public ConnectMon(/*DateTime _fromDate*/ bool _updateDb, bool _updateFw)
{
//fromDate = _fromDate;
updateDb = _updateDb;
updateFw = _updateFw;
//dbg = File.Exists("c:\\HaxLogs.txt") || File.Exists("c:\\ruby_doc.ico");
addrs = new Addrs(/*_fromDate*/ _updateDb, _updateFw);
}
public void Merge(LiteCollection <Addr> addrTable, Addrs newItems)
{
foreach (var newItem in newItems.Items)
{
var ip = newItem.Key;
var addr = newItem.Value;
AggregateMulti(addrTable, ip, addr.SuccessCount, addr.FailCount, addr.First, addr.Last, addr.UserNames);
}
}
void RefreshConnectionsLV(bool initialLoad)
{
int exitCode = 0;
var startedLvUpdate = false;
var lv = connectsLv;
// Initial load or update?
if (initialLoad)
{
lastConnectRefresh = DateTime.MinValue;
startedLvUpdate = true;
lv.BeginUpdate();
lv.ListViewItemSorter = null;
lv.Items.Clear();
totalAttackers = totalAttempts = totalLegits = 0;
}
var now = DateTime.UtcNow;
if (dbg)
{
Utils.ExecProg(Utils.MyExe(), "-collect", ref exitCode, 60000, false);
}
var _from = (lastConnectRefresh < fromDate ? fromDate : lastConnectRefresh);
// Aggregate logins
var aggregator = new ConnectMon(/*fromDate*/ false, false);
var _addrs = aggregator.Aggregate(_from);
var changes = _addrs.Items.Count;
addrs = _addrs;
foreach (var item in addrs.Items)
{
var ip = item.Key;
var addr = item.Value;
var isAttack = addr.IsAttack();
var isLegit = addr.IsLegit();
//var isAttack = (addr.SuccessCount == 0);
//if (isAttack && !addr.IsAttack())
// continue;
if (addr.Last < lastConnectRefresh)
{
continue;
}
// Filter
if (isAttack && !filterBtnAttacks.Checked)
{
continue;
}
if (isLegit && !filterBtnLegits.Checked)
{
continue;
}
if (!isAttack && !isLegit && !filterBtnUnknown.Checked)
{
continue;
}
if (!startedLvUpdate)
{
startedLvUpdate = true;
lv.BeginUpdate();
lv.ListViewItemSorter = null;
}
var existingidx = -1;
for (int i = 0; i < lv.Items.Count; i++)
{
if (lv.Items[i].Text == ip)
{
existingidx = i;
break;
}
}
ListViewItem lvi;
if (existingidx != -1)
{
lvi = lv.Items[existingidx];
}
else
{
lvi = new ListViewItem();
lvi.SubItems.AddRange(new[] { "", "", "", "", "", "" });
}
lvi.SubItems[colIP.DisplayIndex].Text = ip;
lvi.SubItems[colFailCount.DisplayIndex].Text = addr.FailCount.ToString();
lvi.SubItems[colSuccessCount.DisplayIndex].Text = addr.SuccessCount.ToString();
lvi.SubItems[colFirstTime.DisplayIndex].Text = addr.First.ToLocalTime().ToString("MM/dd HH:mm:ss");
lvi.SubItems[colLastTime.DisplayIndex].Text = addr.Last.ToLocalTime().ToString("MM/dd HH:mm:ss");
if (addr.UserNames.Count() <= 5)
{
lvi.SubItems[colLogins.DisplayIndex].Text = string.Join(", ", addr.UserNames);
}
else
{
lvi.SubItems[colLogins.DisplayIndex].Text = string.Join(", ", addr.UserNames.Take(5)) + $"... ({addr.UserNames.Count})";
}
if (isAttack)
{
lvi.ImageIndex = 0;
if (addr.IsOngoing()) //|| (lastRefresh != DateTime.MinValue && attack.Last > lastRefresh))
{
lvi.SubItems[colDuration.DisplayIndex].Text = "ongoing";
lvi.UseItemStyleForSubItems = false;
lvi.SubItems[colDuration.DisplayIndex].ForeColor = Color.Red;
//lvi.ImageIndex = 1;
}
else
{
lvi.SubItems[colDuration.DisplayIndex].Text = Utils.DurationStr(addr.Last.Subtract(addr.First));
}
}
else if (isLegit)
{
lvi.ImageIndex = 1;
}
else // Neither attack nor legit; not enough data
{
lvi.ImageIndex = 2;
}
lvi.Tag = addr;
if (existingidx == -1)
{
lv.Items.Add(lvi);
if (isAttack)
{
totalAttackers++;
}
else if (isLegit)
{
totalLegits++;
}
}
}
if (!initialLoad)
{
totalAttempts = 0;
for (int i = 0; i < lv.Items.Count; i++)
{
// Update "Ongoing" items that are no longer ongoing
if (lv.Items[i].SubItems[colDuration.DisplayIndex].Text == "ongoing")
{
var _addr = (Addr)lv.Items[i].Tag;
if (!_addr.IsOngoing())
{
lv.Items[i].SubItems[colDuration.DisplayIndex].Text = Utils.DurationStr(_addr.Last.Subtract(_addr.First));
lv.Items[i].UseItemStyleForSubItems = true;
lv.Items[i].ForeColor = Color.Black;
//lv.Items[i].ImageIndex = 0;
}
}
var addr = (Addr)lv.Items[i].Tag;
totalAttempts += addr.FailCount;
}
}
if (startedLvUpdate)
{
lv.ListViewItemSorter = connectsSorter;
lv.Sort();
lv.EndUpdate();
lv.ListViewItemSorter = null;
}
lastConnectRefresh = now;
// Statistics
toolStripStatsLabel.Text = totalLegits + " legitimate users, " + totalAttackers + " suspected addresses";
if (totalAttempts > 0)
{
toolStripStatsLabel.Text += ", " + totalAttempts + " password attempts";
if (nla <= 0)
{
toolStripStatsLabel.Text += ", WARNING: NLA not activated on this machine!";
}
}
}