Browse Source

portscan updated

Mihai Plasoianu 10 years ago
parent
commit
c0cd0e8f14

+ 10 - 4
src/de/tudarmstadt/informatik/hostage/ConnectionGuard.java

@@ -1,6 +1,6 @@
 package de.tudarmstadt.informatik.hostage;
 
-import android.util.Log;
+import de.tudarmstadt.informatik.hostage.logging.Logger;
 
 public class ConnectionGuard {
 
@@ -12,14 +12,20 @@ public class ConnectionGuard {
 	private final static long ONE_SECOND_IN_NANOSECONDS = 1000000000;
 
 	private static long lastTimestamp = 0;
+	private static String lastIP = "";
+	private static String lastProtocol = "";
 
-	public static void registerConnection() {
+	public static void registerConnection(String protocol, String ip) {
 		long timestamp = System.nanoTime();
 		boolean firstConnection = (lastTimestamp == 0);
 		boolean belowThreshold = ((timestamp - lastTimestamp) < ONE_SECOND_IN_NANOSECONDS);
-		if (!firstConnection && belowThreshold) {
-			Log.d("ConnectionGuard", "PORTSCAN DETECTED");
+		boolean sameIP = (lastIP == ip);
+		boolean sameProtocol = (lastProtocol == protocol);
+		if (!firstConnection && sameIP && belowThreshold && !sameProtocol) {
+			Logger.logPortscan(Hostage.getContext(), System.currentTimeMillis(), ip);
 		}
 		lastTimestamp = timestamp;
+		lastIP = ip;
+		lastProtocol = protocol;
 	}
 }

+ 1 - 4
src/de/tudarmstadt/informatik/hostage/Handler.java

@@ -100,10 +100,7 @@ public class Handler implements Runnable {
 		try {
 			client.close();
 			Log.i("HoneyHandler", "Socket closed: " + client.isClosed());
-		} catch (Exception e) {
-			e.printStackTrace();
-		} finally {
-
+		} catch (IOException e) {
 		}
 		listener.refreshHandlers();
 	}

+ 4 - 5
src/de/tudarmstadt/informatik/hostage/Listener.java

@@ -1,5 +1,6 @@
 package de.tudarmstadt.informatik.hostage;
 
+import java.io.IOException;
 import java.net.ServerSocket;
 import java.net.Socket;
 import java.util.ArrayList;
@@ -137,8 +138,7 @@ public class Listener implements Runnable {
 			service.notifyUI(this.getClass().getName(),
 					new String[] { service.getString(R.string.broadcast_started), protocol.toString(), Integer.toString(port) });
 			return true;
-		} catch (Exception e) {
-			e.printStackTrace();
+		} catch (IOException e) {
 			return false;
 		}
 	}
@@ -154,8 +154,7 @@ public class Listener implements Runnable {
 			running = false;
 			service.notifyUI(this.getClass().getName(),
 					new String[] { service.getString(R.string.broadcast_stopped), protocol.toString(), Integer.toString(port) });
-		} catch (Exception e) {
-			e.printStackTrace();
+		} catch (IOException e) {
 		}
 	}
 
@@ -166,7 +165,7 @@ public class Listener implements Runnable {
 		if (conReg.isConnectionFree()) {
 			try {
 				Socket client = server.accept();
-				ConnectionGuard.registerConnection();
+				ConnectionGuard.registerConnection(this.getProtocolName(), client.getInetAddress().getHostAddress());
 				conReg.newOpenConnection();
 				if (protocol.isSecure()) {
 					startSecureHandler(client);

+ 6 - 0
src/de/tudarmstadt/informatik/hostage/deprecated/UglyDbHelper.java

@@ -14,6 +14,7 @@ import android.util.Log;
 import de.tudarmstadt.informatik.hostage.logging.Record;
 import de.tudarmstadt.informatik.hostage.logging.Record.TYPE;
 import de.tudarmstadt.informatik.hostage.model.Profile;
+import de.tudarmstadt.informatik.hostage.persistence.HostageDBContract.PortscanEntry;
 import de.tudarmstadt.informatik.hostage.ui.LogFilter;
 
 /**
@@ -87,6 +88,10 @@ public class UglyDbHelper extends SQLiteOpenHelper {
 	private static final String CREATE_BSSID_TABLE = "CREATE TABLE " + TABLE_BSSIDS + "(" + KEY_BSSID + " TEXT PRIMARY KEY," + KEY_SSID + " TEXT,"
 			+ KEY_LATITUDE + " INTEGER," + KEY_LONGITUDE + " INTEGER," + KEY_ACCURACY + " INTEGER," + KEY_GEO_TIMESTAMP + " INTEGER" + ")";
 
+	private static final String CREATE_PORTSCAN_TABLE = "CREATE TABLE " + PortscanEntry.TABLE_NAME + "(" + PortscanEntry.COLUMN_NAME_ID
+			+ " INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL," + PortscanEntry.COLUMN_NAME_PORTSCAN_TIMESTAMP + " INTEGER," + PortscanEntry.COLUMN_NAME_FROM_IP
+			+ " TEXT" + ")";
+
 	public UglyDbHelper(Context context) {
 		super(context, DATABASE_NAME, null, DATABASE_VERSION);
 	}
@@ -791,6 +796,7 @@ public class UglyDbHelper extends SQLiteOpenHelper {
 		db.execSQL(CREATE_ATTACK_INFO_TABLE);
 		db.execSQL(CREATE_RECORD_TABLE);
 		db.execSQL(CREATE_PROFILE_TABLE);
+		db.execSQL(CREATE_PORTSCAN_TABLE);
 	}
 
