search

stratosphereips / StratosphereLinuxIPS

Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague.
Other
668 stars 165 forks source link

Fix unable to get daddr from conn.log flow in flowalerts #765

Open AlyaGomaa opened 2 days ago

AlyaGomaa commented 2 days ago

Created by Alya Gomaa via monday.com integration. 🎉

AlyaGomaa commented 2 days ago

File:CTU-SME-11/CTU-SME-11/Experiment-VM-Linux-Ubuntu2204-1/2023-02-23/raw/2023-02-23-00-01-51-192.168.1.109.pcap Branch: develop Commit: c5fc00282127a6a299145b44b74d05369b11128a

File "/StratosphereLinuxIPS/slips_files/common/abstracts.py", line 115, in run

error: bool = self.main()

File "/StratosphereLinuxIPS/modules/flowalerts/flowalerts.py", line 2045, in main

self.detect_data_upload_in_twid(profileid, twid)

File "/StratosphereLinuxIPS/modules/flowalerts/flowalerts.py", line 417, in detect_data_upload_in_twid

bytes_sent: dict = get_sent_bytes(all_flows)

File "/StratosphereLinuxIPS/modules/flowalerts/flowalerts.py", line 399, in get_sent_bytes

if self.is_ignored_ip_data_upload(daddr) or not sbytes:

File "/StratosphereLinuxIPS/modules/flowalerts/flowalerts.py", line 280, in is_ignored_ip_data_upload

ip_obj = ipaddress.ip_address(ip)

File "/envs/slips/lib/python3.9/ipaddress.py", line 53, in ip_address

raise ValueError('%r does not appear to be an IPv4 or IPv6 address' %

ValueError: '' does not appear to be an IPv4 or IPv6 address