Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mrd33t/network_ids
Network Intrusion Detection System (NIDS) implemented in Python. Monitors network traffic for potential security threats including port scans, ICMP floods, DNS amplification attacks, and ARP spoofing. Features configurable thresholds and detailed logging for enhanced network security analysis.
https://github.com/mrd33t/network_ids
intrusion-detection network-security python scapy
Last synced: 9 days ago
JSON representation
Network Intrusion Detection System (NIDS) implemented in Python. Monitors network traffic for potential security threats including port scans, ICMP floods, DNS amplification attacks, and ARP spoofing. Features configurable thresholds and detailed logging for enhanced network security analysis.
- Host: GitHub
- URL: https://github.com/mrd33t/network_ids
- Owner: mrd33t
- License: mit
- Created: 2024-11-02T19:34:16.000Z (10 days ago)
- Default Branch: main
- Last Pushed: 2024-11-02T19:41:46.000Z (10 days ago)
- Last Synced: 2024-11-02T20:24:16.068Z (10 days ago)
- Topics: intrusion-detection, network-security, python, scapy
- Language: Python
- Homepage:
- Size: 0 Bytes
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Network Intrusion Detection System (NIDS)
This is a simple Network Intrusion Detection System (NIDS) implemented in Python using Scapy. It monitors network traffic and detects potential security threats such as port scans, ICMP floods, DNS amplification attacks, and ARP spoofing.
## Features
- TCP SYN flood detection
- ICMP flood detection
- DNS amplification attack detection
- ARP spoofing detection
- Configurable thresholds
- Logging with rotation
## Requirements
- Python 3.6+
- Root/Administrator privileges
## Installation
1. Clone this repository:
git clone https://github.com/mrd33t/network-ids.git
cd network-ids
2. Install the required packages:
scapy==2.5.0
netifaces==0.11.0
3. Choose the network interface you want to monitor when prompted.
4. The script will start monitoring network traffic and log any suspicious activities.
## Configuration
You can modify the `config.ini` file to adjust various settings:
- `SYN_THRESHOLD`: Number of SYN packets from a single IP to trigger an alert
- `ICMP_THRESHOLD`: Number of ICMP packets per minute to trigger an alert
- `REPORT_INTERVAL`: Number of packets between status updates
- `LOG_FILE`: Name of the log file
- `MAX_LOG_SIZE`: Maximum size of the log file before rotation (in bytes)
- `BACKUP_COUNT`: Number of backup log files to keep
## Disclaimer
This tool is for educational and testing purposes only. Always obtain proper authorization before monitoring network traffic that doesn't belong to you.
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.