Skip to content
This repository has been archived by the owner on May 17, 2024. It is now read-only.

SimonMaracine/SMYT

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

79 Commits
gui
gui
 
 
licenses
licenses
 
 
network
network
 
 
scripts
scripts
 
 
service
service
 
 
smyt
smyt
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
CMakeLists.txt
CMakeLists.txt
 
 
README.md
README.md
 
 

Repository files navigation

SMYT

Network Traffic Monitoring Program

SMYT is security program for the Linux platform that monitors network traffic, detects and reports possible DoS attacks. It's almost an IDS program.

Too many SYN packets in a short amount of time are usually a sign of port scanning, or SYN scanning and they could indicate the beginning of DoS attacks. The purpose of this program is then to detect such events and report them to the user through log files, so that they know to take some action. SMYT will also try to mitigate these attacks by interacting with the firewall.

SMYT is an acronym and it means SMYT Monitors Your Traffic. Not the best name. But naming things is hard.

How Does SMYT Work

SMYT makes use of the libpcap library to capture TCP packets as they come and go through the operating system. It then checks the flags to see which ones are SYN (Synchronize) packets and saves their source IP address for potentially later use. There are three configurable parameteres that can decide if a particular situation is a SYN scan or not:

  • Warning threshold - number of SYN packets that if exceeded, triggers a warning log
  • Panic theshold - number of SYN packets that if exceeded, triggers an alert log, meaning a SYN scan, and puts SMYT in a panic state
  • Process interval - number of seconds between processing the stored packets

In panic mode, SMYT also takes action by blocking the source addresses from which the SYN packets come. It interacts with the firewall through iptables.

Service And CLI

SMYT comes in two forms: as a command line program and as a systemd service. The former is rather for testing purposes and the latter is meant for actual use.

For managing the SMYT service there is a graphical user interface application written in Python. It is not required, but it can be used to start/stop the service, see its status, see the logs and edit the configuration file.

Dependencies

Install

  • dnf install libpcap-devel.x86_64
  • dnf install systemd-devel.x86_64
  • apt install libpcap-dev
  • apt install libsystemd-dev

Building And Testing

SMYT was compiled with GCC 13.2 (C++20) and cpython 3.12 and was run and tested on a Fedora and an Xubuntu machine, both 64-bit.

SMYT can easily block very simple DoS attacks with firewall rules (for example, nmap + tcpdump + tcpreplay), as testing suggested, but it may struggle with anything more advanced than that or with big DDoS attacks.

About

Mini IDS program for Linux

Topics

security networking cpp ids

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages