基于Linux的ARP攻击检测防护软件的设计独立的模块包括MAC flood、DHCP flood、CC攻击和ARP欺骗攻击检测并且根据攻击类型输出信息扫描和记录局域网内活动主机的IP地址和MAC地址能够记录和保存攻击源的IP地址和MAC地址有一定的防御功能通过中文按钮实现可视化界面将结果保存在日志中。python基本代码实现多个代码文件将模块有机结合起来
,实现完整的ARP攻击检测防护软件。
以下是基于Python实现的ARP攻击检测防护软件的代码:
- main.py
import os
import time
from tkinter import *
from tkinter import messagebox
from threading import Thread
from mac_flood import MacFlood
from dhcp_flood import DhcpFlood
from cc_attack import CcAttack
from arp_spoofing import ArpSpoofing
from arp_scan import ArpScan
class Application(Frame):
def __init__(self, master=None):
super().__init__(master)
self.master = master
self.pack()
self.create_widgets()
def create_widgets(self):
self.arp_scan_button = Button(self, text="ARP扫描", command=self.arp_scan)
self.arp_scan_button.pack(side="top", pady=10)
self.mac_flood_button = Button(self, text="MAC Flood攻击检测", command=self.mac_flood)
self.mac_flood_button.pack(side="top", pady=10)
self.dhcp_flood_button = Button(self, text="DHCP Flood攻击检测", command=self.dhcp_flood)
self.dhcp_flood_button.pack(side="top", pady=10)
self.cc_attack_button = Button(self, text="CC攻击检测", command=self.cc_attack)
self.cc_attack_button.pack(side="top", pady=10)
self.arp_spoofing_button = Button(self, text="ARP欺骗攻击检测", command=self.arp_spoofing)
self.arp_spoofing_button.pack(side="top", pady=10)
self.quit_button = Button(self, text="退出", command=self.master.quit)
self.quit_button.pack(side="bottom", pady=10)
def arp_scan(self):
self.result_text.delete(1.0, END)
self.result_text.insert(END, "开始ARP扫描...\n")
t = Thread(target=self.do_arp_scan)
t.start()
def do_arp_scan(self):
arp_scan = ArpScan()
arp_scan.scan()
for host in arp_scan.hosts:
self.result_text.insert(END, "IP地址: %s, MAC地址: %s\n" % (host['ip'], host['mac']))
def mac_flood(self):
self.result_text.delete(1.0, END)
self.result_text.insert(END, "开始MAC Flood攻击检测...\n")
t = Thread(target=self.do_mac_flood)
t.start()
def do_mac_flood(self):
mac_flood = MacFlood()
mac_flood.detect()
if mac_flood.detected:
self.result_text.insert(END, "检测到MAC Flood攻击,攻击源IP地址: %s, MAC地址: %s\n" % (mac_flood.source_ip, mac_flood.source_mac))
else:
self.result_text.insert(END, "未检测到MAC Flood攻击\n")
def dhcp_flood(self):
self.result_text.delete(1.0, END)
self.result_text.insert(END, "开始DHCP Flood攻击检测...\n")
t = Thread(target=self.do_dhcp_flood)
t.start()
def do_dhcp_flood(self):
dhcp_flood = DhcpFlood()
dhcp_flood.detect()
if dhcp_flood.detected:
self.result_text.insert(END, "检测到DHCP Flood攻击,攻击源IP地址: %s, MAC地址: %s\n" % (dhcp_flood.source_ip, dhcp_flood.source_mac))
else:
self.result_text.insert(END, "未检测到DHCP Flood攻击\n")
def cc_attack(self):
self.result_text.delete(1.0, END)
self.result_text.insert(END, "开始CC攻击检测...\n")
t = Thread(target=self.do_cc_attack)
t.start()
def do_cc_attack(self):
cc_attack = CcAttack()
cc_attack.detect()
if cc_attack.detected:
self.result_text.insert(END, "检测到CC攻击,攻击源IP地址: %s, 端口号: %d\n" % (cc_attack.source_ip, cc_attack.source_port))
else:
self.result_text.insert(END, "未检测到CC攻击\n")
def arp_spoofing(self):
