/// <summary> /// constructor /// </summary> /// <param name="deviceToCaptureInfo"></param> /// <param name="filter"></param> /// <param name="deviceMode"></param> /// <param name="reportMethods"></param> /// <param name="heartBeatDelay"></param> public BaseSensor(CaptureDeviceDescription deviceToCaptureInfo, string filter, DeviceMode deviceMode, List <ISensorReport> reportMethods, int heartBeatDelay, Enumerations.SensorMode sensorMode) { _sensorId = Guid.NewGuid(); _lastTimeval = new PosixTimeval(0, 0); _reportMethods = reportMethods; _currentCaptureDevice = GetDeviceToCapture(deviceToCaptureInfo); _currentCaptureDevice.Open(deviceMode); if (!string.IsNullOrEmpty(filter)) { _currentCaptureDevice.Filter = filter; } //attach listeners switch (sensorMode) { case Enumerations.SensorMode.PacketCapture: //_currentCaptureDevice.OnPacketArrival += new PacketArrivalEventHandler(_currentCaptureDevice_OnPacketArrival); _currentCaptureDevice.OnPacketArrival += new PacketArrivalEventHandler(device_OnPacketArrival); break; case Enumerations.SensorMode.Statistics: var device = _currentCaptureDevice as WinPcapDevice; device.Mode = CaptureMode.Statistics; device.OnPcapStatistics += device_OnPcapStatistics; break; } //start heartbeat timer StartHeartbeat(heartBeatDelay, reportMethods); }
static void Main(string[] args) { List <Ids.Common.Interfaces.ISensorReport> reporters = new List <Ids.Common.Interfaces.ISensorReport>(); reporters.Add(new Ids.Common.Reporters.SimpleReportAgent()); string connectionString = @"Data Source=(localdb)\MSSQLLocalDB;Initial Catalog=IDSDB;Persist Security Info=True;User ID=cyberproduct;Password=x2000; Connect Timeout=600;Max Pool Size = 200;Pooling = True"; AzureSqlDbReportAgent cloudDbReportAgent = new AzureSqlDbReportAgent(connectionString, String.Empty); reporters.Add(cloudDbReportAgent); CaptureDeviceDescription cdd = new CaptureDeviceDescription() { DeviceNumber = 0, TextInDeviceName = "whatever" }; //www.google.com = 216.58.209.100 //const string googleIpAddress = "216.58.209.100"; //WebServerDosSensor wds = WebServerDosSensor.FactoryMethod(cdd, googleIpAddress, 443, false, reporters, 5000); //cloudDbReportAgent.UpdateSensorId(wds.GetSensorId()); //wds.StartCapturing(); //Console.ReadLine(); //wds.StopCapturing(); const string ftpIpAddress = "192.168.1.74"; FtpServerDosSensor fds = FtpServerDosSensor.FactoryMethod(cdd, ftpIpAddress, 443, false, reporters, 5000); cloudDbReportAgent.UpdateSensorId(fds.GetSensorId()); fds.StartCapturing(); Console.ReadLine(); fds.StopCapturing(); }
static void Main(string[] args) { List <Ids.Common.Interfaces.ISensorReport> reporters = new List <Ids.Common.Interfaces.ISensorReport>(); reporters.Add(new Ids.Common.Reporters.SimpleReportAgent()); CaptureDeviceDescription cdd = new CaptureDeviceDescription() { DeviceNumber = 0, TextInDeviceName = "whatever" }; string enteredChar = "X"; while (enteredChar != "s" && enteredChar != "p") { Console.WriteLine("enter type Statistics Capture (s) or Packet Capture (p):"); enteredChar = Console.ReadLine(); } BaseSensor baseSensor = null; if (enteredChar == "p") { //baseSensor = new BaseSensor(cdd, "tcp and ip and dst port 80", SharpPcap.DeviceMode.Normal,reporters, 1000, Enumerations.SensorMode.PacketCapture); baseSensor = new BaseSensor(cdd, "dst 192.168.0.103", SharpPcap.DeviceMode.Normal, reporters, 10000, Enumerations.SensorMode.PacketCapture); } else { baseSensor = new BaseSensor(cdd, "tcp", SharpPcap.DeviceMode.Normal, reporters, 1000, Enumerations.SensorMode.Statistics); } baseSensor.StartCapturing(); Console.ReadLine(); baseSensor.StopCapturing(); }
