This Intrusion Detection System (IDS) monitors network traffic and detects various types of network attacks, including ARP poisoning, DNS amplification, DNS spoofing, ping of death, port scan, and SYN flood attacks.
- Python 3.x
scapylibrary- Administrator/root privileges (required for capturing network packets)
-
Install Python 3.x: Make sure you have Python 3.x installed on your system. You can download it from python.org.
-
Install
scapy: Install thescapylibrary usingpip:pip install scapy
-
Ensure Administrator/Root Privileges: To capture network packets, you need to run the IDS with administrator/root privileges.
-
Run the IDS:
On Unix-based systems:sudo python main.py
On Windows (run as Administrator):
python main.py
-
Check the Logs: The IDS will log its activities in the ids.log file. The activities consist of detections by the various signature based detectors.
ARP Poisoning Detector
Monitors ARP traffic to detect potential ARP spoofing attacks.
DNS Amplification Detector
Monitors DNS traffic to detect DNS amplification attacks.
DNS Spoof Detector
Monitors DNS responses to detect potential DNS spoofing attacks.
Ping of Death Detector
Monitors ICMP traffic to detect large ICMP packets that could indicate a ping of death attack.
Port Scan Detector
Monitors TCP SYN packets to detect potential port scanning activities.
SYN Flood Detector
Monitors TCP SYN packets to detect SYN flood attacks.
This project is licensed under the MIT License. See the LICENSE file for more details.