Skip to content
/ Anti-Scanner Public

A Rust-based network traffic monitoring and auto-blocking tool designed to identify and block potential scanning threats by monitoring network traffic on specified interfaces. Leverages pcap for capture and pnet for packet analysis, with automatic IP blocking on Windows and Unix/Linux systems.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

forentfraps/Anti-Scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 

Repository files navigation

Network Traffic Monitor and Blocker

Overview

This Rust application monitors network traffic on a specified network interface, identifying and blocking IP addresses that exhibit scanning behavior by targeting a large number of ports. It leverages the pcap library for capturing traffic and the pnet crate for packet analysis. The application can distinguish between TCP and UDP traffic and implements platform-specific methods to block offending IP addresses automatically.

Requirements

  • Rust
  • pcap library
  • pnet crate
  • Elevated permissions (root on Unix/Linux or Administrator on Windows)

Features

  • Monitors network traffic in real-time for scanning activities.
  • Blocks IP addresses scanning more than a predefined number of ports.
  • Supports both Windows (using netsh) and Unix/Linux (using iptables) for IP blocking.
  • Requires elevated permissions to run.

Usage

  1. Compile the Application: Use Rust's cargo tool to compile the application: 
    cargo build --release
  2. Run the Application: Execute the application with elevated permissions. The application requires the index of the network interface you wish to monitor as a command-line argument. If no argument is provided, it will list the available network interfaces and exit.
    • Unix/Linux: Use sudo or run as root.
    • Windows: Run as Administrator.
    sudo ./target/release/network_traffic_monitor [interface_index]
    Replace [interface_index] with the index of the network interface you want to monitor.

Implementation Details

  • The application uses the pcap library for capturing packets and the pnet crate for packet processing.
  • It maintains a record of IP addresses and the ports they have attempted to connect to. If an IP address scans more than 20 ports (configurable via ALLOWED_AMOUNT_OF_PORTS), it is automatically blocked.
  • Blocking is achieved using iptables on Unix/Linux and netsh on Windows.
  • The application checks for elevated permissions at startup and exits if not run with the necessary privileges.

Platform-Specific Functions

  • Windows: Utilizes netsh advfirewall firewall add rule commands to block IP addresses.
  • Unix/Linux: Utilizes iptables -A INPUT -s [IP] -j DROP commands to block IP addresses.

Note

This application modifies your system's firewall rules. Please use it with caution and understand the implications of automatically blocking IP addresses based on network traffic analysis.

About

A Rust-based network traffic monitoring and auto-blocking tool designed to identify and block potential scanning threats by monitoring network traffic on specified interfaces. Leverages pcap for capture and pnet for packet analysis, with automatic IP blocking on Windows and Unix/Linux systems.

Topics

rust tcp udp firewall network-monitoring packet-sniffer network-security

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages