def Logging(self, timestamp, logging_options): ProxyDB = DBConnector(table='ips') ProxyDB.Connect() ProxyDB.IPSInput(timestamp, logging_options) ProxyDB.Disconnect() if (self.syslog_enabled): self.AlertSyslog(logging_options)
async def CleanDBTables(self): while True: for table in {'dnsproxy', 'ipproxy', 'ips', 'infectedclients'}: Database = DBConnector(table) Database.Connect() Database.Cleaner(self.log_length) Database.Disconnect() #running on system startup and every 24 hours thereafter await asyncio.sleep(EXTRA_LONG_TIMER)
def TrafficLogging(self, arg1, arg2, arg3, arg4, arg5, table): if (table in {'DNSProxy'}): ProxyDB = DBConnector(table) ProxyDB.Connect() ProxyDB.StandardInput(arg1, arg2, arg3, arg4, arg5) elif (table in {'PIHosts'}): ProxyDB = DBConnector(table) ProxyDB.Connect() ProxyDB.InfectedInput(arg1, arg2, arg3, arg4, arg5) ProxyDB.Disconnect()
def SignatureCheck(self, packet): #setting variables and filtering out ICMP session_tracker = self.session_tracker['Clients'] log = False hittime = int(time.time()) dst_ip = packet.dst src_ip = packet.src dport = packet.dport sport = packet.sport # Catches initial request to interesting traffic, filtering for local host > FW if (dst_ip in self.tor_nodes): print('Detected connection to TOR Node: {}'.format(dst_ip)) if (src_ip not in session_tracker): session_tracker.update({src_ip: {sport: ''}}) else: session_tracker[src_ip].update({sport: ''}) category = self.tor_nodes[dst_ip] blocked = self.SessionTracker(sport, src_ip) if (blocked): log = True elif (dst_ip in self.vpn_list): log = True category = 'FW Rule' # Catches the response of interesting traffic, filtering for FW > local host# if (dst_ip in session_tracker and dport in session_tracker[src_ip]): print('Detected response from TOR Node: {}'.format(src_ip)) session_tracker[dst_ip].pop(dport, None) category = self.tor_nodes[src_ip] blocked = False log = True # Reversing src/dst to show initial connection. src_ip = packet.dst dst_ip = packet.src # logging to database if filters detect interesting tracking, noting block /allow if (log): print('Logged {}: {}'.format(dst_ip, blocked)) ProxyDB = DBConnector(table='FWBlocks') ProxyDB.Connect() ProxyDB.FWInput(src_ip, dst_ip, category, blocked, hittime) ProxyDB.Disconnect()
def TrafficLogging(self, table, timestamp, logging_options): ProxyDB = DBConnector(table) ProxyDB.Connect() if (table in {'ipproxy'}): ProxyDB.IPInput(timestamp, logging_options) if (self.syslog_enabled): self.AlertSyslog(logging_options) elif (table in {'infectedclients'}): ProxyDB.InfectedInput(timestamp, logging_options) ProxyDB.Disconnect()
def ProxyDB(self): for table in {'DNSProxy', 'PIHosts'}: ProxyDB = DBConnector(table) ProxyDB.Connect() ProxyDB.Cleaner() ProxyDB.Disconnect()
def ProxyDB(self): ProxyDB = DBConnector(table='FWBlocks') ProxyDB.Connect() ProxyDB.Cleaner() ProxyDB.Disconnect()
def ProxyDB(self): ProxyDB = DBConnector(table='IPS') ProxyDB.Connect() ProxyDB.Cleaner() ProxyDB.Disconnect()
def Logging(self, src_ip, protocol, attack_type, action, timestamp): ProxyDB = DBConnector(table='IPS') ProxyDB.Connect() ProxyDB.IPSInput(src_ip, protocol, attack_type, action, timestamp)