/// <summary>
/// this method checks a DoS attack on a webserver
/// </summary>
/// <param name="webServerAddress"></param>
/// <param name="threshold"></param>
/// <param name="analysisWindow"></param>
/// <returns></returns>
public bool CheckForWebServerDosAttack(string webServerAddress, int threshold, int?analysisWindow)
{
bool alertRaised = false;
//fetch the data to base the decision from the appropriate agent
int totalEvents = SensorEventAgent.GetTotalEvents(webServerAddress, 21, analysisWindow);
if (totalEvents > threshold)
{
foreach (IAlertReport alertReport in ReportMethods)
{
alertReport.ReportAltert(new IDMEFMessage(), analyserId.ToString());
}
alertRaised = true;
}
return(alertRaised);
}
/// <summary>
/// this method checks for an attempted admin activity, root, su etc.
/// </summary>
/// <returns></returns>
public bool CheckForTextSignifyingAttack(string[] searchTerms)
{
bool alertRaised = false;
//fetch the data to base the decision from the appropriate agent
int totalEvents = SensorEventAgent.GetTotalEvents(searchTerms);
if (totalEvents > 0)
{
foreach (IAlertReport alertReport in ReportMethods)
{
alertReport.ReportAltert(new IDMEFMessage(), analyserId.ToString());
}
alertRaised = true;
}
return(alertRaised);
}
/// <summary>
/// this method checks for vertical port scans (many destination ip addresses & one port)
/// </summary>
/// <param name="threshold"></param>
/// <param name="analysisWindow"></param>
/// <returns></returns>
public bool CheckForHorizontalScan(string connectionString, int threshold, int?analysisWindow)
{
bool alertRaised = false;
int totalEvents = SensorEventAgent.GetMaxHorizontalEventsWithinAnalysisWindow(analysisWindow);
if (totalEvents > threshold)
{
foreach (IAlertReport alertReport in ReportMethods)
{
alertReport.ReportAltert(new IDMEFMessage(), analyserId.ToString());
}
alertRaised = true;
}
return(alertRaised);
}
