Hello all :)
I am trying to increase my cyber sec knowledge by creating a small IDS. I was hoping someone could review the code and give me some feed back and maybe point me in the right direction. Currently I am needing intrusion sig's for filters.txt if anyone knows a database of some sort. I also am not too sure where to go next. My current thought is to just check for in/out bin/sh, if bin/sh were to come across the network tap then disconnect and block all future connection attemtps.
Please note that this is basically running Pseudo code.
I am well aware of the pythonic programming, for now I am just trying ideas
Any and all advice would be awesome
Thanks -
import pcap,dpkt
-
import socket
-
import os
-
-
def capture():
-
dev= pcap.lookupdev()
-
for ts, pkt in pcap.pcap(name=dev, snaplen=65535, promisc=True, immediate=False):
-
eth = dpkt.ethernet.Ethernet(pkt)
-
if eth.type!=2048: #! if ipv6
-
ip = eth.data
-
typepack = eth.type
-
try:
-
dst_ip_6= socket.inet_ntop(socket.AF_INET6, ip.dst ) #! Dont judge my huge exception block, it will be fixed after testing
-
except AttributeError:
-
continue
-
else:
-
ip = eth.data
-
tcp = ip.data
-
typepack = eth.type
-
try:
-
src_ip = socket.inet_ntoa(ip.src)
-
dst_ip = socket.inet_ntoa(ip.dst)
-
if dst_ip == '192.168.1.2':
-
with open('//usr//home//mrfree//Desktop//Scripts//ipLog.txt','a') as log:
-
log.write('Session:%s:%s,%s\n'%(src_ip,tcp.dport,ts))
-
print('Session:%s:%s,%s\n'%(src_ip,tcp.dport,ts))
-
if tcp.dport < 1028:
-
log.write('Out of bounds connection attempt, Blocking %s \n'%(src_ip))
-
print('Out of bounds connection attempt, Blocking %s \n'%(src_ip))
-
with open('//usr//home//mrfree//Desktop//Scripts//filters.txt','r') as filters:
-
filters = filters.read()
-
if filters in tcp.data:
-
log.write('Attempted Shell connection, Blocking %s \n'%(src_ip))
-
subprocess.call('pfctl -k {0}'.format(src_ip))
-
print('Attempted Shell connection, Blocking %s \n'%(src_ip))
-
-
except AttributeError,TypeError:
-
continue
-
-
if __name__ == "__main__":
-
capture()
-
0  1002  Sign in to post your reply or Sign up for a free account.
Similar topics
by: Simon Jefferies |
last post by:
Hello,
I've created a fresh VB.NET Setup project using the wizard.
When I build the project I get the following error message:
ERROR: An error occurred while validating. HRESULT = '80004002'...
|
by: A.Carter |
last post by:
I am developing a windows application with Visual Studio 2003 using C#. The
application is complete so naturally I went to create a setup package. I
added a setup project to the solution and I went...
|
by: Alan Silver |
last post by:
Hello,
MSDN (amongst other places) is full of helpful advice on ways to do data
access, but they all seem geared to wards enterprise applications. Maybe
I'm in a minority, but I don't have those...
|
by: James Stroud |
last post by:
Hello All,
This is annoying. I am trying to build scipy right now but every .so
file requires my adding "-lpython2.5 -lpthread -lm -lutil -ldl -shared"
to the ld flags.
Main Question: When...
|
by: Gasnic |
last post by:
Hi everyone,
I am building a VS Setup project (.NET 1.1) that needs to change an XML file after installation.
Basically, what I need to do is, I need to change a value in an XML node (in a...
|
by: vedrandekovic |
last post by:
Hi,
I have already install Microsoft visual studio .NET 2003 and MinGw,
when I try to build a extension:
python my_extension_setup.py build ( or install ) , I get an error:
LINK : fatal...
|
by: kyosohma |
last post by:
Hi,
I am trying to get a small group of volunteers together to create
Windows binaries for any Python extension developer that needs them,
much like the package/extension builders who volunteer...
|
by: Claire |
last post by:
Ive written a small string resource building utility that I send out to our
translators. I have a setup project for each language we support, which
picks
out a group of 12 english resx files plus...
|
by: LeoKraken |
last post by:
This article focuses on the development of ring groups in C#. The effectiveness of any call center not only depends on the operators’ behaviour but also the technical background of the call center as...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
