Welcome to Defnet-IDS-IPS, a modern, lightweight, and efficient Intrusion Detection and Prevention System (IDS/IPS) designed to monitor, alert, and block suspicious network activities. This tool is tailored for enthusiasts and professionals looking for a customizable solution that integrates seamlessly with OpenWRT and similar environments.
- Real-Time Packet Monitoring: Efficiently sniff and analyze network packets.
- Customizable Rules: Define, parse, and manage rules to detect and mitigate network threats.
- Blocking Mechanism: Use a blacklist to block malicious IP addresses dynamically.
- Protocol Support: Built-in support for multiple protocols with extensible configurations.
- Radix Tree for Rules: Optimized rule matching with a radix tree data structure.
- OpenWRT Integration: Seamlessly integrates with OpenWRT environments via a shell script.
- Start/Stop Service Management: Intuitive service controls with
main.pyandservice_manager.py.
- Python 3.8 or higher
scapyfor packet sniffing and analysis- Administrator/root access for managing network configurations
- OpenWRT environment (optional)
- Clone the repository:
git clone https://github.com/yourusername/Defnet-IDS-IPS.git cd Defnet-IDS-IPS - Install required Python dependencies:
pip install -r requirements.txt
- (Optional) Set up OpenWRT integration:
./openwrt-ids-ips.sh
The repository is organized into the following structure:
Defnet-IDS-IPS/
├── main.py # Core application: Start/Stop the service
├── openwrt-ids-ips.sh # Shell script for managing the service on OpenWRT
├── configuration/ # Configuration files
│ ├── config_protocols.json # Supported protocols
│ └── config_settings.json # Network settings (HOME_NET, EXTERNAL_NET)
├── core/ # Core utilities
│ └── utils.py
├── protocols/ # Protocol management
│ └── protocols.py
├── radixTree/ # Radix tree implementation for rule optimization
│ └── radix_tree.py
├── services/ # Service components
│ ├── service_manager.py # Start/stop service logic
│ ├── packet_analyzer.py # Analyze network packets
│ ├── packet_sniffer.py # Sniff network packets
│ └── config_service.py # Manage configuration loading
├── rules/ # Rule definitions and managers
│ ├── config_rules.json # Predefined network rules
│ ├── rule.py # Rule data structure
│ ├── rule_manager.py # Manage categorized rules
│ └── rule_parser.py # Parse rule configurations
└── README.md # DocumentationDefine the supported protocols in configuration/config_protocols.json. For example:
{
"TCP": 6,
"UDP": 17,
"ICMP": 1
}Customize network settings in configuration/config_settings.json:
{
"HOME_NET": "192.168.1.0/24",
"EXTERNAL_NET": "any"
}Define your detection and prevention rules in rules/config_rules.json. Example:
{
"rule_id": "1",
"protocol": "ICMP",
"src_ip": "any",
"dst_ip": "any",
"action": "alert",
"description": "ICMP packet detection",
"threshold": {
"count": 1,
"time": 10
},
"flags":"S"
}Use the main script to start or stop the IDS/IPS service:
python main.py startpython main.py stopUse the shell script to manage the service in an OpenWRT environment:
./openwrt-ids-ips.sh start
./openwrt-ids-ips.sh stopWe welcome contributions! Please follow these steps:
- Fork the repository.
- Create a new branch for your feature or bug fix.
- Commit your changes and push to your fork.
- Submit a pull request with a clear description of your changes.
Defnet-IDS-IPS is licensed under the MIT License. See LICENSE for details.
Happy detecting and preventing! 🚀