From 91b459f28692ff20c120433a00a073268dd416a4 Mon Sep 17 00:00:00 2001 From: itay Date: Mon, 22 Apr 2019 18:22:51 +0300 Subject: [PATCH 1/2] internet check now uses https instead of icmp --- monkey/infection_monkey/control.py | 5 +---- monkey/infection_monkey/network/info.py | 18 +++++++++++++++--- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/monkey/infection_monkey/control.py b/monkey/infection_monkey/control.py index 98ad55671..a88996069 100644 --- a/monkey/infection_monkey/control.py +++ b/monkey/infection_monkey/control.py @@ -9,7 +9,7 @@ from requests.exceptions import ConnectionError import infection_monkey.monkeyfs as monkeyfs import infection_monkey.tunnel as tunnel from infection_monkey.config import WormConfiguration, GUID -from infection_monkey.network.info import local_ips, check_internet_access +from infection_monkey.network.info import local_ips, check_internet_access, TIMEOUT from infection_monkey.transport.http import HTTPConnectProxy from infection_monkey.transport.tcp import TcpProxy @@ -19,9 +19,6 @@ requests.packages.urllib3.disable_warnings() LOG = logging.getLogger(__name__) DOWNLOAD_CHUNK = 1024 -# random number greater than 5, -# to prevent the monkey from just waiting forever to try and connect to an island before going elsewhere. -TIMEOUT = 15 class ControlClient(object): diff --git a/monkey/infection_monkey/network/info.py b/monkey/infection_monkey/network/info.py index a55dbcdc5..b40f703c5 100644 --- a/monkey/infection_monkey/network/info.py +++ b/monkey/infection_monkey/network/info.py @@ -8,6 +8,10 @@ import itertools import netifaces from subprocess import check_output from random import randint + +import requests +from requests import ConnectionError + from common.network.network_range import CidrRange try: @@ -16,6 +20,10 @@ except NameError: long = int # Python 3 +# Timeout for monkey connections +TIMEOUT = 15 + + def get_host_subnets(): """ Returns a list of subnets visible to host (omitting loopback and auto conf networks) @@ -124,14 +132,18 @@ def get_free_tcp_port(min_range=1000, max_range=65535): def check_internet_access(services): """ - Checks if any of the services are accessible, over ICMP + Checks if any of the services are accessible, over HTTPS :param services: List of IPs/hostnames :return: boolean depending on internet access """ - ping_str = "-n 1" if sys.platform.startswith("win") else "-c 1" for host in services: - if os.system("ping " + ping_str + " " + host) == 0: + try: + requests.get("https://%s" % (host,), timeout=TIMEOUT) return True + except ConnectionError: + # Failed connecting + pass + return False From 3288bf4e6cb5b137af413a4ba4aaf20e7f2fa8de Mon Sep 17 00:00:00 2001 From: itay Date: Tue, 23 Apr 2019 11:49:03 +0300 Subject: [PATCH 2/2] don't require verify for internet check --- monkey/infection_monkey/network/info.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/infection_monkey/network/info.py b/monkey/infection_monkey/network/info.py index b40f703c5..952a9282e 100644 --- a/monkey/infection_monkey/network/info.py +++ b/monkey/infection_monkey/network/info.py @@ -138,7 +138,7 @@ def check_internet_access(services): """ for host in services: try: - requests.get("https://%s" % (host,), timeout=TIMEOUT) + requests.get("https://%s" % (host,), timeout=TIMEOUT, verify=False) return True except ConnectionError: # Failed connecting