# Control Flow exercises

## 1. Detecting Malicious Activity in Network Traffic

*Problem:*
You are monitoring network traffic and must flag IP addresses that show suspicious activity. You have two lists:

* allowed_ips: IP addresses that are known to be safe.
* suspicious_activity: A list of IP addresses and the number of suspicious packets detected from that IP.

Your task is to check each IP from the suspicious_activity list. If an IP is not in allowed_ips and has more than 3 suspicious packets, print that the IP needs further investigation.

In [15]:
# Hardcoded lists
allowed_ips = ["192.168.0.1", "10.0.0.1", "172.16.0.1"]
suspicious_activity = [
    {"ip": "192.168.0.2", "suspicious_packets": 5},
    {"ip": "10.0.0.1", "suspicious_packets": 2},
    {"ip": "192.168.0.3", "suspicious_packets": 4},
    {"ip": "172.16.0.1", "suspicious_packets": 1},
    {"ip": "203.0.113.5", "suspicious_packets": 7}
]

# Solution
for activity in suspicious_activity:
    ip = activity["ip"]
    suspicious_packets = activity["suspicious_packets"]
    if ip not in allowed_ips and suspicious_packets >3:
        print(f"Ip {ip} needs further investigation, : {suspicious_packets} suspicious packets")


Ip 192.168.0.2 needs further investigation, : 5 suspicious packets
Ip 192.168.0.3 needs further investigation, : 4 suspicious packets
Ip 203.0.113.5 needs further investigation, : 7 suspicious packets


## 2. Counting Failed Login Attempts

You are analyzing a list of login attempts where 0 represents a failed attempt and 1 represents a successful login. The system should flag any user after 3 consecutive failed login attempts.

Count how many users should be flagged based on their login attempts.

In [142]:
# Hardcoded login attempts: 0 = fail, 1 = success
login_attempts = [
    [1, 0, 0, 1, 0, 0, 0],  # User 1
    [0, 1, 1],              # User 2
    [0, 0, 0, 0],           # User 3
    [0, 1, 0, 0],           # User 4
]

# Solution
flagged = 0
for user in login_attempts:
    contador = 0
    for attempt in user:
        if attempt == 1:
            contador = 0
        else:
            contador += 1
        if contador == 3:
            flagged += 1
            break
if flagged == 0:
    print("No ha habido incidencias")
else:
    print(f"Number of flagged users: {flagged}")


#Recomano repetir per practicar <------------------------------------

Number of flagged users: 2


## 3. Firewall Rule Matching

A firewall is configured to block traffic based on specific rules. The firewall logs contain packet information, and the rules are simple:

* If a packet contains the word "attack", block the traffic.
* If a packet contains the word "malware", block the traffic.
* If no dangerous words are found, the traffic is allowed.
  
Go through a list of packets and print whether the traffic should be blocked or allowed.

In [2]:
# Packet data
packet_log = [
    "GET /index.html",
    "malware detected in POST request",
    "Checking for updates",
    "Potential attack detected in payload",
    "Normal traffic"
]

# Solution
for packet in packet_log:
    if "malware" in packet.lower() or "attack" in packet.lower():
        print(f"Packet blocked: {packet}")
    else:
        print(f"Packet allowed: {packet}")

Packet allowed: GET /index.html
Packet blocked: malware detected in POST request
Packet allowed: Checking for updates
Packet blocked: Potential attack detected in payload
Packet allowed: Normal traffic


## 4. Detecting Repeated Unauthorized Access Attempts

You are monitoring a log of unauthorized access attempts. If an IP address attempts to access the system more than 3 times, it should be flagged. You are given a list of IP addresses, where each entry represents one access attempt.

Count how many IP addresses should be flagged based on the number of attempts.

In [3]:
# Hardcoded log of access attempts
access_attempts = [
    "192.168.0.1", "192.168.0.1", "192.168.0.2", "192.168.0.1",
    "192.168.0.2", "192.168.0.2", "192.168.0.3", "192.168.0.3", "192.168.0.2"
]

# Dictionary to count occurrences of each IP
ip_count = {}

# Count the occurrences of each IP address
for ip in access_attempts:
    if ip in ip_count:
        ip_count[ip] += 1
    else:
        ip_count[ip] = 1

# Count how many IPs exceed the threshold of 3 attempts
flagged_ips_count = sum(1 for count in ip_count.values() if count > 3)

# Output the result
print(f"Number of flagged IPs: {flagged_ips_count}")

#HECHO POR EL CHAT ESTE NO LO HE PODIDO RESOLVER!!!!!!!!!!!!!!!!!!!!!!!! <------------------------

Number of flagged IPs: 1


## 5. Password Strength Checker

You are given a list of passwords and must categorize them based on their strength. The criteria are:

* *Weak:* Passwords less than 6 characters.
* *Medium:* Passwords between 6 and 10 characters.
* *Strong:* Passwords longer than 10 characters.
  
Print how many passwords fall into each category.

In [4]:
# Hardcoded list of passwords
passwords = ["123", "password", "strongpassword123", "qwerty", "admin", "ilovecoding12345"]
# Solution
weak = 0
medium = 0
strong = 0
for element in passwords:
    char = len(element)
    if char < 6:
        weak += 1
    elif char >= 6 and char <= 10:
        medium += 1
    elif char > 10:
        strong += 1
print(f"Weak password: {weak}")
print(f"Medium password: {medium}")
print(f"Strong password: {strong}")


Weak password: 2
Medium password: 2
Strong password: 2


## 6. Log Analysis: Detecting Suspicious Activity Patterns

You are given a series of network logs with different types of activity. If a log entry contains any of the following suspicious words—"error", "failure", or "denied"—it should be flagged for further review. Count how many logs need further review.

In [5]:
# Hardcoded network logs
logs = [
    "User login successful",
    "Access denied on port 22",
    "System error: disk full",
    "User login failure",
    "Normal activity detected",
    "Permission denied for user"
]

# Solution
flagged = 0
for element in logs:
    if "error" in element or "failure" in element or "denied" in element:
        flagged += 1
print(f"Number of logs flagged for review: {flagged}")        


Number of logs flagged for review: 4


## 7. Detecting Sequential Failed Login Attempts

You are given a list of login attempts where 1 represents a successful login and 0 represents a failed attempt. If a user has 2 consecutive failed attempts followed by a successful login, it should be flagged as suspicious activity.

Count how many users show suspicious login behavior.

In [6]:
# Hardcoded list of login attempts (each list represents one user's attempts)
user_attempts = [
    [1, 0, 0, 1],      # User 1
    [0, 1, 1],         # User 2
    [0, 0, 1, 0],      # User 3
    [1, 1, 1, 0],      # User 4
]
# Solution
bad_users = 0
for user in user_attempts:
    contador = 0
    for attempt in user:
        if attempt == 0 and contador == 0:
            contador = 1
        elif attempt == 0 and contador == 1:
            contador = 2
        elif attempt == 1 and contador == 2:
            bad_users += 1
print(f"Number of users with suspicious login behavior: {bad_users}")

Number of users with suspicious login behavior: 2
