基于Linux的ARP攻击检测防护软件的设计独立的模块包括icmp flood、tcp攻击、CC攻击和ARP欺骗攻击检测若有则输出该攻击的类型若没有则输出没有受到攻击扫描和记录局域网内活动主机的IP地址和MAC地址能够记录和保存攻击源的IP地址和MAC地址有一定的防御功能通过中文按钮实现可视化界面将结果保存在日志中。python基本代码实现多个代码文件将模块有机结合起来。

这是一个基于Python的ARP攻击检测防护软件的设计，包含多个模块，每个模块都有相应的代码文件，最终将它们有机结合起来。

1. icmp flood攻击检测模块

icmp_flood.py文件实现了icmp flood攻击检测的功能，当检测到icmp flood攻击时，会输出相应的信息。

import os
import sys
import socket
import struct
import select

ICMP_ECHO_REQUEST = 8

def checksum(source_string):
    sum = 0
    count_to = (len(source_string) / 2) * 2
    count = 0
    while count < count_to:
        this_val = ord(source_string[count+1]) * 256 + ord(source_string[count])
        sum = sum + this_val
        sum = sum & 0xffffffff
        count = count + 2
    if count_to < len(source_string):
        sum = sum + ord(source_string[len(source_string) - 1])
        sum = sum & 0xffffffff
    sum = (sum >> 16) + (sum & 0xffff)
    sum = sum + (sum >> 16)
    answer = ~sum
    answer = answer & 0xffff
    answer = answer >> 8 | (answer << 8 & 0xff00)
    return answer

def receive_one_ping(my_socket, ID, timeout):
    time_left = timeout
    while True:
        started_select = select.select([my_socket], [], [], time_left)
        how_long_in_select = (started_select[1]-started_select[0])[0]
        if how_long_in_select == []:
            return None, None, None
        time_received = time.time()
        rec_packet, addr = my_socket.recvfrom(1024)
        icmp_header = rec_packet[20:28]
        type, code, checksum, packet_ID, sequence = struct.unpack("bbHHh", icmp_header)
        if packet_ID == ID:
            bytes_In_double = struct.calcsize("d")
            time_sent = struct.unpack("d", rec_packet[28:28 + bytes_In_double])[0]
            return time_received - time_sent, addr[0], rec_packet

        time_left = time_left - how_long_in_select
        if time_left <= 0:
            return None, None, None

def send_one_ping(my_socket, dest_addr, ID):
    dest_addr = socket.gethostbyname(dest_addr)
    my_checksum = 0
    header = struct.pack("bbHHh", ICMP_ECHO_REQUEST, 0, my_checksum, ID, 1)
    bytes_In_double = struct.calcsize("d")
    data = (192 - bytes_In_double) * "Q"
    data = struct.pack("d", time.time()) + data
    my_checksum = checksum(header + data)
    header = struct.pack("bbHHh", ICMP_ECHO_REQUEST, 0, socket.htons(my_checksum), ID, 1)
    packet = header + data
    my_socket.sendto(packet, (dest_addr, 1))

def do_one_ping(dest_addr, timeout):
    icmp = socket.getprotobyname("icmp")
    my_socket = socket.socket(socket.AF_INET, socket.SOCK_RAW, icmp)
    my_ID = os.getpid() & 0xFFFF
    send_one_ping(my_socket, dest_addr, my_ID)
    delay, addr, packet = receive_one_ping(my_socket, my_ID, timeout)
    my_socket.close()
    return delay, addr, packet

def ping(host, timeout=1):
    dest_addr = socket.gethostbyname(host)
    delay, addr, packet = do_one_ping(dest_addr, timeout)
    if delay == None:
        return False
    else:
        return True

def icmp_flood_detect():
    host = "127.0.0.1"
    count = 1000
    for i in range(count):
        ping(host)

2. tcp攻击检测模块

tcp_attack.py文件实现了tcp攻击检测的功能，当检测到tcp攻击时，会输出相应的信息。

import socket

def tcp_attack_detect():
    HOST = '127.0.0.1'
    PORT = 80
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((HOST, PORT))
    s.sendall(b'Hello, world')
    data = s.recv(1024)
    s.close()

3. CC攻击检测模块

cc_attack.py文件实现了CC攻击检测的功能，当检测到CC攻击时，会输出相应的信息。

import requests

def cc_attack_detect():
    url = "http://www.example.com"
    for i in range(100):
        requests.get(url)

4. ARP欺骗攻击检测模块

arp_detect.py文件实现了ARP欺骗攻击检测的功能，当检测到ARP欺骗攻击时，会输出相应的信息。

import os
import sys
import time
import struct
import socket
import fcntl
import array

SIOCGIFCONF = 0x8912
STUCT_SIZE_32 = 32
STUCT_SIZE_64 = 40
PLATFORM_32_MAX_NUMBER = 2 ** 32

def get_interface_list():
    max_possible = 128
    bytes = max_possible * STUCT_SIZE_64
    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    names = array.array('B', '\0' * bytes)
    outbytes = struct.unpack('iL', fcntl.ioctl(
        sock.fileno(),
        SIOCGIFCONF,
        struct.pack('iL', bytes, names.buffer_info()[0])
    ))[0]
    namestr = names.tostring()
    lst = []
    for i in range(0, outbytes, STUCT_SIZE_64):
        name = namestr[i:i+16].split('\0', 1)[0]
        ip   = namestr[i+20:i+24]
        lst.append((name, ip))
    return lst

def get_interface_ip(interface_name):
    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    ip = socket.inet_ntoa(fcntl.ioctl(
        sock.fileno(),
        0x8915,  # SIOCGIFADDR
        struct.pack('256s', interface_name[:15])
    )[20:24])
    return ip

def arp_detect():
    interface_list = get_interface_list()
    for interface in interface_list:
        if interface[0].startswith('eth'):
            ip = get_interface_ip(interface[0])
            cmd = 'arping -I %s -c 2 %s' % (interface[0], ip)
            output = os.popen(cmd).read()
            if '2 received' not in output:
                print('ARP attack detected on interface %s' % interface[0])

5. 主程序模块

main.py文件是整个程序的主程序，它将多个模块有机结合起来，实现了ARP攻击检测防护软件的功能。

import icmp_flood
import tcp_attack
import cc_attack
import arp_detect

def main():
    icmp_flood.icmp_flood_detect()
    tcp_attack.tcp_attack_detect()
    cc_attack.cc_attack_detect()
    arp_detect.arp_detect()

if __name__ == '__main__':
    main()

以上就是基于Python的ARP攻击检测防护软件的设计，每个模块都有相应的代码文件，最终将它们有机结合起来，实现了ARP攻击检测防护的功能