def TrafficLogging(self, arg1, arg2, arg3, arg4, arg5, table):
if (table in {'TLSProxy'}):
ProxyDB = DBConnector(table)
ProxyDB.Connect()
ProxyDB.StandardInput(arg1, arg2, arg3, arg4, arg5)
elif (table in {'PIHosts'}):
ProxyDB = DBConnector(table)
ProxyDB.Connect()
ProxyDB.InfectedInput(arg1, arg2, arg3, arg4, arg5)
def Logging(self, timestamp, logging_options):
ProxyDB = DBConnector(table='ips')
ProxyDB.Connect()
ProxyDB.IPSInput(timestamp, logging_options)
ProxyDB.Disconnect()
if (self.syslog_enabled):
self.AlertSyslog(logging_options)
async def CleanDBTables(self):
while True:
for table in {'dnsproxy', 'ipproxy', 'ips', 'infectedclients'}:
Database = DBConnector(table)
Database.Connect()
Database.Cleaner(self.log_length)
Database.Disconnect()
#running on system startup and every 24 hours thereafter
await asyncio.sleep(EXTRA_LONG_TIMER)
def TrafficLogging(self, table, timestamp, logging_options):
ProxyDB = DBConnector(table)
ProxyDB.Connect()
if (table in {'ipproxy'}):
ProxyDB.IPInput(timestamp, logging_options)
if (self.syslog_enabled):
self.AlertSyslog(logging_options)
elif (table in {'infectedclients'}):
ProxyDB.InfectedInput(timestamp, logging_options)
ProxyDB.Disconnect()
def SignatureCheck(self, packet):
#setting variables and filtering out ICMP
session_tracker = self.session_tracker['Clients']
log = False
hittime = int(time.time())
dst_ip = packet.dst
src_ip = packet.src
dport = packet.dport
sport = packet.sport
# Catches initial request to interesting traffic, filtering for local host > FW
if (dst_ip in self.tor_nodes):
print('Detected connection to TOR Node: {}'.format(dst_ip))
if (src_ip not in session_tracker):
session_tracker.update({src_ip: {sport: ''}})
else:
session_tracker[src_ip].update({sport: ''})
category = self.tor_nodes[dst_ip]
blocked = self.SessionTracker(sport, src_ip)
if (blocked):
log = True
elif (dst_ip in self.vpn_list):
log = True
category = 'FW Rule'
# Catches the response of interesting traffic, filtering for FW > local host#
if (dst_ip in session_tracker and dport in session_tracker[src_ip]):
print('Detected response from TOR Node: {}'.format(src_ip))
session_tracker[dst_ip].pop(dport, None)
category = self.tor_nodes[src_ip]
blocked = False
log = True
# Reversing src/dst to show initial connection.
src_ip = packet.dst
dst_ip = packet.src
# logging to database if filters detect interesting tracking, noting block /allow
if (log):
print('Logged {}: {}'.format(dst_ip, blocked))
ProxyDB = DBConnector(table='FWBlocks')
ProxyDB.Connect()
ProxyDB.FWInput(src_ip, dst_ip, category, blocked, hittime)
ProxyDB.Disconnect()
def ProxyDB(self):
for table in {'DNSProxy', 'PIHosts'}:
ProxyDB = DBConnector(table)
ProxyDB.Connect()
ProxyDB.Cleaner()
ProxyDB.Disconnect()
def ProxyDB(self):
ProxyDB = DBConnector(table='FWBlocks')
ProxyDB.Connect()
ProxyDB.Cleaner()
ProxyDB.Disconnect()
def ProxyDB(self):
ProxyDB = DBConnector(table='IPS')
ProxyDB.Connect()
ProxyDB.Cleaner()
ProxyDB.Disconnect()
def Logging(self, src_ip, protocol, attack_type, action, timestamp):
ProxyDB = DBConnector(table='IPS')
ProxyDB.Connect()
ProxyDB.IPSInput(src_ip, protocol, attack_type, action, timestamp)