package copsec.monitor.handle;
import cn.hutool.core.date.DateUtil;
import cn.hutool.core.util.IdUtil;
import copsec.monitor.bean.KernLog;
import copsec.monitor.bean.SystemWarningLog;
import copsec.monitor.conf.Config;
import copsec.monitor.db.KernLogDB;
import copsec.monitor.db.SysConfigDB;
import copsec.monitor.db.SystemWarningLogDB;
import copsec.monitor.enums.LogLevel;
import copsec.monitor.enums.Result;
import java.io.InputStreamReader;
import java.io.LineNumberReader;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Date;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
/**
* @Author wangchang
* @Description 攻击处理类
* @Date 2024/8/6 10:12
*/
public class AttackHandle {
/**
* 处理SYN Flood攻击检测
*/
public static Integer processSynFlood(Integer oldSynThreshold) {
Integer synThreshold = Integer.parseInt(SysConfigDB.selectConfigByKey("sys.syn.threshold"));
try {
String[] cmd = {"/bin/sh", "-c", "netstat -nt | grep SYN_RECV | awk '/^tcp/{sub(/:.*/,\"\",$4); sub(/:.*/,\"\",$5); if($4 != $5) {print $4,$5}}' | wc -l"};
Integer line = executeCommand(cmd);
if (oldSynThreshold != 0 && (line - oldSynThreshold > synThreshold)) {
String operateEvent = "SYN Flood攻击检测报警";
handleFloodAttack("拦截攻击", operateEvent, "检测到正在承受SYN Flood攻击,请及时处理。");
}
// 更新oldSynThreshold的值
return line;
} catch (Exception e) {
e.printStackTrace();
return oldSynThreshold;
}
}
/**
* 处理UDP Flood攻击检测
*/
public static Integer processUdpFlood(Integer oldUdpThreshold) {
Integer udpThreshold = Integer.parseInt(SysConfigDB.selectConfigByKey("sys.udp.threshold"));
try {
String[] cmd = {"/bin/sh", "-c", "netstat -s | grep \"packets to unknown port received\" | awk '{print $1}'"};
Integer line = executeCommand(cmd);
if (oldUdpThreshold != 0 && (line - oldUdpThreshold > udpThreshold)) {
String operateEvent = "UDP Flood攻击检测报警";
handleFloodAttack("拦截攻击", operateEvent, "检测到正在承受UDP Flood攻击,请及时处理。");
}
// 更新oldUdpThreshold的值
return line;
} catch (Exception e) {
e.printStackTrace();
return oldUdpThreshold;
}
}
/**
* 处理ICMP Flood攻击检测
*/
public static Integer processIcmpFlood(Integer oldIcmpThreshold) {
Integer icmpThreshold = Integer.parseInt(SysConfigDB.selectConfigByKey("sys.icmp.threshold"));
try {
String[] cmd = {"/bin/sh", "-c", "netstat -s | grep \"ICMP messages received\" | awk '{print $1}'"};
Integer line = executeCommand(cmd);
if (oldIcmpThreshold != 0 && (line - oldIcmpThreshold > icmpThreshold)) {
String operateEvent = "ICMP Flood攻击检测报警";
handleFloodAttack("拦截攻击", operateEvent, "检测到正在承受ICMP Flood攻击,请及时处理。");
}
// 更新oldIcmpThreshold的值
return line;
} catch (Exception e) {
e.printStackTrace();
return oldIcmpThreshold;
}
}
/**
* 处理TearDrop攻击检测
*/
public static Integer processTearDrop(Integer oldTearDropThreshold) {
Integer teardropThreshold = Integer.parseInt(SysConfigDB.selectConfigByKey("sys.teardrop.threshold"));
try {
String[] cmd = {"/bin/sh", "-c", "dmesg | grep 'TearDrop Attack' | wc -l"};
Integer line = executeCommand(cmd);
if (oldTearDropThreshold != 0 && (line - oldTearDropThreshold > teardropThreshold)) {
String operateEvent = "TearDrop攻击检测报警";
handleFloodAttack("拦截攻击", operateEvent, "检测到正在承受TearDrop攻击,请及时处理。");
}
// 更新oldTearDropThreshold的值
return line;
} catch (Exception e) {
e.printStackTrace();
return oldTearDropThreshold;
}
}
/**
* 处理Land攻击检测
*/
public static Integer processLand(Integer oldLandThreshold) {
Integer landThreshold = Integer.parseInt(SysConfigDB.selectConfigByKey("sys.land.threshold"));
try {
String[] cmd = {"/bin/sh", "-c", "dmesg | grep 'Land Attack' | wc -l"};
Integer line = executeCommand(cmd);
if (oldLandThreshold != 0 && (line - oldLandThreshold > landThreshold)) {
String operateEvent = "Land攻击检测报警";
handleFloodAttack("拦截攻击", operateEvent, "检测到正在承受Land攻击,请及时处理。");
}
// 更新oldLandThreshold的值
return line;
} catch (Exception e) {
