Python insert_packet_info Beispiele, Packet_Repository.insert_packet_info Python Beispiele

Beispiel #1

0

Datei anzeigen

Datei: packet_impl.py Projekt: valarmathikumaran/CMPE-272_Network_Intrusion_Detection

 def check_ping_of_death(self, pkt, attack_type):
     if ('ip' in pkt and pkt.ip.dst == self.get_ip()) or ('ipv6' in pkt and pkt.ipv6.dst == self.get_ipv6()):
         if int(pkt.length) > 64:
             self.process_pkt_counter(pkt, attack_type)
             self.logger.info("----------------------------------------------------------------------------------")
             self.logger.critical("BAD TRAFFIC : POTENTIAL ICMP PING OF DEATH ATTACK")
             self.print_logger(pkt)
             insert_packet_info((int(pkt.frame_info.number), str(pkt.frame_info.time),
                                 str(pkt.ip.src) if 'ip' in pkt else str(pkt.ipv6.src) if 'ipv6' in pkt else 0, 0,
                                 str(pkt.ip.dst) if 'ip' in pkt else str(pkt.ipv6.dst) if 'ipv6' in pkt else 0, 0,
                                 int(pkt.length), "BAD TRAFFIC : POTENTIAL ICMP PING OF DEATH ATTACK"))

Beispiel #2

0

Datei anzeigen

 def check_http_payload_injection(self, pkt, attack_type):
     if ('ip' in pkt and pkt.ip.dst == "10.0.0.227"):
         for x in self.xss_check:
             if x in str(pkt.http.request_full_uri):
                 self.process_pkt_counter(pkt, attack_type)
                 self.logger.info(
                     "--------------------------------------------------------------------------------------------------------------------"
                 )
                 self.logger.warning("BAD PACKET : HTTP PAYLOAD INJECTION")
                 self.print_logger(pkt)
                 insert_packet_info(
                     (int(pkt.frame_info.number), str(pkt.frame_info.time),
                      str(pkt.ip.src) if 'ip' in pkt else
                      str(pkt.ipv6.src) if 'ipv6' in pkt else 0, 0,
                      str(pkt.ip.dst) if 'ip' in pkt else
                      str(pkt.ipv6.dst) if 'ipv6' in pkt else 0, 0,
                      int(pkt.length),
                      "BAD PACKET : HTTP PAYLOAD INJECTION"))

Beispiel #3

0

Datei anzeigen

Datei: packet_impl.py Projekt: valarmathikumaran/CMPE-272_Network_Intrusion_Detection

 def check_icmp_flood(self, pkt, attack_type):
     pkt_counter_key = self.get_pkt_counter_key(attack_type)
     if ('ip' in pkt and pkt.ip.dst == self.get_ip()) or ('ipv6' in pkt and pkt.ipv6.dst == self.get_ipv6()):
         prev_time_slot = self.pkt_time_slot_dict[attack_type][1] - self.first_pkt_time_dict[attack_type]
         self.process_pkt_counter(pkt, attack_type)
         current_slot = self.pkt_time_slot_dict[attack_type][1] - self.first_pkt_time_dict[attack_type]
         if (prev_time_slot != current_slot) and \
                 self.pkt_counter_dict[attack_type][prev_time_slot][pkt_counter_key] <= self.threshold:
             self.pkt_counter_dict[attack_type][prev_time_slot][pkt_counter_key] = 0
         if self.pkt_counter_dict[attack_type][current_slot][pkt_counter_key] > self.threshold:
             self.logger.info(
                 "--------------------------------------------------------------------------------------------------------------------")
             self.logger.critical("BAD TRAFFIC : POTENTIAL ICMP FLOODING ATTACK")
             self.print_logger(pkt)
             insert_packet_info((int(pkt.frame_info.number) , str(pkt.frame_info.time) ,
                                 str(pkt.ip.src) if 'ip' in pkt else str(pkt.ipv6.src) if 'ipv6' in pkt else 0 , 0 ,
                                 str(pkt.ip.dst) if 'ip' in pkt else str(pkt.ipv6.dst) if 'ipv6' in pkt else 0 , 0 ,
                                 int(pkt.length) ,
                                 "BAD TRAFFIC : POTENTIAL ICMP FLOODING ATTACK"))

