Project 3

Que. Program an attack terminal

1. The user should be able to select from the following CAN based attacks

a. Full Bus DoS

- The program should allow the user to set a duration for the attack

b. Partial DoS

- The program should ask the user “what priority should I DoS at?”

- The program should allow the user to set a duration for the attack

c. Message Replay

- The program should allow the user to set the size of buffer to capture before replaying the data

- The program should allow the user to set a “fuse” (time to wait) after capturing the buffer and before the playback begins

2. The program should allow the user to set a “fuse” of time to pass before executing the attack.

3. The program should create a Linux Directory that includes a descriptive name for the attack and the date/time the attack was run (i.e Full Bus DoS attack - 10/11/2021 at 9:00:00 AM JST) 

- A fuse of 0s would mean the attack is executed immediately

4. No attack option should last forever

5. A log of the CAN bus should be kept from the start of the program until the program finishes

Solution:

Program for Attack Terminal:

i). a). Dos Attack for Full CAN bus:

The web server is now prone to attacks and is an easy target for the hackers. Hackers usually attempt two types of attack.

DoS (Denial-of-Service) Attack

A denial-of-service (DoS) attack is a tactic for overloading a machine or network to make it unavailable. Attackers achieve this by sending more traffic than the target can handle, causing it to fail—making it unable to provide service to its normal users. Examples of targets might include email, online banking, websites, or any other service relying on a targeted network or computer.

There are different types of DoS attacks such as resource exhaustion and flood attacks. Resource exhaustion attacks cause the targeted infrastructure to use all of its available memory or storage resources, slowing the service's performance or stopping it all together. Flood attacks send an overwhelming number of packets that exceed server capacity.

DDoS (Distributed Denial-of-Service) Attack

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service or a website unavailable by overloading it with huge floods of traffic generated from multiple sources.

Unlike a Denial of Service (DoS) attack, in which one computer and one Internet connection is used to flood a targeted resource with packets, a DDoS attack uses many computers and many Internet connections, often distributed globally in what is referred to as a botnet. A large-scale volumetric DDoS attack can generate a traffic measured in tens of Gigabits (and even hundreds of Gigabits) per second.

Set a duration of Attack:

In the linux terminal CAN bus messages are generated by using the CANGEN tools. The Cangen tool where used to generated the some ARB ID message that pass virtual message to the machine. In the process here use set duration for the attack where lead by Denial of Service the commend used in terminal is SLEEP. The Sleep commend is used to set the duration for the attack DoS on the CAN generated some virtual ARB ID messages.

 Syntax for Set a Duration of Attack:

Sender side: (rishabh㉿kali)-[~]$ cangen vcan0 sleep 20s {cangen is generate the random messages using the ARB ID & Sleep commend is used to hold the process “s” is denoted the Seconds}

Receiver side: (rishabh㉿kali)-[~]$ candump vcan0 -c -l {Here the tool candump is view the message passed in the machine & ‘-c’ is denoted the color of  flow & ‘-l’ is denoted save the messages in the log files}

b). Partial DoS

User Priority of DoS:

In the program on the bash script the priority of attack is decided by the user where the attack leads together by Timestamp attack or else the duration block attack whether the program is denoted the attack is partially run the commands by order of message generated on the ARB ID while data is dump on the candump it store the messages on log format file.

Sample DoS Program

To begin with, let us import the necessary libraries −

import socket

import struct

from datetime import datetime

Now, we will create a socket as we have created in previous sections too.

s = socket.socket(socket.PF_PACKET, socket.SOCK_RAW, 8)

We will use an empty dictionary −

dict = {}

The following line of code will open a text file, having the details of DDoS attack in append mode.

file_txt = open("attack_DDoS.txt",'a')

t1 = str(datetime.now())

With the help of following line of code, current time will be written whenever the program runs.

file_txt.writelines(t1)

file_txt.writelines("\n")

Now, we need to assume the hits from a particular IP. Here we are assuming that if a particular IP is hitting for more than 15 times then it would be an attack.

