DDoS attack Tcpdump log file Analysis Program

CLOSED
Bids
4
Avg Bid (USD)
$275
Project Budget (USD)
$30 - $250

Project Description:
Hi.

DDoS attack Tcpdump log file Analysis Program.
I prefer PHP , MySQL , Scripting language.
Dev Server : CentOS 6.3

please read attack file : todo.txt

Additional Project Description:
10/05/2012 at 7:16 CEST
oops .. miss spell ... ^^/

please read attach file : todo.txt

===============================
Hi.

Tcpdump log file Analysis Program.

I prefer PHP , MySQL , Scripting language.

Dev Server : CentOS 6.3


==================================================================
[Main Function]
==================================================================
1. [Packet dump start & stop Program]


ex) /sbin/data_dump.php 1.1.1.1 10

argv parameter 1 => 1.1.1.1 ( Destination IP )
argv parameter 2 => 10 minute


** Should be stopped after Specified (10) minutes.


(ex)
/var/log/dump/2012_10_05/1.1.1.1.dmp

************************************************************************************

# tcpdump -i eth0 -nnS -vvv net 101.250.3.72 -X -s 1500 -w 101.250.3.72.dmp
# tcpdump -tttt -r 101.250.3.72.dmp | more

==================================================================
2. [ information extraction & store MySQL database program ]


MySQL table sample


[1. attack_history ]
1. pid :
2. victim_ip : 1.1.1.1
3. dest_port : 80
4. start_time : Y-m-d H:i:s
5. stop_time : Y-m-d H:i:s
6. attack_protocol : tcp, udp , icmp , other
7. packet_lenth : Average packet length
8. attack_type : udp attack , tcp syn attack ...( detail Types of attacks infomation )
9. max_bits :
10. total_byte : 1000000 ...
11. total_packet : 111111111
.... etc ....



[2. zombie_history]

1. pid :
2. attack_pid :
3. zombie_source_ip : 9.9.9.9
4. source_port : 6000
5. victim_ip : 1.1.1.1
6 dest_port : 80
7. Country : KR , US , JP .... (From GeoIP Library)
8. ISP : KT, SK, .... (From GeoIP Library)
8. ISP manager emai : , .... (From GeoIP Library)

9. start_time : Y-m-d H:i:s
10. stop_time : Y-m-d H:i:s
11. victim_ip : 1.1.1.1
12. attack_protocol : tcp, udp , icmp , other
13. packet_lenth : Average packet length
14. attack_type : udp attack , tcp syn attack ...( detail Types of attacks infomation )
15. max_bits :
16. total_byte : 1000000 ...
11. total_packet : 111111111
.... etc ....


all the packet information should be stored .


==================================================================
3. simple PHP Web report program :
==================================================================

work dir : /var/www/html/

3-1 : Attack history list & Zombis IP List
3-2 : Detailed HTML report. & "MRTG style" chart report.
3-3 : Log download...
..... etc ....



==================================================================
Dev & Test server :
==================================================================

Dev Server : CentOS 6.3

IP : 14.206.6.7

ssh id : root
ssh pass : dev1234
MYSQL : root , dev1234
MySQL Database : dev

Sample TCPDUMP Log file : /home/data/


*** Fast, stable, Real time work.... should be.. ;)

Skills required:
HTML, Linux, MySQL, PHP
Additional Files: todo.txt 111.PNG
About the employer:
Verified
Public Clarification Board
Bids are hidden by the project creator. Log in as the employer to view bids or to bid on this project.
You will not be able to bid on this project if you are not qualified in one of the job categories. To see your qualifications click here.


Hire zeke
$ 250
in 3 days
$ 350
in 15 days
$ 250
in 6 days
Hire GKTbPl084
$ 250
in 1 days