def main():
s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
s.connect(sockFile)
s.settimeout(10)
while True:
try:
# Recieve Message
#msg = s.recv(2048)
lengthInBytes = recv_all(s, 2)
if len(lengthInBytes) == 0:
s.close()
return 0
#length = struct.unpack("!H", msg[0:2])[0]
length = struct.unpack("!H", lengthInBytes)[0]
print(length)
#msg = msg[2:]
msg = recv_all(s, length)
read = nstp_v2_pb2.IDSMessage()
read.ParseFromString(msg)
print("MSG: ", read)
# Formulate Response
response = nstp_v2_pb2.IDSMessage()
dec = nstp_v2_pb2.IDSDecision()
dec.event_id = read.event.event_id
#Check for Sec1/Sec2 Advisory/ Spec
dec.allow = sanitize(read) and spec(read) and bufferOverflowCheck(
read)
response.decision.event_id = dec.event_id
response.decision.allow = dec.allow
# Check if at Sec3 --> Terminate connection
skip = False
if not maxConcurrency(read, s):
response.decision.allow = False
skip = True
# Blacklist client if False
if response.decision.allow == False:
ip = read.event.remote_address
blacklist[ip] = 0
if removeConnections(ip, s) or skip:
continue
# Send Message back prefixed with length
sentMsg = response.SerializeToString()
sentLen = struct.pack("!H", len(sentMsg))
s.sendall(sentLen + sentMsg)
print("IDS RESPONSE: ", response)
except socket.timeout:
break
s.close()
return 0
def Main():
server_address = '/tmp/nstp_ids.socket'
try:
sock.connect(server_address)
except socket.error as msg:
print(msg)
sys.exit(1)
ids_alert = nstp_v2_pb2.IDSMessage(
) #Getting IDSMessage object from it's structure from protospec i.e nstp_v2_pb2
try:
while True:
data = sock.recv(4096)
if data:
l = hex(data[0]) + format(data[1], 'x') #Combine the lengths
length_key = int(l, 0)
if len(data) == length_key + 2:
ids_alert.ParseFromString(data[2:len(data)])
print("IDS Alert : {}".format(ids_alert))
event_handler(ids_alert.event)
print(open_fd)
#time.sleep(0.05) #Do not forget to remove this
else:
decision_deny(ids_alert.event)
print("Something wrong with length")
except:
print(open_fd)
print(threshold_tracker)
sock.close()
def sendIDSDecision(ids_event, decision, sock):
print(decision)
ids_des = nstp_v2_pb2.IDSDecision()
ids_des.event_id = ids_event.event_id
ids_des.allow = decision
msg = nstp_v2_pb2.IDSMessage()
msg.decision.CopyFrom(ids_des)
sock.sendall(append_len(msg.SerializeToString()))
def sendIDSTerminateConn(conn, sock):
ids_ter = nstp_v2_pb2.IDSTerminateConnection()
ids_ter.address_family = conn[0]
ids_ter.server_address = conn[1]
ids_ter.server_port = conn[2]
ids_ter.remote_address = conn[3]
ids_ter.remote_port = conn[4]
msg = nstp_v2_pb2.IDSMessage()
msg.terminate_connection.CopyFrom(ids_ter)
sock.sendall(append_len(msg.SerializeToString()))
def decision_allow(event):
ids_msg = nstp_v2_pb2.IDSMessage()
ids_msg.decision.event_id = event.event_id
ids_msg.decision.allow = True
ids_msg_bytes = ids_msg.SerializeToString()
len_hex = bytes.fromhex("{:04x}".format(
ids_msg.ByteSize())) #Finding hex_length of ids_msg
ids_msg_decision = len_hex + ids_msg_bytes #Final decision message wrapper
sock.send(ids_msg_decision)
print("IDS Allowed____________________________")
return
def terminator(event, remote_port, address_family):
ids_msg = nstp_v2_pb2.IDSMessage()
ids_msg.terminate_connection.server_address = event.server_address
ids_msg.terminate_connection.server_port = event.server_port
ids_msg.terminate_connection.remote_address = event.remote_address
ids_msg.terminate_connection.remote_port = remote_port
ids_msg.terminate_connection.address_family = address_family
ids_msg_bytes = ids_msg.SerializeToString()
len_hex = bytes.fromhex("{:04x}".format(
ids_msg.ByteSize())) # Finding hex_length of ids_msg
ids_msg_decision = len_hex + ids_msg_bytes # Final decision message wrapper
sock.send(ids_msg_decision)
open_fd_remove(event.remote_address, remote_port, address_family)
print("IDS Terminated ____________________________")
return
def decision_deny(event):
ids_msg = nstp_v2_pb2.IDSMessage()
ids_msg.decision.event_id = event.event_id
ids_msg.decision.allow = False
ids_msg_bytes = ids_msg.SerializeToString()
len_hex = bytes.fromhex("{:04x}".format(
ids_msg.ByteSize())) #Finding hex_length of ids_msg
ids_msg_decision = len_hex + ids_msg_bytes #Final decision message wrapper
add_to_blacklist_response = add_to_blacklist(event.remote_address)
sock.send(ids_msg_decision)
if (add_to_blacklist_response == 1):
terminator(event, event.remote_port, event.address_family)
return
try:
start_new_thread(iterative_terminator, (event, ))
except:
print("Some problem with starting the thread.")
return
def terminate_connection_tuple(pairs, s):
response = nstp_v2_pb2.IDSMessage()
terminate = nstp_v2_pb2.IDSTerminateConnection()
terminate.address_family = pairs[0]
terminate.server_address = pairs[1]
terminate.server_port = pairs[2]
terminate.remote_address = pairs[3]
terminate.remote_port = pairs[4]
response.terminate_connection.address_family = terminate.address_family
response.terminate_connection.server_address = terminate.server_address
response.terminate_connection.server_port = terminate.server_port
response.terminate_connection.remote_address = terminate.remote_address
response.terminate_connection.remote_port = terminate.remote_port
print("RESPONSE FOR TERMINATE ", response)
sentMsg = response.SerializeToString()
sentLen = struct.pack("!H", len(sentMsg))
s.sendall(sentLen + sentMsg)
try:
os.unlink(server_address)
except OSError:
if os.path.exists(server_address):
raise
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
sock.bind(server_address)
sock.listen(1)
while True:
print('waiting for a connection')
connection, client_address = sock.accept()
try:
# conn establish
for i in range(24):
msg = nstp_v2_pb2.IDSMessage()
ids_event = nstp_v2_pb2.IDSEvent()
ids_event.event_id = 1 + i
ids_event.client_to_server = True
ids_event.server_address = b'192.168.1.1'
ids_event.server_port = 1234
ids_event.remote_address = b'192.168.1.2'
ids_event.remote_port = 1111 + i
conn_est = nstp_v2_pb2.ConnectionEstablished()
ids_event.connection_established.CopyFrom(conn_est)
msg.event.CopyFrom(ids_event)
connection.sendall(app_len(msg.SerializeToString()))
i = 0
msg = nstp_v2_pb2.IDSMessage()
ids_event = nstp_v2_pb2.IDSEvent()