Structure to hold a dos attack vector. More...
Data Fields | |
| uint32_t | target_ip |
| The IP address of the alleged target of the attack. | |
| uint32_t | attacker_ip_cnt |
| Number of IP addresses the alleged attack has originated from. | |
| uint32_t | interval_attacker_ip_cnt |
| Number of IP addresses the alleged attack has originated from in the current interval. | |
| uint32_t | attack_port_cnt |
| Number of ports that alleged attack packets have originated from. | |
| uint32_t | target_port_cnt |
| Number of ports that alleged attack packets were directed to. | |
| uint64_t | packet_cnt |
| The number of packets that comprise this vector. | |
| uint32_t | interval_packet_cnt |
| The number of packets added to this vector in the current interval. | |
| uint64_t | byte_cnt |
| The number of bytes that comprise this vector. | |
| uint32_t | interval_byte_cnt |
| The number of bytes added to this vector in the current interval. | |
| uint64_t | max_ppm |
| The maximum packet rate observed thus far. | |
| uint32_t | start_time_sec |
| The time of the initial packet (seconds) | |
| uint32_t | start_time_usec |
| The time of the initial packet (usec) | |
| uint32_t | latest_time_sec |
| The time of the last packet (seconds) | |
| uint32_t | latest_time_usec |
| The time of the last packet (usec) | |
| uint32_t | initial_packet_len |
| uint8_t * | initial_packet |
| A copy of the packet that caused the vector to be created. | |
Structure to hold a dos attack vector.
This structure is only used when READING the dos record from a file The output vector structure (internal to the plugin) contains much more state
All values are in HOST byte order.
Definition at line 79 of file corsaro_dos.h.
| uint32_t corsaro_dos_attack_vector_in::attack_port_cnt |
Number of ports that alleged attack packets have originated from.
Definition at line 92 of file corsaro_dos.h.
Referenced by corsaro_dos_attack_vector_fprint(), and corsaro_dos_attack_vector_print().
| uint32_t corsaro_dos_attack_vector_in::attacker_ip_cnt |
Number of IP addresses the alleged attack has originated from.
Definition at line 85 of file corsaro_dos.h.
Referenced by corsaro_dos_attack_vector_fprint(), and corsaro_dos_attack_vector_print().
| uint64_t corsaro_dos_attack_vector_in::byte_cnt |
The number of bytes that comprise this vector.
Definition at line 104 of file corsaro_dos.h.
Referenced by corsaro_dos_attack_vector_fprint(), and corsaro_dos_attack_vector_print().
| uint8_t* corsaro_dos_attack_vector_in::initial_packet |
A copy of the packet that caused the vector to be created.
Can be reconstituted into a libtrace packet buffer using corsaro_dos_attack_vector_get_packet
We don't store an actual libtrace packet in here because the libtrace_packet_t structure is very inefficient (64k per packet).
Definition at line 134 of file corsaro_dos.h.
| uint32_t corsaro_dos_attack_vector_in::interval_attacker_ip_cnt |
Number of IP addresses the alleged attack has originated from in the current interval.
Definition at line 89 of file corsaro_dos.h.
Referenced by corsaro_dos_attack_vector_fprint(), and corsaro_dos_attack_vector_print().
| uint32_t corsaro_dos_attack_vector_in::interval_byte_cnt |
The number of bytes added to this vector in the current interval.
Definition at line 107 of file corsaro_dos.h.
Referenced by corsaro_dos_attack_vector_fprint(), and corsaro_dos_attack_vector_print().
| uint32_t corsaro_dos_attack_vector_in::interval_packet_cnt |
The number of packets added to this vector in the current interval.
Definition at line 101 of file corsaro_dos.h.
Referenced by corsaro_dos_attack_vector_fprint(), and corsaro_dos_attack_vector_print().
| uint32_t corsaro_dos_attack_vector_in::latest_time_sec |
The time of the last packet (seconds)
Definition at line 119 of file corsaro_dos.h.
Referenced by corsaro_dos_attack_vector_fprint(), and corsaro_dos_attack_vector_print().
| uint32_t corsaro_dos_attack_vector_in::latest_time_usec |
The time of the last packet (usec)
Definition at line 122 of file corsaro_dos.h.
Referenced by corsaro_dos_attack_vector_fprint(), and corsaro_dos_attack_vector_print().
| uint64_t corsaro_dos_attack_vector_in::max_ppm |
The maximum packet rate observed thus far.
Definition at line 110 of file corsaro_dos.h.
Referenced by corsaro_dos_attack_vector_fprint(), and corsaro_dos_attack_vector_print().
| uint64_t corsaro_dos_attack_vector_in::packet_cnt |
The number of packets that comprise this vector.
Definition at line 98 of file corsaro_dos.h.
Referenced by corsaro_dos_attack_vector_fprint(), and corsaro_dos_attack_vector_print().
| uint32_t corsaro_dos_attack_vector_in::start_time_sec |
The time of the initial packet (seconds)
Definition at line 113 of file corsaro_dos.h.
Referenced by corsaro_dos_attack_vector_fprint(), and corsaro_dos_attack_vector_print().
| uint32_t corsaro_dos_attack_vector_in::start_time_usec |
The time of the initial packet (usec)
Definition at line 116 of file corsaro_dos.h.
Referenced by corsaro_dos_attack_vector_fprint(), and corsaro_dos_attack_vector_print().
| uint32_t corsaro_dos_attack_vector_in::target_ip |
The IP address of the alleged target of the attack.
Definition at line 82 of file corsaro_dos.h.
Referenced by corsaro_dos_attack_vector_fprint(), and corsaro_dos_attack_vector_print().
| uint32_t corsaro_dos_attack_vector_in::target_port_cnt |
Number of ports that alleged attack packets were directed to.
Definition at line 95 of file corsaro_dos.h.
Referenced by corsaro_dos_attack_vector_fprint(), and corsaro_dos_attack_vector_print().
![[CAIDA - Cooperative Association for Internet Data Analysis logo]](http://www.caida.org/images/caida_globe_faded.png)
![[CAIDA]](http://www.caida.org/images/caida_whitewords.png "Go to CAIDA home page"){kind=small}