I'm sending fragmented packets to my target system: <code class="not

<div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clip

ddos_dissector.py crashing with fragmented packets about dissector HOT 2 CLOSED

craig commented on August 27, 2024

ddos_dissector.py crashing with fragmented packets

from dissector.

Comments (2)

tvdhout commented on August 27, 2024

Hello! I have recently taken over maintenance of this project from the previous developer. I have been busy reading through the code and understanding it. I have cleaned up a lot and found the bug you described. I believe my pull request has fixed this, could you verify? If not, could you share a small capture of the traffic so I can try it out and debug it more interactively. Alternatively, give more verbose logs with the --debug flag. Thanks!

from dissector.

craig commented on August 27, 2024

# pip3 install -r requirements.txt
Collecting Pygments>=2.7.4 (from -r requirements.txt (line 1))
  Using cached https://files.pythonhosted.org/packages/a6/c9/be11fce9810793676017f79ffab3c6cb18575844a6c7b8d4ed92f95de604/Pygments-2.9.0-py3-none-any.whl
Collecting cursor==1.3.4 (from -r requirements.txt (line 2))
Collecting ipaddr==2.2.0 (from -r requirements.txt (line 3))
Collecting numpy~=1.20.3 (from -r requirements.txt (line 4))
  Using cached https://files.pythonhosted.org/packages/ac/16/c219bb25f862e9b82ad352e55bb70c97a3b43fda2eb40541cc1c38fbcf5f/numpy-1.20.3-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whl
Collecting pandas~=1.2.4 (from -r requirements.txt (line 5))
  Using cached https://files.pythonhosted.org/packages/51/51/48f3fc47c4e2144da2806dfb6629c4dd1fa3d5a143f9652b141e979a8ca9/pandas-1.2.4-cp37-cp37m-manylinux1_x86_64.whl
Collecting requests==2.23.0 (from -r requirements.txt (line 6))
  Using cached https://files.pythonhosted.org/packages/1a/70/1935c770cb3be6e3a8b78ced23d7e0f3b187f5cbfab4749523ed65d7c9b1/requests-2.23.0-py2.py3-none-any.whl
Collecting urllib3==1.26.5 (from -r requirements.txt (line 7))
  Using cached https://files.pythonhosted.org/packages/0c/cd/1e2ec680ec7b09846dc6e605f5a7709dfb9d7128e51a026e7154e18a234e/urllib3-1.26.5-py2.py3-none-any.whl
Collecting pytz>=2017.3 (from pandas~=1.2.4->-r requirements.txt (line 5))
  Using cached https://files.pythonhosted.org/packages/70/94/784178ca5dd892a98f113cdd923372024dc04b8d40abe77ca76b5fb90ca6/pytz-2021.1-py2.py3-none-any.whl
Collecting python-dateutil>=2.7.3 (from pandas~=1.2.4->-r requirements.txt (line 5))
  Using cached https://files.pythonhosted.org/packages/d4/70/d60450c3dd48ef87586924207ae8907090de0b306af2bce5d134d78615cb/python_dateutil-2.8.1-py2.py3-none-any.whl
Requirement already satisfied: idna<3,>=2.5 in /usr/lib/python3/dist-packages (from requests==2.23.0->-r requirements.txt (line 6)) (2.6)
Requirement already satisfied: certifi>=2017.4.17 in /usr/lib/python3/dist-packages (from requests==2.23.0->-r requirements.txt (line 6)) (2018.8.24)
Requirement already satisfied: chardet<4,>=3.0.2 in /usr/lib/python3/dist-packages (from requests==2.23.0->-r requirements.txt (line 6)) (3.0.4)
Requirement already satisfied: six>=1.5 in /usr/lib/python3/dist-packages (from python-dateutil>=2.7.3->pandas~=1.2.4->-r requirements.txt (line 5)) (1.12.0)
requests 2.23.0 has requirement urllib3!=1.25.0,!=1.25.1,<1.26,>=1.21.1, but you'll have urllib3 1.26.5 which is incompatible.
Installing collected packages: Pygments, cursor, ipaddr, numpy, pytz, python-dateutil, pandas, urllib3, requests
  Found existing installation: urllib3 1.24.1
    Not uninstalling urllib3 at /usr/lib/python3/dist-packages, outside environment /usr
    Can't uninstall 'urllib3'. No files were found to uninstall.
  Found existing installation: requests 2.21.0
    Not uninstalling requests at /usr/lib/python3/dist-packages, outside environment /usr
    Can't uninstall 'requests'. No files were found to uninstall.
Successfully installed Pygments-2.9.0 cursor-1.3.4 ipaddr-2.2.0 numpy-1.20.3 pandas-1.2.4 python-dateutil-2.8.1 pytz-2021.1 requests-2.23.0 urllib3-1.26.5

Works great now!


[✓] Processing target IP address: 192.168.0.16
[✓] Generated fingerprint
{
    "attack_vector": [
        {
            "attack_vector_key": "85f8da7178ca456a4408b59f8ce22a0da0ee74fe427ebb50b0a44c67f35b8b8e",
            "dstport": [
                80
            ],
            "fragmentation": [
                true
            ],
            "frame_len": [
                60
            ],
            "highest_protocol": [
                "TCP"
            ],
            "ip_proto": [
                "TCP"
            ],
            "ip_src": [
                "192.168.0.1"
            ],
            "ip_ttl": [
                64
            ],
            "one_line_fingerprint": "{'tcp_flags': '0x00000000', 'ip_proto': 'TCP', 'ip_src': '192.168.0.1', 'highest_protocol': 'TCP', 'frame_len': 60, 'ip_ttl': 64, 'dstport': 80, 'fragmentation': True, 'src_ips': 'omitted'}",
            "src_ips": "ommited",
            "tcp_flags": [
                "0x00000000"
            ]
        }
    ],
    "avg_bps": 17484987,
    "ddos_attack_key": "13ad14f064a4f0f31314bd5957e67547c015f08ffb8fb6d43b9e8e9b70da77a3",
    "duration_sec": 3.1,
    "file_type": "PCAP",
    "key": "13ad14f064a4f0f",
    "start_time": "2021-06-04 16:08:00",
    "tags": [
        "SINGLE_VECTOR_ATTACK",
        "FRAGMENTATION",
        "TCP"
    ],
    "total_dst_ports": 1,
    "total_ips": 1,
    "total_packets": 903391
}

from dissector.

ddos_dissector.py crashing with fragmented packets about dissector HOT 2 CLOSED

Comments (2)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent