Oxbian/SIDPS
1
0
Fork 0
mirror of https://github.com/Oxbian/SIDPS.git synced 2025-07-06 20:05:42 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: idps + détection scan TCPConnect, SynScan

Browse Source
This commit is contained in:
Oxbian
2024-11-14 12:08:34 -05:00
parent e89442f538
commit 19d007dfff
7 changed files with 257 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
idps/rules/TCP/Scan/synscan.py Normal file
View File

@ -0,0 +1,8 @@
# Seuils
TIME_WINDOW = 180
NB_SEUIL = 5
def rule(packet, tcp_packets):
if (tcp_packets.count_packet_of_type("RA", TIME_WINDOW) + tcp_packets.count_packet_of_type("SA", TIME_WINDOW)) + tcp_packets.count_packet_of_type("R", TIME_WINDOW) >= NB_SEUIL:
print(f"Alerte, seuil dépassés, risque de SynScan")

8
idps/rules/TCP/Scan/tcpconnectscan.py Normal file
View File

@ -0,0 +1,8 @@
# Seuils
TIME_WINDOW = 180 # 180 secondes pour avoir X paquets
NB_SEUIL = 5
def rule(packet, tcp_packets):
if (tcp_packets.count_packet_of_type("A", TIME_WINDOW) + tcp_packets.count_packet_of_type("RA", TIME_WINDOW)) >= NB_SEUIL:
print(f"Alerte, seuils dépassés, risque de TCPConnectScan")