update detection logic

oryx-tui/src/app.rs

@@ -193,23 +193,28 @@ impl App {
             let packets = packets.clone();
             let syn_flood_map = syn_flood_map.clone();
             let syn_flood_attck_detected = syn_flood_attck_detected.clone();
-            let win_size = 10_000;
+            let win_size = 100_000;
             move || loop {
+                let start_index = {
+                    let packets = packets.lock().unwrap();
+                    packets.len().saturating_sub(1)
+                };
                 thread::sleep(Duration::from_secs(5));
                 let app_packets = {
                     let packets = packets.lock().unwrap();
                     packets.clone()
                 };
 
                 let mut map = syn_flood_map.lock().unwrap();
+                map.clear();
 
                 if app_packets.len() < win_size {
                     continue;
                 }
 
                 let mut nb_syn_packets = 0;
 
-                app_packets[app_packets.len().wrapping_sub(win_size)..]
+                app_packets[start_index..app_packets.len().saturating_sub(1)]
                     .iter()
                     .for_each(|packet| {
                         if let AppPacket::Ip(ip_packet) = packet {
@@ -1141,6 +1146,8 @@ impl App {
         };
         attacker_ips.sort_by(|a, b| b.1.cmp(&a.1));
 
+        attacker_ips.retain(|(_, count)| *count > 10_000);
+
         let top_3 = attacker_ips.into_iter().take(3);
 
         let widths = [Constraint::Min(30), Constraint::Min(20)];