📄 ids.c
字号:
#include "PortScan.h"
PortScan::PortScan()
{
m_error = "IDS_PortScan端口扫描模块异常:";
m_timeOut = 30; //默认超时时间
m_portNum = 2; //默认扫描包数
}
PortScan::~PortScan()
{
}
void PortScan::Setup()
{
}
bool PortScan::Detect(char *rawPacket)
{
m_packetDecode.DecodeInit(rawPacket);
string sip = m_packetDecode.GetLocateIP();
string dip = m_packetDecode.GetRemoteIP();
int dport = m_packetDecode.GetDPort();
int n = Record(sip,dip,dport);
if(n > 0)
{
if(ScanList(n))MessageBox(NULL,"find scan","scanning",0);
}
return false;
}
/*
*函数名:Record
*功能:分类记录
*输入参数:源IP,目的IP,目的端口
*返回值:无
*/
int PortScan::Record(string sip,string dip,int dport)
{
SYSTEMTIME sysTime;
int i=0;
GetLocalTime(&sysTime);
int minute = sysTime.wMinute;
int second = sysTime.wSecond;
for(i = 0;i <= m_scanVector.size() - 1;i++);//发现原本有记录
{
if(sip == m_scanVector[i].sip && dip == m_scanVector[i].dip)
{
for(int j = 0;j <= m_scanVector[i].ports.size() - 1;j++)
{
if(dport == m_scanVector[i].ports[j].portNum)return 0;
}
PORTS myPort;
myPort.minute = minute;
myPort.second = second;
myPort.portNum = dport;
m_scanVector[i].ports.push_back(myPort); //在此处添加检测模块
return i;
}
}
SCAN scan;
PORTS port;
scan.sip = m_packetDecode.GetLocateIP();
scan.dip = m_packetDecode.GetRemoteIP();
port.minute = minute;
port.second = second;
port.portNum=dport;
scan.ports.push_back(port);
m_scanVector.push_back(scan);
return 0;
}
bool PortScan::ScanList(int n)
{
TrimTimeOut();
if(m_scanVector[n].ports.size()>m_portNum)
return true;
}
/*
*函数名:TrimTimeOut
*功能:从记录容器中去掉超时的包记录
*输入参数:无
*返回值:无
*/
void PortScan::TrimTimeOut()
{
for(int i = 0;i <= m_scanVector.size() - 1;i++)
{
for(int j = 0;j <= m_scanVector[i].ports.size() - 1;j++)
{
SYSTEMTIME sysTime;
GetLocalTime(&sysTime);
int nowMin = sysTime.wMinute;
int nowSec = sysTime.wSecond;
int oldMin = m_scanVector[i].ports[j].minute;
int oldSec = m_scanVector[i].ports[j].second;
if(nowMin < oldMin)nowMin += 60;
int timeSpan = (nowMin - oldMin) * 60 + (nowSec - oldSec);
if(timeSpan > m_timeOut) //发现包记录超时,去除该记录
{
vector<PORTS>::iterator portIterator;
m_scanVector[i].ports.erase(&m_scanVector[i].ports[j]);
}
}
if(m_scanVector[i].ports.size() == 0)//已没有记录
{
vector<SCAN>::iterator scanIterator;
m_scanVector.erase(&m_scanVector[i]);
}
}
}
/*
*作者:魏佳斌
*简介:
*文件简介:基于误用的入侵检测系统_预处理模块_端口扫描检测器_头文件
*开发时间:2005.5.18
*版本:1.0
*/
#if !defined(PORTSCAN_H_)
#define PORTSCAN_H_
#include "..\..\common\TypeStruct.h"
#include "..\PacketDecode.h"
typedef struct port
{
int minute; //分钟
int second; //秒钟
int portNum;
}PORTS;
typedef struct scan
{
string sip; //源IP
string dip; //目的IP
vector<PORTS> ports; //端口数组
}SCAN;
class PortScan
{
public:
PortScan();
virtual ~PortScan();
public:
void Setup();
bool Detect(char *rawPacket);
private:
int m_portNum;
int m_timeOut;
vector<SCAN>m_scanVector;
string m_error; //用于抛出异常
PacketDecode m_packetDecode;
//记录一个包信息
int Record(string sip,string dip,int dport);
bool ScanList(int n); //看是否有扫描攻击
void TrimTimeOut(); //清除容器中超时的包
};
#endif
ct(char *rawPacket);
private:
int m_portNum;
int m_timeOut;
vector<SCAN>m_scanVector;
string m_error; //用于抛出异常
PacketDecode m_packetDecode;
//记录一个包信息
int Record(string sip,string dip,int dport);
bool ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -