Oxbian/SIDPS
1
0
Fork 0
mirror of https://github.com/Oxbian/SIDPS.git synced 2025-07-07 12:24:38 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
dbc65f13bce05def78f11ab3c00f5be659bb9cf1
SIDPS/idps/rules/TCP/Scan/synscan.py

9 lines
316 B
Python
Raw Blame History

# Seuils
TIME_WINDOW = 180
NB_SEUIL = 5
def rule(packet, tcp_packets):
if (tcp_packets.count_packet_of_type("RA", TIME_WINDOW) + tcp_packets.count_packet_of_type("SA", TIME_WINDOW)) + tcp_packets.count_packet_of_type("R", TIME_WINDOW) >= NB_SEUIL:
print(f"Alerte, seuil dépassés, risque de SynScan")
Reference in New Issue View Git Blame Copy Permalink