CSC474代写、代做CS/python编程程序、代做PortScan、代做python, C/C++

日期：2018-10-21 09:09

CSC474 - Homework 2

Assigned October 18th, 2018; Due 11:55pm on November 1st, 2018

Prof. Brad Reaves

Note: This homework assignment is worth 75 points.

1 A Port Scanner {30 points}

In this programming assignment, you will be building a port scanner. A port scanner is a software

program that probes a target computer for open ports—i.e., ports that have services listening on

them. They are often used for network diagnostics, but also as a precursor to launching an attack,

since they identify potentially vulnerable services.

Your port scanner, PortScan, will probe all 216 TCP ports on a targeted host, and report the

ports that accept connections. Your scanner should not require superuser (root) privileges, and

can attempt to establish full TCP connections to the tested ports.

Your scanner should scan the ports in order (i.e., from 0 to 65535) as quickly as possible. That is,

you should not pause or sleep between probes.

For each open port, PortScan should report both the port number and the service that normally

runs on that port. The latter can be found by using the getservbyport() and socket.getservbyport()

calls in C and Python, respectively.

PortScan should also report how long it took to probe all ports, the number of ports that were

found to be open, and the scan rate (ports scanned per second).

The command-line usage for PortScan should be:

python PortScan.py target

or

PortScan target

for Python and C, respectively, where target is the hostname or IP address of the machine that

is to be scanned.

?Last revised on October 18, 2018.

1

The following is a sample output.

$ python PortScan . py 1 7 2 . 1 8 . 9 . 3 4

Scanning 1 7 2 . 1 8 . 9 . 3 4

0 . ! . . . . . . . ! . . . . . . . .

4096 . . . . . . . . . . . . . . . .

8192 . . . . . . . . . . . . . . . .

12288 . . . . . . . . . . . . . . . .

16384 . . . . . . . ! . . . . . . . . .

20480 . . . . . . . . . . . . . . . .

24576 . . . . . . . . . . . . . . . .

28672 . . . . . . . . . . . . . . . .

32768 . . . . . . . . . . . . . . . .

36864 . . . . . . . . . . . . . . . .

40960 . . . . . . . . . . . . . . . .

45056 . . . . . . . . . . . . . . . .

49152 . . . . . . . . . . . . . . . .

53248 . . . . . . . . . . . . . . . .

57344 . . . . . . . . . . . . . . . .

61440 . . . . . . . . . . . . . . . .

Scan f i n i s h e d !

3 p o r t s found

4 0. 9 0 s e c o n d s el a p s e d

1 6 0 2. 2 4 p o r t s pe r sec ond

Open p o r t s :

8 0: h t tp

1 9 9 0: stun?p1

1 8 0 1 7: [ u n a s si g n e d ]

Terminating n o rm ally

IMPORTANT NOTICE REGARDING COMPUTER ETHICS. It is not cool to scan

hosts on the Internet when you do not have permission to do so. Since port scanners are sometimes

used to prepare for an attack, network administrators build tools to detect their use (see the next

part of this assignment). Hence, by scanning a host, you may cause an alarm to be raised. Even if

the target machine is not being monitored for probes, routers along the path from the scanner to

the target may detect the “attack”.

We are providing you with a custom VCL image for this assignment. It has been configured to

modify the VCL firewall rules that normally prevent your attacks from being successful. Use of

this image will also to ensure VCL staff know that your attack traffic is for legitimate course use

(and not a typical VCL instance gone rogue).

You are strictly forbidden to run PortScan against any machine except for your designated

VCL instances, or any machines announced by the teaching staff as being an

appropriate target. Nor should you run PortScan from any machine other than your

2

designated VCL instances.

2 A Port Scanner Detector {30 points}

For the second part of the homework, you will build PSDetect, a port scanner detector. PSDetect

will use the pcap library (scapy1

for Python or libpcap for C2

) to listen to incoming connections,

and report the presence of a scanner if a single machine attempted to connect to 15 or

more consecutive ports within a 5 second window. PSDetect should therefore be able to

detect when PortScan is used.

PSDetect should listen on all network interfaces, and should take no arguments. It should not

produce any output until a scanner is detected. When a scanner is detected, it should print out

the message3

:

Scanner detected. The scanner originated from host A.B.C.D.

where A.B.C.D should be replaced with either the IP address or the hostname of the machine that

attempted to connect to 15 or more consecutive ports within a 5 second window.

PSDetect should only terminate when the user presses CTRL-C.

The difficult part of this assignment is obtaining the IP header of captured packets. pcap functions

at the data link layer and will return to you Ethernet frames. You’ll need to access the part of

those frames that correspond to the IP headers. In Python, you can use the scapy library that

is installed on your machines; when you use scapy’s sniff function you set a callback for each

packet (via the “prn” parameter). The callback function is passed a packet structure that can be

inspected using the scapy interface (e.g., pkt[IP].src for the source IP address and pkt.dport

for the destination port). The scapy documentation has helpful examples. This is difficult in C,

and you can borrow code from http://www.tcpdump.org/sniffex.c.

PSDetect will require superuser (root) privileges. You will need to run it via either “sudo PSDetect”

or “sudo python PSDetect.py”.

Here is a sample output:

$ sudo python PSDetect . py

WARNING: No r o u t e found f o r IPv6 d e s t i n a t i o n : : ( no d e f a u l t r o u t e ? ) <?? s a f e l y

i g n o r e d .

Scanner d e t e c t e d . The s c a n n e r o r i g i n a t e d from h o s t 1 9 2 . 1 6 8 . 1 . 1 2 .

Scanner d e t e c t e d . The s c a n n e r o r i g i n a t e d from h o s t 1 9 2 . 1 6 8 . 1 . 1 2 .

Scanner d e t e c t e d . The s c a n n e r o r i g i n a t e d from h o s t 1 9 2 . 1 6 8 . 1 . 1 2 .

Scanner d e t e c t e d . The s c a n n e r o r i g i n a t e d from h o s t 1 9 2 . 1 6 8 . 1 . 1 2 .

Scanner d e t e c t e d . The s c a n n e r o r i g i n a t e d from h o s t 1 9 2 . 1 6 8 . 1 . 1 2 .

1

see http://www.secdev.org/projects/scapy/

2

see http://www.tcpdump.org/pcap.html

3

It does not have to print this message in red.

3

3 A Port Scanner Detector Evader (yes, I’m having fun with these

names) {15 points}

Next, you will modify PortScan to evade the PSDetect port scanner. This port scanner will be

called PortScanToo. PortScanToo should operate roughly as quickly as PortScan (i.e., the difference

in timing between the two port scanners should be negligible4

). Unlike PortScan, PortScanToo

does not have to scan ports in sequential order. Also, unlike PortScan,

PortScanToo should not be detected by PSDetect.

Note that the same ethics warning/requirement pertaining to PortScan (see above)

also applies to PortScanToo.

The output for PortScanToo should be identical to that of PortScan.

The command-line usage for PortScanToo should be:

python PortScanToo.py target

or

PortScanToo target

for Python and C, respectively, where target is the hostname or IP address of the machine that

is to be scanned.

Submission Instructions

Submit your solution as a single tarball (tar.gz archive) using WolfWare. To upload your assignment,

navigate to the CSC474 course. Use the “Homework 2” assignment. Include compilation

instructions, if your code requires it.

If writing in Python, you should use Python 2.

Please post questions (especially requests for clarification) about this homework to Piazza.

4What’s negligible? Let’s say that PortScanToo should impose less than a 1% increase in the average time it takes

to conduct a scan.