class upper_socket_server(threading.Thread):
def __init__(self):
threading.Thread.__init__(self)
self.server = ThreadingUDPServer(('192.168.20.136', 20000), Handler)
def run(self):
self.server.serve_forever()
class upper_socket_server(threading.Thread):
def __init__(self):
threading.Thread.__init__(self)
self.server = ThreadingUDPServer(('', 20000), Handler)
def run(self):
self.server.serve_forever()
def go(self):
self.setDaemon(True)
self.start()
def start_malware_center(ip="localhost", port=56565):
'''Starts Malware Center.
Args:
ip: IP address of Malware Center server.
port: port of Malware Center server.
'''
server = ThreadingUDPServer((ip, port), Malware_request_handler)
server.allow_reuse_address = True
print("Malware Center started")
print("IP: " + ip)
print("PORT: " + str(port))
#print("new worm instance h3-eth0:77.77.77.77")
server.serve_forever()
class ReceiveDataUDPServer(threading.Thread):
"""Thread the runs the main UDP Server"""
def __init__(self):
super(ReceiveDataUDPServer, self).__init__()
self.daemon = True
# Setup threading UDP server
host, port = "", 9767
self.server = ThreadingUDPServer((host, port), ReceiveDataUDPHandler)
def run(self):
"""Run method"""
self.server.serve_forever()
def stop(self):
"""Stop the UDP server"""
LOG.info('UDP server stop called')
self.server.shutdown()
while self.isAlive():
time.sleep(0.01)
LOG.info('UDP server stopped')
def start_malware_center(self, ip="1.2.3.254", port=56565):
server = ThreadingUDPServer((ip, port), Malware_request_handler)
server.allow_reuse_address = True
print("server started")
server.serve_forever()
return server
server_port = int(cf["server_port"])
server_address = (server_ip,server_port)
class listener(DRH):
def handle(self):
gqueue.put((self.request[0],self.client_address))
if __name__ == '__main__':
print("begin to listen")
num = int(cf["num_threads"])
for i in range(num):
p = Process(target=handle,args=(tuple()))
p.start()
try :
server = UDP(server_address,listener)
except Exception as err:
logging.error(err)
logging.error("no server has been built")
logger.error("不能建立server,建立server有问题,err为%s"%(err))
server.serve_forever()
print("end listen")
class DNSFlowServer(ThreadingUDPServer):
"""Central threading UDP server (central console) class."""
def __init__(self):
# read configuration from file (defaults included)
config = ConfigParser({
'loglevel': 'INFO',
'logfile': APPNAME + 'log',
'addr': '127.0.0.1',
'port': 5000,
'cryptokey': 'default'
})
config.read([CONFFILE])
# set tunables
self.loglevel = config.get(APPNAME, 'loglevel')
self.logfile = config.get(APPNAME, 'logfile')
self.addr = config.get(APPNAME, 'addr')
self.port = config.getint(APPNAME, 'port')
self.cryptokey = config.get(APPNAME, 'cryptokey')
# set local variables
self.filterlist = ()
self.pktcount = 0
self.handler = DNSFlowHandler
self.server = ThreadingUDPServer((self.addr, self.port), self.handler)
self.server.queue = Queue()
# initialize and setup logging
logging.basicConfig(filename=self.logfile, format=LOGFMT)
self.log = logging.getLogger(APPNAME)
if self.loglevel in LOGLEVELS:
self.log.setLevel(LOGLEVELS[self.loglevel])
# crypto stuff -- choose AES128 CBC
self.server.cryptocipher = AES.new
self.server.cryptomode = AES.MODE_CBC
self.server.cryptoblocksize = AES.block_size
self.server.cryptokey = self._pad_pkcs7_block(
self.cryptokey, self.server.cryptoblocksize)
# build a list of DNS IDS filter functions
callable = lambda i: hasattr(i, '__call__')
isfilter = lambda o, i: callable(getattr(o, i)) \
and i[:7] == 'filter_'
self.filterlist = [
getattr(sniff_filters, i) for i in dir(sniff_filters)
if isfilter(sniff_filters, i)
]
# start listening/analysing service
self.log.info('Started %s @ %s' % (APPNAME, time.asctime()))
thread.start_new_thread(self.process_flow, ())
self.server.serve_forever()
def _pad_pkcs7_block(self, msg, blocksize):
"""PKCS#7 padding. Returns string."""
nrpad = blocksize - (len(msg) % blocksize)
return msg + chr(nrpad) * nrpad
def process_flow(self):
"""Process received flow with registered IDS filters. Returns
nothing.
