def testNotBelowRmax(self):
c = Consecutive()
for i in range(5):
self.assertFalse(c.insert(i, 3, 1000, 0, 1))
for i in range(5, 7):
self.assertFalse(c.insert(i, 3, 1000, 0, 0))
for i in range(7, 9):
self.assertFalse(c.insert(i, 3, 1000, -20, -1))
def track(src_ip, dst_port):
'''
keep track of incoming pkts to detect port scanners
params:
src_ip source ip
dst_port port on this machine contacted
returns:
None
'''
# new source
if src_ip not in TRACKER:
ports_visited = Consecutive.Consecutive()
ports_visited.insert(dst_port, CON, TIME, MIN_PORT, MAX_PORT)
TRACKER[src_ip] = ports_visited
# source seen before
else:
# check if this machine is being port scanned
if TRACKER[src_ip].insert(dst_port, CON, TIME, MIN_PORT, MAX_PORT):
print "Scanner detected. The scanner originated from host {0:s}.".format(
src_ip)
def test_ExpectedOutput(self):
'''
Checks if returned output is as expected.
'''
output = Consecutive.Consecutive([4, 8, 6])
self.assertEqual(output, 2)
def testNotAboveRmin(self):
c = Consecutive()
for i in range(5):
self.assertFalse(c.insert(i, 2, 1000, i, 9))
for i in range(5, 10):
self.assertFalse(c.insert(i, 2, 1000, i + 1, 9))
def testNotRecent(self):
c = Consecutive()
for i in range(9):
c.insert(i, 10, 1, -10, 20)
time.sleep(2.0)
self.assertFalse(c.insert(9, 10, 1, -10, 20))
def testNoConsecutive(self):
c = Consecutive()
for i in range(-19, 45):
self.assertFalse(c.insert(i * 2, 2, 1000, 0, 40))
def testConTooLarge(self):
c = Consecutive()
for i in range(9):
self.assertFalse(c.insert(i, 10, 1000, 0, 10))
def testConPresent(self):
c = Consecutive()
for i in range(10):
self.assertTrue(c.insert(i, i, 1000, 0, 9))
time.sleep(1.0)
self.assertTrue(c.insert(10, 1, 0, 9, 11))