break;
}
}
if(m==scanrule[h].k)
{
scanrule[h].count[scanrule[h].k] =dport;
scanrule[h].k++;
scanrule[h].t2_tmpbuf_com=t_tmpbuf_now;
return scanrule[h].k;
}
}
}
if(h==i) //没出现的IP就新加入
{
scanrule[h].keyword.byte1=ih->saddr.byte1;
scanrule[h].keyword.byte2=ih->saddr.byte2;
scanrule[h].keyword.byte3=ih->saddr.byte3;
scanrule[h].keyword.byte4=ih->saddr.byte4;
scanrule[h].t2_tmpbuf_com=t_tmpbuf_now;
scanrule[i].k=0;
scanrule[i].count[scanrule[i].k]=dport;
scanrule[i].k++;
i++;
return scanrule[h].k; //返回新插入的数据下表
}
}
else //将记录清空
{
i=0;
scanrule[h].k=0;
return 0;
}
return 0;
}
int synflood(ip_header *ih,int syn,int timeout,time_t t_tmpbuf_now)
//检测洪水攻击的规则函数
{
int h;
if(timeout<=0)
{
for(h=0;h<j&&h<NUM2;h++)
{
if(ih->saddr.byte1==synrule[h].keyword.byte1&&
ih->saddr.byte2==synrule[h].keyword.byte2&&
ih->saddr.byte3==synrule[h].keyword.byte3&&
ih->saddr.byte4==synrule[h].keyword.byte4)
{
t_tmpbuf_add=t_tmpbuf_now-synrule[h].t1_tmpbuf_com;
if (t_tmpbuf_add>3)
{
printf("The time is out: %ld\n",t_tmpbuf_add);
synrule[h].count =0;
}
if(syn==1)
synrule[h].count =synrule[h].count+1;
else
synrule[h].count =0;
return h; //返回新修改的数据下表
}
}
if(h==j)
{
&nb
首页 上一页 5 6 7 8 9 10 下一页 尾页 8/10/10
免费个人入侵检测系统的实现(八)由毕业论文网(www.huoyuandh.com)会员上传。