private ICaptureDevice GetDeviceToCapture(CaptureDeviceDescription deviceToCaptureInfo) { ICaptureDevice foundDevice = null; if ((string.IsNullOrEmpty(deviceToCaptureInfo.TextInDeviceName) && (!deviceToCaptureInfo.DeviceNumber.HasValue))) { Console.WriteLine("Device description missing valid information"); //throw new MissingFieldException("Device " + deviceToCaptureInfo.DeviceNumber + " was notfound on this machine"); return(foundDevice); } // Retrieve the device list CaptureDeviceList devices = CaptureDeviceList.Instance; // if we have no device do nothing if (devices.Count < 1) { //possibly want to log an error here Console.WriteLine("No devices were found on this machine"); //throw new IndexOutOfRangeException("No devices were found on this machine"); } else if (devices.Count == 1) { foundDevice = devices[0]; } else { if (deviceToCaptureInfo.DeviceNumber.HasValue) { if (devices.Count < deviceToCaptureInfo.DeviceNumber) { Console.WriteLine("Device " + deviceToCaptureInfo.DeviceNumber + " was notfound on this machine"); //throw new IndexOutOfRangeException("Device " + deviceToCaptureInfo.DeviceNumber + " was notfound on this machine"); } else { foundDevice = devices[(int)deviceToCaptureInfo.DeviceNumber]; } } else if (!string.IsNullOrEmpty(deviceToCaptureInfo.TextInDeviceName)) { foreach (var device in devices) { if (device.Name.Contains(deviceToCaptureInfo.TextInDeviceName)) { foundDevice = device; break; } } } } return(foundDevice); }
public static FtpServerDosSensor FactoryMethod(CaptureDeviceDescription deviceToCaptureInfo, string webServerAdress, int port, bool sensorDeployedOnWebServer, List<ISensorReport> reportMethods, int heartBeatDelay) { //string webFilter = string.Format("((dst net {0}) and (dst port {1}))", webServerAdress, port); //string webFilter = string.Format("dst net {0}", webServerAdress); DeviceMode sensorListeningMode = DeviceMode.Promiscuous; string webFilter = "dst net 192.168.1.74"; if (sensorDeployedOnWebServer) sensorListeningMode = DeviceMode.Promiscuous; return new FtpServerDosSensor(deviceToCaptureInfo, webFilter, sensorListeningMode, reportMethods, heartBeatDelay); }
public static WebServerDosSensor FactoryMethod(CaptureDeviceDescription deviceToCaptureInfo, string webServerAdress, int port, bool sensorDeployedOnWebServer, List <ISensorReport> reportMethods, int heartBeatDelay) { //string webFilter = string.Format("((dst net {0}) and (dst port {1}))", webServerAdress, port); //string webFilter = string.Format("dst net {0}", webServerAdress); DeviceMode sensorListeningMode = DeviceMode.Promiscuous; string webFilter = "port 80"; if (sensorDeployedOnWebServer) { sensorListeningMode = DeviceMode.Normal; } return(new WebServerDosSensor(deviceToCaptureInfo, webFilter, sensorListeningMode, reportMethods, heartBeatDelay)); }
public void CreateBaseSensor_ReturnsSuccess() { //arrange CaptureDeviceDescription cdd = new CaptureDeviceDescription() { DeviceNumber = 0, TextInDeviceName = "whatever" }; List <Ids.Common.Interfaces.ISensorReport> reporters = new List <Ids.Common.Interfaces.ISensorReport>(); reporters.Add(new Ids.Common.Reporters.SimpleReportAgent()); const string googleIpAddress = "216.58.209.100"; //act WebServerDosSensor wds = WebServerDosSensor.FactoryMethod(cdd, googleIpAddress, 443, false, reporters, 1000); //assert Assert.IsNotNull(wds); }
public void CreateWebServerDosSensor_ReturnsSuccess() { //arrange CaptureDeviceDescription cdd = new CaptureDeviceDescription() { DeviceNumber = 0, TextInDeviceName = "whatever" }; List <Ids.Common.Interfaces.ISensorReport> reporters = new List <Ids.Common.Interfaces.ISensorReport>(); reporters.Add(new Ids.Common.Reporters.SimpleReportAgent()); //act BaseSensor baseSensor = new BaseSensor(cdd, "tcp and ip and dst port 80", SharpPcap.DeviceMode.Normal, reporters, 1000, Enumerations.SensorMode.PacketCapture); baseSensor.StartCapturing(); baseSensor.StopCapturing(); //assert Assert.IsNotNull(baseSensor); }
