Concealment mitm now reads the concealment values from a .csv file, in the future, it might be worth to provide multi-tag support

Author: afmurillo

dhalsim/network_attacks/concealment_netfilter_queue.py

@@ -38,26 +38,17 @@ def capture(self, packet):
                 if len(p) == 116:
                     this_session =  int.from_bytes(p[Raw].load[4:8], sys.byteorder)
                     tag_name = p[Raw].load.decode(encoding='latin-1')[54:56]
-                    self.logger.debug('ENIP TCP Session ID: ' + str(this_session))
-                    self.logger.debug('Received tag is: ' + tag_name)
-                    self.logger.debug('Attack tag is: ' + self.attacked_tag)
                     if self.attacked_tag == tag_name:
                         # This is a packet being sent to SCADA server, conceal the manipulation
-                        self.logger.debug('Packet source: ' + p[IP].src )
-                        self.logger.debug('SCADA IP: ' + self.intermediate_yaml['scada']['public_ip'])
                         if p[IP].src == self.intermediate_yaml['scada']['public_ip']:
-                            self.logger.debug('SCADA session: ' + str(this_session))
                             self.scada_session_ids.append(this_session)
                         else:
-                            self.logger.debug('PLC session: ' + str(this_session))
                             self.attack_session_ids.append(this_session)
 
                 if len(p) == 102:
                     this_session = int.from_bytes(p[Raw].load[4:8], sys.byteorder)
                     if this_session in self.attack_session_ids:
-                        self.logger.debug('Modifying because session is: ' + str(this_session))
                         value = translate_payload_to_float(p[Raw].load)
-                        self.logger.debug('tag value is:' + str(value))
 
                         if 'value' in self.intermediate_attack.keys():
                             p[Raw].load = translate_float_to_payload(

dhalsim/network_attacks/mitm_netfilter_queue.py

@@ -33,19 +33,13 @@ def capture(self, packet):
                 if len(p) == 116:
                     this_session =  int.from_bytes(p[Raw].load[4:8], sys.byteorder)
                     tag_name = p[Raw].load.decode(encoding='latin-1')[54:56]
-                    self.logger.debug('ENIP TCP Session ID: ' + str(this_session))
-                    self.logger.debug('Received tag is: ' + tag_name)
-                    self.logger.debug('Attack tag is: ' + self.attacked_tag)
                     if self.attacked_tag == tag_name:
-                        self.logger.debug('Modifying tag: ' + tag_name)
                         self.session_ids.append(this_session)
 
                 if len(p) == 102:
                     this_session = int.from_bytes(p[Raw].load[4:8], sys.byteorder)
                     if this_session in self.session_ids:
-                        self.logger.debug('Modifying because session is: ' + str(this_session))
                         value = translate_payload_to_float(p[Raw].load)
-                        self.logger.debug('tag value is:' + str(value))
 
                         if 'value' in self.intermediate_attack.keys():
                             p[Raw].load = translate_float_to_payload(

examples/ctown_topology/ctown_concealment_mitm.yaml

@@ -3,9 +3,9 @@ network_attacks:
   type: concealment_mitm
   tag: T3
   target: PLC4
-  value: 42.0
+  value: 8.0
   concealment_data: concealment_test.csv
   trigger:
-    start: 5
-    end: 15
+    start: 648
+    end: 936
     type: time

examples/ctown_topology/ctown_config.yaml

@@ -1,5 +1,5 @@
 inp_file: ctown_map.inp
-iterations: 20
+iterations: 2880
 network_topology_type: complex
 plcs: !include ctown_plcs.yaml