"""
while True:
addr, pkt = self.server.queue.get()
self.pktcount += 1
# dump debug info
logging.debug('Current time: %s | Packet number: %d \
| Received from: %s | Packet dump: %s' %
(time.asctime(), self.pktcount, addr, pkt))
# process IDS filters
for i in self.filterlist:
logging.debug('Calling IDS filter: %s', i)
i(pkt)
server_ip = cf["server_ip"]
server_port = int(cf["server_port"])
server_address = (server_ip, server_port)
class listener(DRH):
def handle(self):
gqueue.put((self.request[0], self.client_address))
if __name__ == '__main__':
print("begin to listen")
num = int(cf["num_threads"])
for i in range(num):
p = Process(target=handle, args=(tuple()))
p.start()
try:
server = UDP(server_address, listener)
except Exception as err:
logging.error(err)
logging.error("no server has been built")
logger.error("不能建立server,建立server有问题,err为%s" % (err))
server.serve_forever()
print("end listen")
class DNSFlowServer(ThreadingUDPServer):
"""Central threading UDP server (central console) class."""
def __init__(self):
# read configuration from file (defaults included)
config = ConfigParser({'loglevel': 'INFO',
'logfile': APPNAME + 'log',
'addr': '127.0.0.1', 'port': 5000,
'cryptokey': 'default'})
config.read([CONFFILE])
# set tunables
self.loglevel = config.get(APPNAME, 'loglevel')
self.logfile = config.get(APPNAME, 'logfile')
self.addr = config.get(APPNAME, 'addr')
self.port = config.getint(APPNAME, 'port')
self.cryptokey = config.get(APPNAME, 'cryptokey')
# set local variables
self.filterlist = ()
self.pktcount = 0
self.handler = DNSFlowHandler
self.server = ThreadingUDPServer((self.addr, self.port),
self.handler)
self.server.queue = Queue()
# initialize and setup logging
logging.basicConfig(filename=self.logfile, format=LOGFMT)
self.log = logging.getLogger(APPNAME)
if self.loglevel in LOGLEVELS:
self.log.setLevel(LOGLEVELS[self.loglevel])
# crypto stuff -- choose AES128 CBC
self.server.cryptocipher = AES.new
self.server.cryptomode = AES.MODE_CBC
self.server.cryptoblocksize = AES.block_size
self.server.cryptokey = self._pad_pkcs7_block(self.cryptokey,
self.server.cryptoblocksize)
# build a list of DNS IDS filter functions
callable = lambda i: hasattr(i, '__call__')
isfilter = lambda o, i: callable(getattr(o, i)) \
and i[:7] == 'filter_'
self.filterlist = [getattr(sniff_filters, i) for i in
dir(sniff_filters) if isfilter(sniff_filters, i)]
# start listening/analysing service
self.log.info('Started %s @ %s' % (APPNAME, time.asctime()))
thread.start_new_thread(self.process_flow, ())
self.server.serve_forever()
def _pad_pkcs7_block(self, msg, blocksize):
"""PKCS#7 padding. Returns string."""
nrpad = blocksize - (len(msg) % blocksize)
return msg + chr(nrpad) * nrpad
def process_flow(self):
"""Process received flow with registered IDS filters. Returns
nothing.
"""
while True:
addr, pkt = self.server.queue.get()
self.pktcount += 1
# dump debug info
logging.debug('Current time: %s | Packet number: %d \
| Received from: %s | Packet dump: %s' % (time.asctime(), self.pktcount,
addr, pkt))
# process IDS filters
for i in self.filterlist:
logging.debug('Calling IDS filter: %s', i)
i(pkt)