 	// Upgrading database

+ 19 - 0
src/de/tudarmstadt/informatik/hostage/logging/Logger.java

@@ -8,8 +8,11 @@ import de.tudarmstadt.informatik.hostage.persistence.HostageDBOpenHelper;
 public class Logger extends IntentService {
 
 	private static final String ACTION_LOG = "de.tudarmstadt.informatik.hostage.action.LOG";
+	private static final String ACTION_LOG_PORTSCAN = "de.tudarmstadt.informatik.hostage.action.LOG_PORTSCAN";
 
 	private static final String EXTRA_RECORD = "de.tudarmstadt.informatik.hostage.extra.RECORD";
+	private static final String EXTRA_TIMESTAMP = "de.tudarmstadt.informatik.hostage.extra.TIMESTAMP";
+	private static final String EXTRA_IP = "de.tudarmstadt.informatik.hostage.extra.IP";
 
 	public static void log(Context context, Record record) {
 		Intent intent = new Intent(context, Logger.class);
@@ -18,6 +21,14 @@ public class Logger extends IntentService {
 		context.startService(intent);
 	}
 
+	public static void logPortscan(Context context, long timestamp, String ip) {
+		Intent intent = new Intent(context, Logger.class);
+		intent.setAction(ACTION_LOG);
+		intent.putExtra(EXTRA_TIMESTAMP, timestamp);
+		intent.putExtra(EXTRA_IP, ip);
+		context.startService(intent);
+	}
+
 	private HostageDBOpenHelper mDbHelper;
 
 	public Logger() {
@@ -34,6 +45,10 @@ public class Logger extends IntentService {
 		mDbHelper.addRecord(record);
 	}
 
+	private void handleActionLogPortscan(long timestamp, String ip) {
+		mDbHelper.insertPortscan(timestamp, ip);
+	}
+
 	@Override
 	protected void onHandleIntent(Intent intent) {
 		if (intent != null) {
@@ -41,6 +56,10 @@ public class Logger extends IntentService {
 			if (ACTION_LOG.equals(action)) {
 				final Record record = intent.getParcelableExtra(EXTRA_RECORD);
 				handleActionLog(record);
+			} else if (ACTION_LOG_PORTSCAN.equals(action)) {
+				final long timestamp = intent.getParcelableExtra(EXTRA_TIMESTAMP);
+				final String ip = intent.getParcelableExtra(EXTRA_IP);
+				handleActionLogPortscan(timestamp, ip);
 			}
 		}
 	}

+ 9 - 0
src/de/tudarmstadt/informatik/hostage/persistence/HostageDBContract.java

@@ -41,4 +41,13 @@ public final class HostageDBContract {
 		public static final String KEY_ID = COLUMN_NAME_ID;
 	}
 
+	public static abstract class PortscanEntry implements BaseColumns {
+		public static final String TABLE_NAME = "portscan";
+		public static final String COLUMN_NAME_ID = "_id";
+		public static final String COLUMN_NAME_PORTSCAN_TIMESTAMP = "portscan_timestamp";
+		public static final String COLUMN_NAME_FROM_IP = "from_ip";
+
+		public static final String KEY_ID = COLUMN_NAME_ID;
+	}
+
 }

+ 11 - 0
src/de/tudarmstadt/informatik/hostage/persistence/HostageDBOpenHelper.java

@@ -14,6 +14,7 @@ import de.tudarmstadt.informatik.hostage.logging.Record.TYPE;
 import de.tudarmstadt.informatik.hostage.persistence.HostageDBContract.AttackEntry;
 import de.tudarmstadt.informatik.hostage.persistence.HostageDBContract.NetworkEntry;
 import de.tudarmstadt.informatik.hostage.persistence.HostageDBContract.PacketEntry;
+import de.tudarmstadt.informatik.hostage.persistence.HostageDBContract.PortscanEntry;
 
 public class HostageDBOpenHelper extends SQLiteOpenHelper {
 
@@ -142,6 +143,16 @@ public class HostageDBOpenHelper extends SQLiteOpenHelper {
 		updateNetworkInformation(bssidValues);
 	}
 
+	public void insertPortscan(long timestamp, String ip) {
+		SQLiteDatabase db = this.getWritableDatabase();
+
+		ContentValues portscanValues = new ContentValues();
+		portscanValues.put(PortscanEntry.COLUMN_NAME_PORTSCAN_TIMESTAMP, timestamp);
+		portscanValues.put(PortscanEntry.COLUMN_NAME_FROM_IP, ip);
+
+		db.insert(PortscanEntry.TABLE_NAME, null, portscanValues);
+	}
+
 	/**
 	 * Determines if a network with given BSSID has already been recorded as
 	 * malicious.