Permalink
Browse files

updates

  • Loading branch information...
1 parent 1f54345 commit 751e662b7faef7a114cf5f4d6890a8d147496137 @JustinAzoff committed Jun 23, 2012
Showing with 39 additions and 1 deletion.
  1. +38 −0 9_bad_countries.bro
  2. +1 −1 clean
View
38 9_bad_countries.bro
@@ -0,0 +1,38 @@
+@load base/frameworks/notice
+
+export {
+ redef enum Notice::Type += {
+ Too_Many_Countries
+ };
+
+ const country_threshold = 3 &redef;
+ type country_set: set[string] &create_expire=1hr;
+ global host_countries: table[addr] of country_set &create_expire=1hr;
+}
+
+
+event new_connection(c: connection)
+{
+ local from = c$id$orig_h;
+ local to = c$id$resp_h;
+
+ local loc = lookup_location(to);
+
+ if(loc?$country_code){
+ if(from !in host_countries){
+ local s: country_set;
+ host_countries[from] = s;
+ } else {
+ s = host_countries[from];
+ }
+ add s[loc$country_code];
+ if(|s| >= country_threshold){
+ NOTICE([$note=Too_Many_Countries,
+ $msg=fmt("%s has connected to too many countries", from),
+ $identifier=fmt("%s", from),
+ $remote_location=loc,
+ $suppress_for=1day,
+ $conn=c]);
+ }
+ }
+}
View
2 clean
@@ -1,3 +1,3 @@
#!/bin/sh
-rm -f *.log .state/ -r
+sudo rm -f *.log .state/ -r

0 comments on commit 751e662

Please sign in to comment.