From 06d38829fe6b7759432cf465951bcbf7b1e3007a Mon Sep 17 00:00:00 2001
From: luiscal4a <l.delacal@alumnos.upm.es>
Date: Thu, 13 Oct 2022 22:31:38 +0200
Subject: [PATCH] - Added EndpointId in the Centralized Attack Detector
component. - Enabled the correct code in the Attack Mitigator component to
properly configure ACL rules in the corresponding service to block detected
attack connections.
---
.../l3_attackmitigatorServiceServicerImpl.py | 32 +++++++++----------
...alizedattackdetectorServiceServicerImpl.py | 2 +-
2 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/src/l3_attackmitigator/service/l3_attackmitigatorServiceServicerImpl.py b/src/l3_attackmitigator/service/l3_attackmitigatorServiceServicerImpl.py
index 07b5c6db1..da950df75 100644
--- a/src/l3_attackmitigator/service/l3_attackmitigatorServiceServicerImpl.py
+++ b/src/l3_attackmitigator/service/l3_attackmitigatorServiceServicerImpl.py
@@ -146,8 +146,8 @@ class l3_attackmitigatorServiceServicerImpl(L3AttackmitigatorServicer):
)
acl_entry.match.src_address = "{}/32".format(src_ip)
acl_entry.match.dst_address = "{}/32".format(dst_ip)
- acl_entry.match.src_port = src_port
- acl_entry.match.dst_port = dst_port
+ acl_entry.match.src_port = int(src_port)
+ acl_entry.match.dst_port = int(dst_port)
# TODO: update the following parameters; for instance, add them as parameters of the method configure_acl_rule
acl_entry.action.forward_action = AclForwardActionEnum.ACLFORWARDINGACTION_DROP
acl_entry.action.log_action = AclLogActionEnum.ACLLOGACTION_NOLOG
@@ -194,23 +194,23 @@ class l3_attackmitigatorServiceServicerImpl(L3AttackmitigatorServicer):
LOGGER.info("Service obtained from ServiceId:\n{}".format(service))
# Old version
- config_rule = self.GetConfigRule(ip_o, ip_d, port_o, port_d)
+ # config_rule = self.GetConfigRule(ip_o, ip_d, port_o, port_d)
- service_config = ServiceConfig()
- service_config.config_rules.extend([config_rule])
- service.service_config.CopyFrom(service_config)
+ # service_config = ServiceConfig()
+ # service_config.config_rules.extend([config_rule])
+ # service.service_config.CopyFrom(service_config)
# New version
- # self.configure_acl_rule(
- # context_uuid=service_id.context_id.context_uuid.uuid,
- # service_uuid=service_id.service_uuid.uuid,
- # device_uuid=request.device_id.device_uuid.uuid,
- # endpoint_uuid=request.endpoint_id.endpoint_uuid.uuid,
- # src_ip=ip_o,
- # dst_ip=ip_d,
- # src_port=port_o,
- # dst_port=port_d,
- # )
+ self.configure_acl_rule(
+ context_uuid=service_id.context_id.context_uuid.uuid,
+ service_uuid=service_id.service_uuid.uuid,
+ device_uuid=request.endpoint_id.device_id.device_uuid.uuid,
+ endpoint_uuid=request.endpoint_id.endpoint_uuid.uuid,
+ src_ip=ip_o,
+ dst_ip=ip_d,
+ src_port=port_o,
+ dst_port=port_d,
+ )
LOGGER.info("Service with new rule:\n{}".format(service))
self.UpdateService(service)
diff --git a/src/l3_centralizedattackdetector/service/l3_centralizedattackdetectorServiceServicerImpl.py b/src/l3_centralizedattackdetector/service/l3_centralizedattackdetectorServiceServicerImpl.py
index 50151efb5..7ee533806 100644
--- a/src/l3_centralizedattackdetector/service/l3_centralizedattackdetectorServiceServicerImpl.py
+++ b/src/l3_centralizedattackdetector/service/l3_centralizedattackdetectorServiceServicerImpl.py
@@ -112,6 +112,7 @@ class l3_centralizedattackdetectorServiceServicerImpl(L3Centralizedattackdetecto
"port_d": request.port_d,
"ml_id": "RandomForest",
"service_id": request.service_id,
+ "endpoint_id": request.endpoint_id,
"time_start": request.time_start,
"time_end": request.time_end,
}
@@ -203,4 +204,3 @@ class l3_centralizedattackdetectorServiceServicerImpl(L3Centralizedattackdetecto
k = np.sum(k)
return self.make_inference(k)
-
--
GitLab