This project is read-only.
Project Description
Intrusion Detection and Prevention System based on abnormal entity method of detection.

It uses WinPcap and Packet Filtering API from Windows2000/XP/2003 for inline sensor emulation.
It requires NET Framework 3.0 for graphic interface.
Also it requires MySQL Connector for ADO.NET - mysql.data.dll
Release includes full Visual Studio 2008 project including picture files used.

The system uses a MySQL Database to acces its rules. three tables are needed: rules - profiles, parameters, and results
The system will try to connect to my local server so, if you test it, please modify the code so it doesn't connect to me ;)

Profiles :

DROP TABLE IF EXISTS `proiect_ap`.`profiluri`;
CREATE TABLE `proiect_ap`.`profiluri` (
`trafic` varchar(30) NOT NULL,
`p1_inf` int(10) unsigned NOT NULL,
`p1_sup` int(10) unsigned NOT NULL,
`p1_lim` int(10) unsigned NOT NULL,
`p2_inf` int(10) unsigned NOT NULL,
`p2_sup` int(10) unsigned NOT NULL,
`p2_lim` int(10) unsigned NOT NULL,
`p3_inf` int(10) unsigned NOT NULL,
`p3_sup` int(10) unsigned NOT NULL,
`p3_lim` int(10) unsigned NOT NULL,
PRIMARY KEY (`trafic`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

Parameters :

DROP TABLE IF EXISTS `proiect_ap`.`parametri`;
CREATE TABLE `proiect_ap`.`parametri` (
`nume` varchar(20) NOT NULL,
`numar` int(10) unsigned NOT NULL,
PRIMARY KEY (`nume`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

Results :

DROP TABLE IF EXISTS `proiect_ap`.`rezultate`;
CREATE TABLE `proiect_ap`.`rezultate` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`sursa` varchar(45) NOT NULL,
`destinatie` varchar(45) NOT NULL,
`port` int(10) unsigned DEFAULT NULL,
`tip` varchar(45) NOT NULL,
`limita` int(11) DEFAULT NULL,
`pachete` int(11) DEFAULT NULL,
`data` datetime DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1;

Last edited Jun 12, 2008 at 3:38 AM by popaaaandrei, version 4