diff options
| author | 尹姜谊 <[email protected]> | 2024-03-14 09:33:45 +0800 |
|---|---|---|
| committer | 尹姜谊 <[email protected]> | 2024-03-14 09:33:45 +0800 |
| commit | b0484623c1e41dcafe9bd28faf01dc95ca091903 (patch) | |
| tree | 7ada8461de2fe4cc84643a8dd865fa49e6caf33b | |
| parent | 56449ee5cd45724329101ac19fddcfd0c584a9b5 (diff) | |
Modify: turbovpn新增udp payload识别,需预定义Turbo_UDP
| -rw-r--r-- | config24.01.yaml | 3 | ||||
| -rw-r--r-- | data/turbovpn/turbovpn-ip_2024-03-12_20.csv | 7 | ||||
| -rw-r--r-- | data/turbovpn/turbovpn-ip_2024-03-13_00.csv | 18 | ||||
| -rw-r--r-- | data/turbovpn/turbovpn-ip_2024-03-13_19.csv | 7 | ||||
| -rw-r--r-- | detection/vpnservices/turbovpn.py | 1 |
5 files changed, 35 insertions, 1 deletions
diff --git a/config24.01.yaml b/config24.01.yaml index 47a7c42..606c8fe 100644 --- a/config24.01.yaml +++ b/config24.01.yaml @@ -23,6 +23,7 @@ clickhouse: password: galaxy2019 db_name: tsg_galaxy_v3 table_name: session_record + security_table_name: security_event mariadb: host: 192.168.44.53 @@ -128,7 +129,7 @@ turbovpn: plugin_name: turbovpn object_type: ip confidence: confirmed - sql: SELECT server_ip FROM {$db_name}.{$table_name} WHERE {$time_filter} AND server_port IN (66, 109, 8080, 97, 94, 92, 21, 25) GROUP BY server_ip having length(groupUniqArray(server_port))>3 + sql: SELECT server_ip FROM {$db_name}.{$table_name} WHERE {$time_filter} AND server_port IN (66, 109, 8080, 97, 94, 92, 21, 25) GROUP BY server_ip having length(groupUniqArray(server_port))>3 UNION ALL SELECT server_ip FROM {$db_name}.{$security_table_name} WHERE {$time_filter} AND (app_transition LIKE '%Turbo_UDP%') geckovpn: diff --git a/data/turbovpn/turbovpn-ip_2024-03-12_20.csv b/data/turbovpn/turbovpn-ip_2024-03-12_20.csv new file mode 100644 index 0000000..a46f3be --- /dev/null +++ b/data/turbovpn/turbovpn-ip_2024-03-12_20.csv @@ -0,0 +1,7 @@ +addr_format,ip1,ip2,plugin_id,plugin_name,vpn_service_name,method,confidence,is_valid +Single,165.227.91.243,165.227.91.243,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,96.126.100.78,96.126.100.78,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,137.184.55.151,137.184.55.151,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,143.198.168.208,143.198.168.208,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,134.209.212.4,134.209.212.4,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,162.243.1.80,162.243.1.80,7,turbovpn,turbovpn,passive_ml,confirmed,1 diff --git a/data/turbovpn/turbovpn-ip_2024-03-13_00.csv b/data/turbovpn/turbovpn-ip_2024-03-13_00.csv new file mode 100644 index 0000000..bc1973c --- /dev/null +++ b/data/turbovpn/turbovpn-ip_2024-03-13_00.csv @@ -0,0 +1,18 @@ +addr_format,ip1,ip2,plugin_id,plugin_name,vpn_service_name,method,confidence,is_valid +Single,192.241.241.129,192.241.241.129,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,162.243.5.116,162.243.5.116,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,104.248.15.166,104.248.15.166,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,198.199.114.225,198.199.114.225,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,157.245.218.82,157.245.218.82,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,192.241.192.5,192.241.192.5,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,167.71.102.90,167.71.102.90,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,162.243.5.152,162.243.5.152,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,96.126.100.78,96.126.100.78,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,162.243.1.80,162.243.1.80,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,159.89.180.216,159.89.180.216,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,192.241.246.124,192.241.246.124,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,137.184.55.151,137.184.55.151,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,143.198.121.152,143.198.121.152,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,165.227.91.243,165.227.91.243,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,143.198.168.208,143.198.168.208,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,134.209.212.4,134.209.212.4,7,turbovpn,turbovpn,passive_ml,confirmed,1 diff --git a/data/turbovpn/turbovpn-ip_2024-03-13_19.csv b/data/turbovpn/turbovpn-ip_2024-03-13_19.csv new file mode 100644 index 0000000..2101494 --- /dev/null +++ b/data/turbovpn/turbovpn-ip_2024-03-13_19.csv @@ -0,0 +1,7 @@ +addr_format,ip1,ip2,plugin_id,plugin_name,vpn_service_name,method,confidence,is_valid +Single,134.209.212.4,134.209.212.4,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,165.227.91.243,165.227.91.243,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,96.126.100.78,96.126.100.78,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,137.184.55.151,137.184.55.151,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,143.198.168.208,143.198.168.208,7,turbovpn,turbovpn,passive_ml,confirmed,1 +Single,162.243.1.80,162.243.1.80,7,turbovpn,turbovpn,passive_ml,confirmed,1 diff --git a/detection/vpnservices/turbovpn.py b/detection/vpnservices/turbovpn.py index 0266cd2..a8eef71 100644 --- a/detection/vpnservices/turbovpn.py +++ b/detection/vpnservices/turbovpn.py @@ -42,6 +42,7 @@ class Turbovpn(VpnDetector): self.end_time)).replace("{$time_zone}", self.time_zone) self.sql = self.sql.replace("{$db_name}", self.dbname).replace("{$table_name}", self.table_name) self.sql = self.sql.replace("{$time_filter}", time_filter) + self.sql = self.sql.replace("{$security_table_name}", self.config['clickhouse']['security_table_name']) # self.sql = self.sql.replace("{$security_table_name}", self.plugin_config['security_table_name'])\ # .replace("{$security_policy_id}", str(self.plugin_config['security_policy_id'])) |