Przeglądaj źródła

improved portscan logic

Fabio Arnold 9 lat temu
rodzic
commit
039973c79f

+ 16 - 9
src/de/tudarmstadt/informatik/hostage/ConnectionGuard.java

@@ -17,9 +17,10 @@ public class ConnectionGuard {
 	/**
 	 * Intervall between 2 connection in wich we assume a port scan
 	 */
-	public final static long ONE_SECOND_IN_NANOSECONDS = 1000000000;
+	public final static long TIMESTAMP_THRESHOLD_MS = 1000;
 
-	private static long lastTimestamp = 0;
+	private static long lastConnectionTimestamp = 0;
+	private static long lastPortscanTimestamp = 0;
 	private static String lastIP = "";
 	private static int lastPort = 0;
 
@@ -30,14 +31,21 @@ public class ConnectionGuard {
 	 * @return True if a port scan has been detected.
 	 */
 	public synchronized static boolean registerConnection(int port, String ip) {
-		long timestamp = System.nanoTime();		
+		long timestamp = System.currentTimeMillis();
 		boolean result = detectedPortscan(port, ip, timestamp);
 		
-		lastTimestamp = timestamp;
+		lastConnectionTimestamp = timestamp;
+		if (result) {
+			lastPortscanTimestamp = timestamp;
+		}
 		lastIP = ip;
 		lastPort = port;
 		return result;
 	}
+
+	public synchronized static boolean portscanInProgress() {
+		return (System.currentTimeMillis() - lastPortscanTimestamp) < TIMESTAMP_THRESHOLD_MS;
+	}
 	
 	/**
 	 * Check if the new connection is part of a port scan attack.
@@ -46,7 +54,7 @@ public class ConnectionGuard {
 	 * @return True if a port scan has been detected.
 	 */
 	public synchronized static boolean detectedPortscan(int port, String ip){
-		return detectedPortscan(port, ip, System.nanoTime());
+		return detectedPortscan(port, ip, System.currentTimeMillis());
 	}
 	
 	/**
@@ -57,14 +65,13 @@ public class ConnectionGuard {
 	 * @return True if a port scan has been detected.
 	 */
 	private synchronized static boolean detectedPortscan(int port, String ip, long timestamp) {
-		Log.i("Alte Werte:", "LastTime: " + lastTimestamp + " ,LastIP: " + lastIP + ", lastPort:" + port);
+		Log.i("Alte Werte:", "LastTime: " + lastConnectionTimestamp + " ,LastIP: " + lastIP + ", lastPort:" + port);
 		Log.i("Alte Werte:", "Time: " + timestamp + " ,IP: " + ip + ", Port:" + port);
 		boolean result = false;
-		boolean firstConnection = (lastTimestamp == 0);
-		boolean belowThreshold = ((timestamp - lastTimestamp) < ONE_SECOND_IN_NANOSECONDS);
+		boolean belowThreshold = ((timestamp - lastConnectionTimestamp) < TIMESTAMP_THRESHOLD_MS);
 		boolean sameIP = (lastIP.equals(ip));
 		boolean samePort = (lastPort == port);
-		if (!firstConnection && sameIP && belowThreshold && !samePort) {
+		if (sameIP && belowThreshold && !samePort) {
 			result = true;
 		}
 		

+ 12 - 14
src/de/tudarmstadt/informatik/hostage/Listener.java

@@ -183,27 +183,25 @@ public class Listener implements Runnable {
 		if (conReg.isConnectionFree()) {
 			try {
 				final Socket client = server.accept();
+				if (ConnectionGuard.portscanInProgress()) {
+					// stop logging attacks
+					return;
+				}
 				new Thread( new Runnable() {
 				    @Override
 				    public void run() {
 				    	try {
 				    		String ip = client.getInetAddress().getHostAddress();
-				    		if (ConnectionGuard.registerConnection(port, ip)){
+				    		if (ConnectionGuard.registerConnection(port, ip)){ // returns true when a port scan is detected
+								logPortscan(client, System.currentTimeMillis());
 				    			return;
 				    		}
-				    		Log.i("sda", "pause");
-				    		Thread.sleep(999);
-				    		if(ConnectionGuard.detectedPortscan(port, ip)){
-				    			logPortscan(client, System.currentTimeMillis());
-				    		}else{
-								if (protocol.isSecure()) {
-									startSecureHandler(client);
-								} else {
-									startHandler(client);
-								}				  
-								conReg.newOpenConnection();
-				    		}							
-							
+							if (protocol.isSecure()) {
+								startSecureHandler(client);
+							} else {
+								startHandler(client);
+							}
+							conReg.newOpenConnection();
 				    	} catch (Exception e) {
 				    		e.printStackTrace();
 				    	}