e.printStackTrace();
return oldLandThreshold;
}
}
/**
* 处理超大ICMP攻击检测
*/
public static Integer processLargeIcmp(Integer oldLargeIcmpThreshold) {
Integer largeIcmpThreshold = Integer.parseInt(SysConfigDB.selectConfigByKey("sys.maxicmp.threshold"));
try {
String[] cmd = {"/bin/sh", "-c", "dmesg | grep 'Large ICMP Packet Attack' | wc -l"};
Integer line = executeCommand(cmd);
if (oldLargeIcmpThreshold != 0 && (line - oldLargeIcmpThreshold > largeIcmpThreshold)) {
String operateEvent = "超大ICMP攻击检测报警";
handleFloodAttack("拦截攻击", operateEvent, "检测到正在承受超大ICMP攻击,请及时处理。");
}
// 更新oldLargeIcmpThreshold的值
return line;
} catch (Exception e) {
e.printStackTrace();
return oldLargeIcmpThreshold;
}
}
/**
* 处理Ping of Death攻击检测
*/
public static Integer processPingOfDeath(Integer oldPingOfDeathThreshold) {
Integer pingOfDeathThreshold = Integer.parseInt(SysConfigDB.selectConfigByKey("sys.pingofdeath.threshold"));
try {
String[] cmd = {"/bin/sh", "-c", "dmesg | grep 'Ping of Death Attack' | wc -l"};
Integer line = executeCommand(cmd);
if (oldPingOfDeathThreshold != 0 && (line - oldPingOfDeathThreshold > pingOfDeathThreshold)) {
String operateEvent = "Ping of Death攻击检测报警";
handleFloodAttack("拦截攻击", operateEvent, "检测到正在承受Ping of Death攻击,请及时处理。");
}
// 更新oldPingOfDeathThreshold的值
return line;
} catch (Exception e) {
e.printStackTrace();
return oldPingOfDeathThreshold;
}
}
/**
* 执行命令并返回结果
*/
private static Integer executeCommand(String[] cmd) throws Exception {
Process p = Runtime.getRuntime().exec(cmd);
LineNumberReader input = new LineNumberReader(new InputStreamReader(p.getInputStream()));
Integer line = Integer.parseInt(input.readLine());
p.waitFor();
input.close();
return line;
}
/**
* 处理攻击检测后的操作
*/
private static void handleFloodAttack(String moduleName, String operateEvent, String description) {
// 检测是否已经存在未解决的同类报警
Integer count = SystemWarningLogDB.checkWarnLogByOperateEvent(operateEvent);
if (
没有合适的资源?快使用搜索试试~ 我知道了~
java实现攻击拦截,独立服务, 处理SYN Flood攻击检测等
共55个文件
java:14个
class:14个
jar:9个
需积分: 0 0 下载量 156 浏览量
2024-09-09
09:08:31
上传
评论
收藏 14.39MB ZIP 举报
温馨提示
1、处理SYN Flood攻击检测 2、处理UDP Flood攻击检测 3、 处理ICMP Flood攻击检测 4、处理TearDrop攻击检测 5、处理Land攻击检测 6、处理超大ICMP攻击检测 7、处理Ping of Death攻击检测
资源推荐
资源详情
资源评论
收起资源包目录
attackMonitor.zip (55个子文件)
attackMonitor
lib
commons-net-3.6.jar 300KB
jain-sip-ri-1.3.0-91.jar 1.06MB
tomcat-embed-core-9.0.41.jar 3.25MB
log4j-1.2.15.jar 383KB
commons-lang3-3.9.jar 492KB
jcifs-1.3.3.jar 382KB
hutool-core-5.6.5.jar 940KB
mysql-connector-java-5.1.46-bin.jar 981KB
src
log4j.properties 540B
META-INF
MANIFEST.MF 72B
config.properties 178B
copsec
monitor
handle
AttackHandle.java 11KB
enums
Result.java 420B
LogLevel.java 635B
main
AttackMonitor.java 3KB
util
HexUtils.java 3KB
InterfacesUtils.java 2KB
conf
Config.java 2KB
bean
FerrySecurityPolicy.java 3KB
KernLog.java 2KB
SystemWarningLog.java 7KB
Network.java 2KB
db
SystemWarningLogDB.java 6KB
KernLogDB.java 2KB
SysConfigDB.java 2KB
attackMonitor.iml 509B
out
artifacts
attackMonitor_jar
attackMonitor.jar 7.74MB
production
attackMonitor
log4j.properties 540B
META-INF
MANIFEST.MF 72B
config.properties 178B
copsec
monitor
handle
AttackHandle.class 9KB
enums
LogLevel.class 2KB
Result.class 1KB
main
AttackMonitor.class 2KB
util
HexUtils.class 3KB
InterfacesUtils.class 2KB
conf
Config.class 3KB
bean
FerrySecurityPolicy.class 3KB
SystemWarningLog.class 6KB
KernLog.class 3KB
Network.class 2KB
db
KernLogDB.class 3KB
SysConfigDB.class 3KB
SystemWarningLogDB.class 6KB
.idea
project-template.xml 91B
description.html 97B
uiDesigner.xml 9KB
artifacts
attackMonitor_jar.xml 1KB
libraries
commons_lang3_3_9.xml 733B
vcs.xml 172B
workspace.xml 22KB
misc.xml 411B
modules.xml 273B
.gitignore 246B
encodings.xml 164B
共 55 条
- 1
资源评论
王之蔑视.
- 粉丝: 160
- 资源: 2
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功