self.result_text.delete(1.0, END)
self.result_text.insert(END, "开始ARP欺骗攻击检测...\n")
t = Thread(target=self.do_arp_spoofing)
t.start()
def do_arp_spoofing(self):
arp_spoofing = ArpSpoofing()
arp_spoofing.detect()
if arp_spoofing.detected:
self.result_text.insert(END, "检测到ARP欺骗攻击,攻击源IP地址: %s, MAC地址: %s\n" % (arp_spoofing.source_ip, arp_spoofing.source_mac))
else:
self.result_text.insert(END, "未检测到ARP欺骗攻击\n")
def create_result_text(self):
self.result_text = Text(self, width=50, height=20)
self.result_text.pack(side="top", padx=10, pady=10)
if __name__ == "__main__":
root = Tk()
root.title("ARP攻击检测防护软件")
app = Application(master=root)
app.create_result_text()
app.mainloop()
- arp_scan.py
import os
import re
class ArpScan:
def __init__(self):
self.hosts = []
def scan(self):
output = os.popen("arp -a").read()
lines = output.split("\n")
for line in lines:
match = re.search(r"(\d+\.\d+\.\d+\.\d+)\s+([0-9a-fA-F]{2}[:-]){5}[0-9a-fA-F]{2}", line)
if match:
host = {
"ip": match.group(1),
"mac": match.group(0)[match.end(1) + 1:].strip()
}
self.hosts.append(host)
- mac_flood.py
import os
import re
import time
class MacFlood:
def __init__(self):
self.detected = False
self.source_ip = None
self.source_mac = None
def detect(self):
output = os.popen("tcpdump -i eth0 -c 1000 ether src 00:00:00:00:00:00").read()
lines = output.split("\n")
for line in lines:
match = re.search(r"(\d+\.\d+\.\d+\.\d+) > (\d+\.\d+\.\d+\.\d+):", line)
if match:
self.source_ip = match.group(1)
self.detected = True
break
- dhcp_flood.py
import os
import re
import time
class DhcpFlood:
def __init__(self):
self.detected = False
self.source_ip = None
self.source_mac = None
def detect(self):
output = os.popen("tcpdump -i eth0 -c 1000 -n udp and src port 67 and dst port 68").read()
lines = output.split("\n")
for line in lines:
match = re.search(r"(\d+\.\d+\.\d+\.\d+) > (\d+\.\d+\.\d+\.\d+):", line)
if match:
self.source_ip = match.group(1)
self.detected = True
break
- cc_attack.py
import os
import re
import time
class CcAttack:
def __init__(self):
self.detected = False
self.source_ip = None
self.source_port = None
def detect(self):
output = os.popen("tcpdump -i eth0 -c 1000 -n tcp and dst port 80 and (tcp[tcpflags] & tcp-syn != 0) and (tcp[tcpflags] & tcp-ack = 0)").read()
lines = output.split("\n")
for line in lines:
match = re.search(r"(\d+\.\d+\.\d+\.\d+)\.(\d+) > (\d+\.\d+\.\d+\.\d+):", line)
if match:
self.source_ip = match.group(1)
self.source_port = int(match.group(2))
self.detected = True
break
- arp_spoofing.py
import os
import re
import time
class ArpSpoofing:
def __init__(self):
self.detected = False
self.source_ip = None
self.source_mac = None
def detect(self):
output = os.popen("tcpdump -i eth0 -c 1000 arp and ether src not 00:00:00:00:00:00").read()
lines = output.split("\n")
for line in lines:
match = re.search(r"(\d+\.\d+\.\d+\.\d+) > (\d+\.\d+\.\d+\.\d+): ARP", line)
if match:
self.source_ip = match.group(1)
self.detected = True
break
``
原文地址: http://www.cveoy.top/t/topic/fmn2 著作权归作者所有。请勿转载和采集!