/// <summary> /// this method checks a DoS attack on a webserver /// </summary> /// <param name="webServerAddress"></param> /// <param name="threshold"></param> /// <param name="analysisWindow"></param> /// <returns></returns> public bool CheckForWebServerDosAttack(string webServerAddress, int threshold, int?analysisWindow) { bool alertRaised = false; //fetch the data to base the decision from the appropriate agent int totalEvents = SensorEventAgent.GetTotalEvents(webServerAddress, 21, analysisWindow); if (totalEvents > threshold) { foreach (IAlertReport alertReport in ReportMethods) { alertReport.ReportAltert(new IDMEFMessage(), analyserId.ToString()); } alertRaised = true; } return(alertRaised); }
/// <summary> /// this method checks for an attempted admin activity, root, su etc. /// </summary> /// <returns></returns> public bool CheckForTextSignifyingAttack(string[] searchTerms) { bool alertRaised = false; //fetch the data to base the decision from the appropriate agent int totalEvents = SensorEventAgent.GetTotalEvents(searchTerms); if (totalEvents > 0) { foreach (IAlertReport alertReport in ReportMethods) { alertReport.ReportAltert(new IDMEFMessage(), analyserId.ToString()); } alertRaised = true; } return(alertRaised); }
/// <summary> /// this method checks for vertical port scans (many destination ip addresses & one port) /// </summary> /// <param name="threshold"></param> /// <param name="analysisWindow"></param> /// <returns></returns> public bool CheckForHorizontalScan(string connectionString, int threshold, int?analysisWindow) { bool alertRaised = false; int totalEvents = SensorEventAgent.GetMaxHorizontalEventsWithinAnalysisWindow(analysisWindow); if (totalEvents > threshold) { foreach (IAlertReport alertReport in ReportMethods) { alertReport.ReportAltert(new IDMEFMessage(), analyserId.ToString()); } alertRaised = true; } return(alertRaised); }