Beispiel #4

0

Datei anzeigen

Datei: packet_impl.py Projekt: valarmathikumaran/CMPE-272_Network_Intrusion_Detection

 def check_syn_flood(self, pkt, attack_type):
     pkt_counter_key = self.get_pkt_counter_key(attack_type)
     if (('ip' in pkt and pkt.ip.dst == self.get_ip()) or ('ipv6' in pkt and pkt.ipv6.dst == self.get_ipv6())) and \
             pkt.tcp.seq == '0' and pkt.tcp.flags_syn == '1':
         prev_time_slot = self.pkt_time_slot_dict[attack_type][1] - self.first_pkt_time_dict[attack_type]
         self.process_pkt_counter(pkt , attack_type)
         current_slot = self.pkt_time_slot_dict[attack_type][1] - self.first_pkt_time_dict[attack_type]
         if (prev_time_slot != current_slot) and \
                 self.pkt_counter_dict[attack_type][prev_time_slot][pkt_counter_key]<= 0:
             self.pkt_counter_dict[attack_type][prev_time_slot][pkt_counter_key] = 0
         if self.pkt_counter_dict[attack_type][current_slot][pkt_counter_key] > 0:
             self.logger.info("--------------------------------------------------------------------------------------------------------------------")
             self.logger.critical("BAD TRAFFIC : POTENTIAL SYN FLOODING ATTACK")
             self.print_logger(pkt)
             self.logger.debug("Source Port : %s" , pkt.tcp.srcport)
             self.logger.debug("Destination Port : %s" , pkt.tcp.dstport)
             insert_packet_info((int(pkt.frame_info.number) , str(pkt.frame_info.time) ,
                                 str(pkt.ip.src) if 'ip' in pkt else str(pkt.ipv6.src) if 'ipv6' in pkt else 0 ,
                                 int(pkt.tcp.srcport) ,
                                 str(pkt.ip.dst) if 'ip' in pkt else str(pkt.ipv6.dst) if 'ipv6' in pkt else 0 ,
                                 int(pkt.tcp.dstport) ,
                                 int(pkt.length) , "BAD TRAFFIC : POTENTIAL SYN FLOODING ATTACK"))

Beispiel #5

0

Datei anzeigen

Datei: syn_scan_live.py Projekt: valarmathikumaran/CMPE-272_Network_Intrusion_Detection

                tcp_stream.add(key)

for pkt in cap:
    if "tcp" in pkt and pkt.tcp.stream in tcp_stream:
        if len(tcp_stream) > 2:
            logger.info(
                "------------------------------------------------------------------------------------------------------------------------------------------------"
            )
            logger.critical("BAD TRAFFIC : POTENTIAL SYN SCAN ATTACK")
            print_logger(pkt)
            logger.debug("Source Port : %s", pkt.tcp.srcport)
            logger.debug("Destination Port : %s", pkt.tcp.dstport)
            insert_packet_info(
                (int(pkt.frame_info.number), str(pkt.frame_info.time),
                 str(pkt.ip.src)
                 if 'ip' in pkt else str(pkt.ipv6.src) if 'ipv6' in pkt else 0,
                 int(pkt.tcp.srcport), str(pkt.ip.dst)
                 if 'ip' in pkt else str(pkt.ipv6.dst) if 'ipv6' in pkt else 0,
                 int(pkt.tcp.dstport), int(pkt.length),
                 "BAD TRAFFIC : POTENTIAL SYN SCAN ATTACK"))

start_timestamp = 0.0

for pkt in cap:
    if "tcp" in pkt and pkt.tcp.stream in tcp_stream:
        start_timestamp = float(pkt.frame_info.time_epoch)
        break

end_timestamp = start_timestamp + 1
relative_timestamp = 0.0
firstPkt_timestamp = start_timestamp
incoming_traffic_plot = []