12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 |
- package de.tudarmstadt.informatik.hostage;
- import android.content.SharedPreferences;
- import android.preference.PreferenceManager;
- import android.util.Log;
- /**
- * Class used to detect port scans.
- * We assume a port scan if at least 2 different ports get a connection in a small amount of time.
- *
- */
- public class ConnectionGuard {
- private final static ConnectionGuard INSTANCE = new ConnectionGuard();
- private ConnectionGuard() {
- }
- private static long lastConnectionTimestamp = 0;
- private static long lastPortscanTimestamp = 0;
- private static String lastIP = "";
- private static int lastPort = 0;
- private static long getPortscanTimeout() {
- // this might be called in a time critical context so maybe
- // we don't want to do this each time and instead just once
- SharedPreferences defaultPref = PreferenceManager
- .getDefaultSharedPreferences(Hostage.getContext());
- // the pref value is in seconds
- int portscanTimeoutS = Integer.parseInt(defaultPref.getString("pref_timeout", "60"));
- long portscanTimeoutMS = 1000 * portscanTimeoutS;
- return portscanTimeoutMS;
- }
- /**
- * Register a connection for port scan detection. Stores information about the last connection.
- * @param port The local port used for communication.
- * @param ip The IP address of the remote device.
- * @return True if a port scan has been detected.
- */
- public synchronized static boolean registerConnection(int port, String ip) {
- long timestamp = System.currentTimeMillis();
- boolean result = detectedPortscan(port, ip, timestamp);
-
- lastConnectionTimestamp = timestamp;
- if (result) {
- lastPortscanTimestamp = timestamp;
- }
- lastIP = ip;
- lastPort = port;
- return result;
- }
- public synchronized static boolean portscanInProgress() {
- return (System.currentTimeMillis() - lastPortscanTimestamp) < getPortscanTimeout();
- }
-
- /**
- * Check if the new connection is part of a port scan attack.
- * @param port The local port used for communication.
- * @param ip The IP address of the remote device.
- * @param timestamp Time stamp of connection
- * @return True if a port scan has been detected.
- */
- private synchronized static boolean detectedPortscan(int port, String ip, long timestamp) {
- Log.i("Alte Werte:", "LastTime: " + lastConnectionTimestamp + " ,LastIP: " + lastIP + ", lastPort:" + port);
- Log.i("Alte Werte:", "Time: " + timestamp + " ,IP: " + ip + ", Port:" + port);
- boolean result = false;
- boolean belowThreshold = ((timestamp - lastConnectionTimestamp) < getPortscanTimeout());
- boolean sameIP = (lastIP.equals(ip));
- boolean samePort = (lastPort == port);
- if (sameIP && belowThreshold && !samePort) {
- result = true;
- }
-
- return result;
- }
- }
|