, priority=0, n_packets=0, n_bytes=0, priority=0,arp,in_port=1,dl_src=8a:3a:15:ce:f1:17,dl_dst=ff:ff:ff:ff:ff:ff,nw_src=10.0.0.1,nw_dst=10.0.0.2,arp_op=1,actions=output:2,output:3
duration=930s, priority=0, n_packets=930, n_bytes=91140, priority=0,icmp,in_port=1,dl_src=8a:3a:15:ce:f1:17,dl_dst=aa:d0:ed:f7:e4:83,nw_src=10.0.0.1,nw_dst=10.0.0.2,nw_tos=0,icmp_type=8,icmp_code=0,actions=output:3,output:2
duration=930s, priority=0, n_packets=930, n_bytes=91140, priority=0,icmp,in_port=3,dl_src=aa:d0:ed:f7:e4:83,dl_dst=8a:3a:15:ce:f1:17,nw_src=10.0.0.2,nw_dst=10.0.0.1,nw_tos=0,icmp_type=0,icmp_code=0,actions=output:2,output:1
duration=931s, priority=0, n_packets=10, n_bytes=756, priority=0,actions=CONTROLLER:65535

segunda-feira, 2 de junho de 2014

Sobre o LXC

Copiado do Blog do Danny

# Install LXC
sudo apt-get install lxc

# Create a Linux Container named base ( -t: template, -n: namespace )
sudo lxc-create -t ubuntu -n base

# Start the Linux Container ( -d: daemon )
sudo lxc-start -n base -d

# Stop the Linux Container
sudo lxc-stop -n base

# List Linux Containers
lxc-ls --fancy

# Clone the Linux Container
lxc-clone -o base -n newvm1

# Access the container
lxc-console -n newvm1

# Shudown
lxc-shutdown -n test-container

# Destroy
lxc-destroy -n test-container


LXC can be controlled via Libvirt:
http://blog.scottlowe.org/2013/11/27/linux-containers-via-lxc-and-libvirt/

Exploring LXC Networking:

Autostart
By default, containers will not be started after a reboot, even if they were running prior to the shutdown.
To make a container autostart, you simply need to symlink its config file into the /etc/lxc/auto directory:
ln -s /var/lib/lxc/test-container/config /etc/lxc/auto/test-container.conf