/DNP3-Attack-Detection-System

Simple packet dissector that detects anomalous DNP3 traffic by analysing its parameters

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

#DNP3 Attack Detection System for Scapy

The Distributed Network Protocol (DNP3) is defined in IEEE Std 1815 for the purpose of distributing event data for operation on a variety of communication media consistent with the makeup of most electric power communication systems.

In this project we use the DNP3 libraries for Scapy to build a simple packet dissector that tries to detect anomalous DNP3 traffic by analysing its parameters.

The program sniffs all traffic in eth0 interface and works in a similar way that an IDS, reporting suspicious events. Aditionally, there is a system that stores global alarm state and gives feedback to the user.

Please note that this code depends on the scapy library.

Usage:

sudo ./sniff.py

##License of DNP3_Lib Copyright 2014-2016 N.R Rodofile

Licensed under the GPLv3.

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.