Hello everyone , just finished writing an IDS with Standard User in python.
The program is written in python 3 and uses the Scapy v. 3.0.0 module.
IDS stands for Intrusion Detection System and they can work in many different ways to detect someone trying to 'Intruding' a system. There are two types of IDS's , host based and network based. This one is network based .
Well IDS's detect an attack when it's happening in real time but they do not prevent the attacks , IDPS's do or IPS. Anyway , the way this one works is it captures packets crossing the network with scapy, then writes everything into a file call ALL.pcap , reads from ALL.pcap and writes a summary( to a file called ALLsum.txt after that the program opens a configuration file provided by user or a default file with each line having a protocol which looks a bit suspicious like SSH , SSL or whatever you put into the lines of the configuration file then match it with the protocol of each line of the ALLsum.txt and if it matches it will print out the possible threat and write it to a file called PossibleThreats.txt.This program will also run forever unless a count(-c) is not added , good thing is its in real time so whenever there is a packet crossing the network that matches a line , it will alert you.
Anyway thank you for reading , ill be posting as often as I can about what I know. Got some good projects in mind.
Here's the Link to the IDS: https://github.com/WireWise/IDS_Project
You do not have to download the Default.txt it's just incase you dont provide a file it will look for that one , which contains mostly RA protocols.