def main(): s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) s.connect(sockFile) s.settimeout(10) while True: try: # Recieve Message #msg = s.recv(2048) lengthInBytes = recv_all(s, 2) if len(lengthInBytes) == 0: s.close() return 0 #length = struct.unpack("!H", msg[0:2])[0] length = struct.unpack("!H", lengthInBytes)[0] print(length) #msg = msg[2:] msg = recv_all(s, length) read = nstp_v2_pb2.IDSMessage() read.ParseFromString(msg) print("MSG: ", read) # Formulate Response response = nstp_v2_pb2.IDSMessage() dec = nstp_v2_pb2.IDSDecision() dec.event_id = read.event.event_id #Check for Sec1/Sec2 Advisory/ Spec dec.allow = sanitize(read) and spec(read) and bufferOverflowCheck( read) response.decision.event_id = dec.event_id response.decision.allow = dec.allow # Check if at Sec3 --> Terminate connection skip = False if not maxConcurrency(read, s): response.decision.allow = False skip = True # Blacklist client if False if response.decision.allow == False: ip = read.event.remote_address blacklist[ip] = 0 if removeConnections(ip, s) or skip: continue # Send Message back prefixed with length sentMsg = response.SerializeToString() sentLen = struct.pack("!H", len(sentMsg)) s.sendall(sentLen + sentMsg) print("IDS RESPONSE: ", response) except socket.timeout: break s.close() return 0
def Main(): server_address = '/tmp/nstp_ids.socket' try: sock.connect(server_address) except socket.error as msg: print(msg) sys.exit(1) ids_alert = nstp_v2_pb2.IDSMessage( ) #Getting IDSMessage object from it's structure from protospec i.e nstp_v2_pb2 try: while True: data = sock.recv(4096) if data: l = hex(data[0]) + format(data[1], 'x') #Combine the lengths length_key = int(l, 0) if len(data) == length_key + 2: ids_alert.ParseFromString(data[2:len(data)]) print("IDS Alert : {}".format(ids_alert)) event_handler(ids_alert.event) print(open_fd) #time.sleep(0.05) #Do not forget to remove this else: decision_deny(ids_alert.event) print("Something wrong with length") except: print(open_fd) print(threshold_tracker) sock.close()
def sendIDSDecision(ids_event, decision, sock): print(decision) ids_des = nstp_v2_pb2.IDSDecision() ids_des.event_id = ids_event.event_id ids_des.allow = decision msg = nstp_v2_pb2.IDSMessage() msg.decision.CopyFrom(ids_des) sock.sendall(append_len(msg.SerializeToString()))
def sendIDSTerminateConn(conn, sock): ids_ter = nstp_v2_pb2.IDSTerminateConnection() ids_ter.address_family = conn[0] ids_ter.server_address = conn[1] ids_ter.server_port = conn[2] ids_ter.remote_address = conn[3] ids_ter.remote_port = conn[4] msg = nstp_v2_pb2.IDSMessage() msg.terminate_connection.CopyFrom(ids_ter) sock.sendall(append_len(msg.SerializeToString()))
def decision_allow(event): ids_msg = nstp_v2_pb2.IDSMessage() ids_msg.decision.event_id = event.event_id ids_msg.decision.allow = True ids_msg_bytes = ids_msg.SerializeToString() len_hex = bytes.fromhex("{:04x}".format( ids_msg.ByteSize())) #Finding hex_length of ids_msg ids_msg_decision = len_hex + ids_msg_bytes #Final decision message wrapper sock.send(ids_msg_decision) print("IDS Allowed____________________________") return
def terminator(event, remote_port, address_family): ids_msg = nstp_v2_pb2.IDSMessage() ids_msg.terminate_connection.server_address = event.server_address ids_msg.terminate_connection.server_port = event.server_port ids_msg.terminate_connection.remote_address = event.remote_address ids_msg.terminate_connection.remote_port = remote_port ids_msg.terminate_connection.address_family = address_family ids_msg_bytes = ids_msg.SerializeToString() len_hex = bytes.fromhex("{:04x}".format( ids_msg.ByteSize())) # Finding hex_length of ids_msg ids_msg_decision = len_hex + ids_msg_bytes # Final decision message wrapper sock.send(ids_msg_decision) open_fd_remove(event.remote_address, remote_port, address_family) print("IDS Terminated ____________________________") return
def decision_deny(event): ids_msg = nstp_v2_pb2.IDSMessage() ids_msg.decision.event_id = event.event_id ids_msg.decision.allow = False ids_msg_bytes = ids_msg.SerializeToString() len_hex = bytes.fromhex("{:04x}".format( ids_msg.ByteSize())) #Finding hex_length of ids_msg ids_msg_decision = len_hex + ids_msg_bytes #Final decision message wrapper add_to_blacklist_response = add_to_blacklist(event.remote_address) sock.send(ids_msg_decision) if (add_to_blacklist_response == 1): terminator(event, event.remote_port, event.address_family) return try: start_new_thread(iterative_terminator, (event, )) except: print("Some problem with starting the thread.") return
def terminate_connection_tuple(pairs, s): response = nstp_v2_pb2.IDSMessage() terminate = nstp_v2_pb2.IDSTerminateConnection() terminate.address_family = pairs[0] terminate.server_address = pairs[1] terminate.server_port = pairs[2] terminate.remote_address = pairs[3] terminate.remote_port = pairs[4] response.terminate_connection.address_family = terminate.address_family response.terminate_connection.server_address = terminate.server_address response.terminate_connection.server_port = terminate.server_port response.terminate_connection.remote_address = terminate.remote_address response.terminate_connection.remote_port = terminate.remote_port print("RESPONSE FOR TERMINATE ", response) sentMsg = response.SerializeToString() sentLen = struct.pack("!H", len(sentMsg)) s.sendall(sentLen + sentMsg)
try: os.unlink(server_address) except OSError: if os.path.exists(server_address): raise sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) sock.bind(server_address) sock.listen(1) while True: print('waiting for a connection') connection, client_address = sock.accept() try: # conn establish for i in range(24): msg = nstp_v2_pb2.IDSMessage() ids_event = nstp_v2_pb2.IDSEvent() ids_event.event_id = 1 + i ids_event.client_to_server = True ids_event.server_address = b'192.168.1.1' ids_event.server_port = 1234 ids_event.remote_address = b'192.168.1.2' ids_event.remote_port = 1111 + i conn_est = nstp_v2_pb2.ConnectionEstablished() ids_event.connection_established.CopyFrom(conn_est) msg.event.CopyFrom(ids_event) connection.sendall(app_len(msg.SerializeToString())) i = 0 msg = nstp_v2_pb2.IDSMessage() ids_event = nstp_v2_pb2.IDSEvent()