Scribd
Upload
36 views5 pages

Swlab 6

Uploaded by

pranavpandit2407
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
36 views5 pages

Swlab 6

Uploaded by

pranavpandit2407
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Name-Om Choudhari Roll No-38

Batch-C3

Software Lab Practical No.-5

Task 1-

import re
def analyze_log(file_path):
with open(file_path, 'r') as
log_file: for line in log_file:
# Example pattern to find failed login
attempts if re.search(r"Failed
password", line):
print(f"Suspicious activity detected:
{line.strip()}") # Provide the correct file path to the
function

Task 2-

import os
def
monitor_network_usage(): #
For Windows systems
os.system("netstat -an")
print("Monitoring network usage...")
monitor_network_usage()
Task 3-

import subprocess
def run_nmap(target_ip):
print(f"Scanning {target_ip} for open ports...")
nmap_output = subprocess.run(['nmap', target_ip],
capture_output=True, text=True)
print(nmap_output.stdout)

target_ip = input("Enter the target IP address: ")


run_nmap(target_ip)

Task 4-

import subprocess
def run_vulnerability_scan():
print("Running security checks on the
system...") # Example: Checking for running
services on Windows
services_check = subprocess.run(['sc', 'query'],
capture_output=True, text=True)
print(services_check.stdout)
Questions_

1. Discuss the role of network logs in identifying security incidents.

Network logs help identify security incidents by recording network activity, allowing detection of
anomalies such as unauthorized access, suspicious traffic patterns, and data exfiltration. They
provide crucial insights for investigating breaches and responding to threats.

2. Analyze the results from the port scan and vulnerability checks and understand how open
ports and services can be a potential risk.

Open ports and services from port scans and vulnerability checks can pose risks by exposing entry
points for attackers. Unsecured or outdated services running on open ports may be exploited,
leading to unauthorized access, data breaches, or other cyberattacks.

3. Reflect on how real-world attacks like denial-of-service (DoS) or data exfiltration can be detected
using these methods.

Real-world attacks like denial-of-service (DoS) and data exfiltration can be detected through network
monitoring and analyzing logs for unusual traffic patterns. Port scans can reveal abnormal port
activity linked to DoS, while vulnerability checks can identify weak points that may be exploited for
data exfiltration.

4. Modify the log analysis program to detect multiple types of security events (e.g., IP blocking,
denial of service attempts).

To modify a log analysis program for detecting multiple types of security events like IP blocking
and denial-of-service attempts, you can:

1) Pattern Matching: Add rules to identify patterns in logs for different security events (e.g.,
repeated failed login attempts for IP blocking, large traffic spikes for DoS).

2) Thresholds: Set thresholds for certain events (e.g., excessive requests from a single IP).

3) Alerts: Implement alerts for detected anomalies such as blocked IPs or DoS attempts.

4) Modularization: Create separate functions for each event type to make the system scalable for
detecting additional incidents.

5. Extend the port scanning program to save results to a file and display the number of open ports.

import subprocess

import re

def run_nmap(target_ip):

print(f"Scanning {target_ip} for open ports...")


nmap_output = subprocess.run(['nmap', target_ip], capture_output=True, text=True)

output = nmap_output.stdout

open_ports = re.findall(r"(\d+)/tcp\s+open", output)

with open("nmap_results.txt", "w") as file:

file.write(output)

print(f"Number of open ports: {len(open_ports)}")

target_ip = input("Enter the target IP address: ")

run_nmap(target_ip)

6. Write a Python program that periodically checks network activity and alerts the user if suspicious
traffic is detected.

import re

def analyze_log(file_path):

failed_logins = 0

blocked_ips = set()

dos_attempts = {}

with open(file_path, 'r') as log_file:

for line in log_file:

if re.search(r"Failed password", line):

failed_logins += 1

print(f"Suspicious activity detected: Failed login attempt - {line.strip()}")

if re.search(r"Blocked IP", line):

ip = re.search(r"(\d+\.\d+\.\d+\.\d+)", line).group(1)

blocked_ips.add(ip)

print(f"Security event: IP blocked - {ip}")

if re.search(r"Connection from", line):

ip = re.search(r"(\d+\.\d+\.\d+\.\d+)", line).group(1)

if ip in dos_attempts:

dos_attempts[ip] += 1

else:

dos_attempts[ip] = 1
if dos_attempts[ip] > 100: # Example threshold for DoS attempt

print(f"Alert: Possible DoS attack from IP {ip}")

print(f"Total failed login attempts: {failed_logins}")

print(f"Blocked IPs: {', '.join(blocked_ips)}")

log_file_path = input("Enter the path to the network log file: ")

analyze_log(log_file_path)

You might also like