mintervalcommand.java

httptunnel.jar httptunnel java 源码

package net.jumperz.app.MGuardian.plugin.sessionIdManager;

import java.io.*;
import java.util.*;
import java.sql.*;
import net.jumperz.sql.*;
import net.jumperz.util.*;
import net.jumperz.net.*;
import net.jumperz.app.MGuardian.*;

public class MIntervalCommand
implements MCommand
{
public static int bruteForceThreshold;
public static int timespan;
public static String logDirName;
public static String command;
public static int detectionType;
public static MSessionIdManager sessionIdManager;

private Connection connection;
private MSqlQueue sqlQueue;
//--------------------------------------------------------------------------------
public MIntervalCommand( Connection c )
{
connection = c;
sqlQueue = new MSqlQueue( connection );
}
//--------------------------------------------------------------------------------
public void execute()
{
try
	{
	removeOldRecords();
	if( detectionType == MSessionIdManager.DETECTION_INTERVAL )
		{
		detectBruteForceAttack(); //different id from the same ip address
		checkHighjack();
		sqlQueue.executeSql();
		}
	}
catch( Exception e )
	{
	e.printStackTrace();
	}
}
//--------------------------------------------------------------------------------
private void checkHighjack()
throws SQLException, IOException
{
String queryString =
"SELECT COUNT(*) AS c, host, paramName, paramValue FROM tState GROUP BY host, paramName, paramValue ORDER BY c DESC";
synchronized( connection )
	{
	ResultSet rs = MSqlUtil.executeQuery( connection, queryString );
	while( rs.next() )
		{
		int count = rs.getInt( "c" );
		if( count < 2 )
			{
			break;
			}
		String host		= rs.getString( "host" );
		String paramName	= rs.getString( "paramName" );
		String paramValue	= rs.getString( "paramValue" );
		
		detectDifferentSourceAttack( count, host, paramName, paramValue, "ip" );
		detectDifferentSourceAttack( count, host, paramName, paramValue, "useragent" );		
		}
	rs.close();
	}
}
//--------------------------------------------------------------------------------
private void detectDifferentSourceAttack( int count, String host, String paramName, String paramValue, String source )
throws SQLException, IOException
{
String queryString =
"SELECT COUNT(*) AS c, " + source + " FROM tState WHERE host = ? AND paramName = ? AND paramValue = ? GROUP BY " + source + " ORDER BY c DESC";
MObjectArray args = new MObjectArray();
args.add( host );
args.add( paramName );
args.add( paramValue );
ResultSet rs = MSqlUtil.executeQuery2( connection, queryString, args );
rs.next();
int count2 = rs.getInt( "c" );
rs.close();
if( count2 != count )
	{
	sessionIdManager.differentSourceAttackDetected( host, paramName, paramValue, source, sqlQueue );
	}
}
//--------------------------------------------------------------------------------
private void removeOldRecords()
throws SQLException
{
String queryString = "DELETE FROM tState WHERE t < ?";
Timestamp spanAgo = new Timestamp( System.currentTimeMillis() - ( timespan * 60 * 1000 ) );
MObjectArray args = new MObjectArray( spanAgo );
synchronized( connection )
	{
	MSqlUtil.executeUpdate2( connection, queryString, args );
	}
}
//--------------------------------------------------------------------------------
private void detectBruteForceAttack()
throws SQLException, IOException
{
String queryString =
"SELECT COUNT(*) AS c, ip, host, paramName, userAgent FROM tState GROUP BY ip, host, paramName, userAgent ORDER BY c DESC";
synchronized( connection )
	{
	ResultSet rs = MSqlUtil.executeQuery( connection, queryString );
	while( rs.next() )
		{
		int count = rs.getInt( "c" );
		if( count <= bruteForceThreshold )
			{
			break;
			}
		
			// detected!
		String ip		= rs.getString( "ip" );
		String host		= rs.getString( "host" );
		String paramName	= rs.getString( "paramName" );
		String userAgent	= rs.getString( "userAgent" );
		sessionIdManager.bruteForceAttackDetected( count, ip, host, paramName, userAgent, sqlQueue );
		}
	rs.close();
	}

}
//--------------------------------------------------------------------------------
public void breakCommand()
{
try
	{
	connection.close();
	}
catch( SQLException e )
	{
	e.printStackTrace();
	}
}
//--------------------------------------------------------------------------------	
}