We are in the process of implementing a platform independent IDS in Java as our final year project at university of pune. I am stuck up in implementing the following modules and the deadlines are imminent. we are using Jpcap for monitoring network traffic.
Can anyone please share some knowledge about it ??
1) How to block traffic from unauthorized IP's . The user is given a choice to add IPs to a block list.Whenever the packets from blocked IPs are detected the traffic from such an IP should be automatically blocked and an alert should be raised.
2) An Application to detect occurence of flooding attacks and techniques to detect activities like Port scanning.
What kind of knowledge do you want us to share exactly? If you are in your final year, you should be able to at least "start" work on this.
What part of blocking the IP's are you stuck on? Creating a list / db entries of unauthorized IP addresses, or actually blocking network traffic from them? How are you getting data from the firewall/access point? How does your Java program interface with the network? Basically, what have you done thus far, and what does it do?
There really isn't a good way in Java, that I am aware of, in order to do any of this. You can always use the Runtime.exec(...) command to run native Linux commands, or additional software like psad installed on Linux, in order to access the information such as iptables.