public static WebClientSensor FactoryMethod(CaptureDeviceDescription deviceToCaptureInfo, string[] webServers, int port, bool sensorDeployedOnWebServer, List <ISensorReport> reportMethods, int heartBeatDelay) { List <string> webFilter = new List <string>();//string.Format("((dst net {0}) and (dst port {1}))", webServerAdress, port); //string webFilter = string.Format("dst net {0}", webServerAdress); // for each webserver need the ipaddress foreach (string ad in webServers) { webFilter.Add(string.Format("host {0}", ad.ToString())); } DeviceMode sensorListeningMode = DeviceMode.Promiscuous; //string webFilter = "port 80"; if (sensorDeployedOnWebServer) { sensorListeningMode = DeviceMode.Normal; } return(new WebClientSensor(deviceToCaptureInfo, String.Join(" and ", webFilter.ToArray()), sensorListeningMode, reportMethods, heartBeatDelay)); }
static void Main(string[] args) { List <Ids.Common.Interfaces.ISensorReport> reporters = new List <Ids.Common.Interfaces.ISensorReport>(); string connectionString = @"Data Source=UB1NB092\SQL2012;Initial Catalog=AzureIdsDb;Persist Security Info=True;User ID=cyberproduct;Password=x2000; Connect Timeout=600;Max Pool Size = 200;Pooling = True"; AzureSqlDbReportAgent cloudDbReportAgent = new AzureSqlDbReportAgent(connectionString, "7C8FA0D3-1F00-42F1-B849-184348D834F6"); reporters.Add(cloudDbReportAgent); reporters.Add(new SimpleReportAgent()); CaptureDeviceDescription cdd = new CaptureDeviceDescription() { DeviceNumber = 0, TextInDeviceName = "whatever" }; string enteredChar = "X"; while (enteredChar != "s" && enteredChar != "p") { Console.WriteLine("enter type Statistics Capture (s) or Packet Capture (p):"); enteredChar = Console.ReadLine(); } BaseSensor baseSensor = null; if (enteredChar == "p") { baseSensor = new BaseSensor(cdd, "port 21", SharpPcap.DeviceMode.Normal, reporters, 20000, Enumerations.SensorMode.PacketCapture); } else { baseSensor = new BaseSensor(cdd, "tcp", SharpPcap.DeviceMode.Normal, reporters, 1000, Enumerations.SensorMode.Statistics); } baseSensor.StartCapturing(); Console.ReadLine(); baseSensor.StopCapturing(); }
/// <summary> /// /// </summary> /// <param name="deviceToCaptureInfo"></param> /// <param name="filter"></param> /// <param name="deviceMode"></param> /// <param name="reportMethods"></param> /// <param name="heartBeatDelay"></param> /// <param name="timeWindow">How big is the window we measure for a DoS attack</param> /// /// private WebServerDosSensor(CaptureDeviceDescription deviceToCaptureInfo, string filter, DeviceMode deviceMode, List <ISensorReport> reportMethods, int heartBeatDelay) : base(deviceToCaptureInfo, filter, deviceMode, reportMethods, heartBeatDelay, Enumerations.SensorMode.PacketCapture) { }
/// <summary> /// /// </summary> /// <param name="deviceToCaptureInfo"></param> /// <param name="filter"></param> /// <param name="deviceMode"></param> /// <param name="reportMethods"></param> /// <param name="heartBeatDelay"></param> /// <param name="timeWindow">How big is the window we measure for a DoS attack</param> /// /// private FtpServerDosSensor(CaptureDeviceDescription deviceToCaptureInfo, string filter, DeviceMode deviceMode, List<ISensorReport> reportMethods, int heartBeatDelay) : base(deviceToCaptureInfo, filter, deviceMode, reportMethods, heartBeatDelay, Enumerations.SensorMode.PacketCapture) { }