Oxbian/SIDPS
1
0
Fork 0
mirror of https://github.com/Oxbian/SIDPS.git synced 2025-07-07 12:24:38 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

update dataExfiltration

Browse Source 
c'est pas encore ça mais il y a de l'idée
This commit is contained in:
SofianeElNaggar
2024-11-20 19:41:46 -05:00
parent 6efbe6e2e4
commit 17a6e3def2
3 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
idps/main.py
View File

@ -91,10 +91,10 @@ def packet_callback(packet, rules_functions, tcp_packets, db):
@param db: Objet database pour envoyer des alertes à la BDD
"""
#print(packet)
##print(packet)
if IP in packet and TCP in packet:
tcp_packets.add_packet(packet[IP].src, packet[TCP].sport, packet[IP].dst, packet[TCP].dport, packet[TCP].flags, time.time())
print(tcp_packets[packet[IP].src])
#print(tcp_packets[packet[IP].src])
check_frame_w_rules(packet, rules_functions['TCP'], tcp_packets, db)
tcp_packets.clean_old_packets()

6
idps/rules/TCP/Scan/dataExfiltration.py
View File

@ -23,6 +23,8 @@ def rule(packet, _, db):
data_transfer[src_ip]["current"] += payload_size
data_transfer[src_ip]["daily"] += payload_size
print(data_transfer[src_ip]["current"])
# Exfiltration de données instantané
if data_transfer[src_ip]["current"] > rule.seuil_session:
db.send_alert(
@ -32,7 +34,7 @@ def rule(packet, _, db):
"Exfiltration de données détectée (instantané)",
src_ip,
dst_ip,
"TCP",
proto = "TCP",
reason="Exfiltration de données détectée (instantané)",
act="Alerte"
)
@ -48,7 +50,7 @@ def rule(packet, _, db):
"Exfiltration de données détectée (journalière)",
src_ip,
dst_ip,
"TCP",
proto = "TCP",
reason="Exfiltration de données détectée (journalière)",
act="Alerte"
)

10
idps/tcp.py
View File

@ -34,7 +34,7 @@ class TCP:
i, ip = self.find_packet_to_replace(ip_src, port_src, ip_dst, port_dst, "S")
if i is not None:
print(f"i: {i}, {ip_src}:{port_src}->{ip_dst}:{port_dst}, paquets: \n{self.packets}")
#print(f"i: {i}, {ip_src}:{port_src}->{ip_dst}:{port_dst}, paquets: \n{self.packets}")
self.packets[ip][i][3].append("SA")
self.packets[ip][i][4] = timestamp
return
@ -48,7 +48,7 @@ class TCP:
i, ip = self.find_packet_to_replace(ip_src, port_src, ip_dst, port_dst, "R")
if i is not None:
print(f"i: {i}, {ip_src}:{port_src}->{ip_dst}:{port_dst}, paquets: \n{self.packets}")
#print(f"i: {i}, {ip_src}:{port_src}->{ip_dst}:{port_dst}, paquets: \n{self.packets}")
self.packets[ip][i][3].append("A")
self.packets[ip][i][4] = timestamp
return
@ -63,7 +63,7 @@ class TCP:
i, ip = self.find_packet_to_replace(ip_src, port_src, ip_dst, port_dst, "S")
if i is not None:
print(f"i: {i}, {ip_src}:{port_src}->{ip_dst}:{port_dst}, paquets: \n{self.packets}")
#print(f"i: {i}, {ip_src}:{port_src}->{ip_dst}:{port_dst}, paquets: \n{self.packets}")
self.packets[ip][i][3].append("RA")
self.packets[ip][i][4] = timestamp
return
@ -78,7 +78,7 @@ class TCP:
i, ip = self.find_packet_to_replace(ip_src, port_src, ip_dst, port_dst, "S")
if i is not None:
print(f"i: {i}, {ip_src}:{port_src}->{ip_dst}:{port_dst}, paquets: \n{self.packets}")
#print(f"i: {i}, {ip_src}:{port_src}->{ip_dst}:{port_dst}, paquets: \n{self.packets}")
self.packets[ip][i][3].append("R")
self.packets[ip][i][4] = timestamp
return
@ -90,7 +90,7 @@ class TCP:
i, ip = self.find_packet_to_replace(ip_src, port_src, ip_dst, port_dst, "A")
if i is not None:
print(f"i: {i}, {ip_src}:{port_src}->{ip_dst}:{port_dst}, paquets: \n{self.packets}")
#print(f"i: {i}, {ip_src}:{port_src}->{ip_dst}:{port_dst}, paquets: \n{self.packets}")
self.packets[ip][i][3].append("F")
self.packets[ip][i][4] = timestamp
return