feat: idps + détection scan TCPConnect, SynScan

2025-07-07 12:24:38 +02:00 · 2024-11-14 12:08:34 -05:00
parent e89442f538
commit 19d007dfff
7 changed files with 257 additions and 8 deletions
--- a/idps/rules/TCP/Scan/tcpconnectscan.py
+++ b/idps/rules/TCP/Scan/tcpconnectscan.py
@ -0,0 +1,8 @@
+# Seuils
+TIME_WINDOW = 180 # 180 secondes pour avoir X paquets
+NB_SEUIL = 5
+
+
+def rule(packet, tcp_packets):
+    if (tcp_packets.count_packet_of_type("A", TIME_WINDOW) + tcp_packets.count_packet_of_type("RA", TIME_WINDOW)) >= NB_SEUIL:
+            print(f"Alerte, seuils dépassés, risque de TCPConnectScan")