No_of_IPs = 15

R_No_of_IPs = No_of_IPs +10

   while True:

      pkt = s.recvfrom(2048)

      ipheader = pkt[0][14:34]

      ip_hdr = struct.unpack("!8sB3s4s4s",ipheader)

      IP = socket.inet_ntoa(ip_hdr[3])

      print "The Source of the IP is:", IP

The following line of code will check whether the IP exists in dictionary or not. If it exists then it will increase it by 1.

if dict.has_key(IP):

   dict[IP] = dict[IP]+1

   print dict[IP]

The next line of code is used to remove redundancy.

if(dict[IP] > No_of_IPs) and (dict[IP] < R_No_of_IPs) :

   line = "DDOS attack is Detected: "

   file_txt.writelines(line)

   file_txt.writelines(IP)

   file_txt.writelines("\n")

else:

   dict[IP] = 1

After running the above script, we will get the result in a text file. According to the script, if an IP hits for more than 15 times then it would be printed as DDoS attack is detected along with that IP address and provide the decision making of attack from the user side.

User Set duration of Attack

Actually DDoS attack is a bit difficult to detect because you do not know the host that is sending the traffic is a fake one or real. The Python script given below will help detect the DDoS attack.

c).Message Replay:

Buffer Capture and Fuse:

In the program is execute on linux terminal the message is pass through on candump tool while which is used to store ARB ID from the sender. The program here used provide the replay attack on ARB ID while provide from the cangen and ICSim controller. The buffer is provide across on those ARB ID message using the program like DoS buffering also executed here to manage and pass buffer like repeated message to the storage server like candump side.

Fuse:

In the program while using the pause.sh bash script for fuse the timestamp and also buffer capturing process also provide in the area of terminal ARB ID message passing in candump tool.

ii). Fuse of Time to Pass Before Execute the Attack:

In the program the CAN bus Message is passed through under the ARB ID which the message is generated by using some virtual and random format message generated by the tool where used in the CAN bus. The random Message generated tool is CANGEN.

Here the fuse message is process on the SLEEP command is takes place to prove some timestamp duration on the program execute on the terminal.

The buffer process is takes place on the some bash script is used to created the repeated message son the CAN message is passing through on terminal.

While this type of SLEEP, CANGEN, ICSim and Bash script is used in the fuse process to provide the DoS Attack is place in the CAN bus ARB ID message is generated on terminal.

iii). The Create Linux Directory for DoS Attack:

 Here the CAN bus tool used to create directory to story the all DoS attack using the tool is CANDUMP to create the directory by the command are used to story the ARB IB Messages with the file name, date and time.

Syntax: candump [options] <VCAN interface>

Command: Receiver side: (rishabh㉿kali)-[~]$ candump vcan0 -c -l > DosAttack {Here the tool candump is view the message passed in the machine & ‘-c’ is denoted the color of  flow & ‘-l’ is denoted save the messages in the log files}

Fuse Attack Execute by Log File:

CAN bus tool which is to execute the fuse attack where save in log file by immediately process in terminal using the tool is CANPLAYER which is execute the ARB ID message is provided by the DoS is stored in log file.

Syntax: canplayer <option> [Interface Assignment]

Command: canplayer -I DosAttack-2023-12-01_055133.log  {-I <infile> (default stdin)} 

iv). No Attack Option:

 In linux terminal the CAN bus process to send message on the server the DoS attack is provide while the tools are operate in safety manner while execute the program using the inface option in optimize method it helps to avoid the traffic like buffer provide in the ARB ID messages passing to the CANDUMP like it is receiver side to optimize the buffer and traffic in the Dos Attack while takes place in Full CAN BUS passes the message to the automation of operate the vehicle.

V). Save all CAN Operation in Log file:

Using the CAN bus tool to save all ARB ID message passing through while the process is takes on the DoS Attack on the CAN BUS. The Messages are save in log file using the tool is CANDUMP.

Syntax: candump [options] <VCAN interface>

Note:

The files are attached here the name are:

DoS.sh this file is shell file format operation of DoS Attack

Pause.sh this file is shell file format operation of Buffering process

DosAttack-2023-12-01_055133.log  this file is log file format operation of store message