forked from muhky/scryer
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmalicious_communication.py
40 lines (35 loc) · 1.3 KB
/
malicious_communication.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
import threading
from scapy.all import IP
from report import IDSReport
from record import IDSRecord
class MaliciousComms:
_iptable = {}
_report: IDSReport = None
def __init__(self, report: IDSReport, iptable: dict[str, str]) -> None:
self._iptable = iptable
self._report = report
def handler(self, packet):
if IP not in packet:
return
if packet[IP].src in self._iptable.keys():
self._report.add_record(
IDSRecord(
packet,
"Malicous incoming communication",
packet[IP].src,
packet[IP].dst,
"The device at {} is receiving communication from an external malicious device at {}"
.format(packet[IP].dst, packet[IP].src)
)
)
elif packet[IP].dst in self._iptable.keys():
self._report.add_record(
IDSRecord(
packet,
"Malicous outgoing communication",
packet[IP].src,
packet[IP].dst,
"The device at {} is communicating with an external malicious device at {}"
.format(packet[IP].src, packet[IP].dst)
)
)