monitors/monitorHijack.js

/*
 * 	BSD 3-Clause License
 *
 * Copyright (c) 2019, NTT Ltd.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 *  Redistributions of source code must retain the above copyright notice, this
 *   list of conditions and the following disclaimer.
 *
 *  Redistributions in binary form must reproduce the above copyright notice,
 *   this list of conditions and the following disclaimer in the documentation
 *   and/or other materials provided with the distribution.
 *
 *  Neither the name of the copyright holder nor the names of its
 *   contributors may be used to endorse or promote products derived from
 *   this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

import Monitor from "./monitor";
import ipUtils from "../ipUtils";
import ip from "ip";

export default class MonitorHijack extends Monitor {

    constructor(name, channel, params, env){
        super(name, channel, params, env);
    };

    updateMonitoredPrefixes = () => {
        this.monitored = this.input.getMonitoredPrefixes();
    };

    filter = (message) => {
        return message.type === 'announcement';
    };

    squashAlerts = (alerts) => {
        return alerts[0].message;
    };

    monitor = (message) =>
        new Promise((resolve, reject) => {

            const messagePrefix = message.prefix;

            let matches = this.monitored.filter(item => {
                const sameOrigin = message.originAs == item.asn;
                return !sameOrigin &&
                    (item.prefix == messagePrefix ||
                    (!item.ignoreMorespecifics && ip.cidrSubnet(item.prefix).contains(messagePrefix)));
            });
            if (matches.length > 1) {
                matches = [matches.sort((a, b) => ipUtils.sortByPrefixLength(a.prefix, b.prefix)).pop()];
            }

            if (matches.length !== 0) {
                const match = matches[0];

                const text = (message.prefix === match.prefix) ?
                    `The prefix ${match.prefix} (${match.description}) is announced by AS${message.originAs} instead of AS${match.asn}` :
                    `A new prefix ${message.prefix} is announced by AS${message.originAs}. ` +
                    `It should be instead ${match.prefix} (${match.description}) announced by AS${match.asn}`;

                this.publishAlert(message.originAs + "-" + message.prefix,
                    text,
                    match.asn,
                    matches[0],
                    message,
                    {});
            }

            resolve(true);
        });

}
added license bsd3 2019-07-10 18:29:01 +02:00			`/*`
			`* BSD 3-Clause License`
			`*`
			`* Copyright (c) 2019, NTT Ltd.`
			`* All rights reserved.`
			`*`
			`* Redistribution and use in source and binary forms, with or without`
			`* modification, are permitted provided that the following conditions are met:`
			`*`
			`* Redistributions of source code must retain the above copyright notice, this`
			`* list of conditions and the following disclaimer.`
			`*`
			`* Redistributions in binary form must reproduce the above copyright notice,`
			`* this list of conditions and the following disclaimer in the documentation`
			`* and/or other materials provided with the distribution.`
			`*`
			`* Neither the name of the copyright holder nor the names of its`
			`* contributors may be used to endorse or promote products derived from`
			`* this software without specific prior written permission.`
			`*`
			`* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"`
			`* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE`
			`* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE`
			`* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE`
			`* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL`
			`* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR`
			`* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER`
			`* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,`
			`* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE`
			`* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.`
			`*/`

fixed alert grouping 2019-06-28 03:46:48 +02:00			`import Monitor from "./monitor";`
			`import ipUtils from "../ipUtils";`
			`import ip from "ip";`

			`export default class MonitorHijack extends Monitor {`

introduced input polymorphism and users groups 2019-07-05 17:06:57 +02:00			`constructor(name, channel, params, env){`
			`super(name, channel, params, env);`
fixed alert grouping 2019-06-28 03:46:48 +02:00			`};`

			`updateMonitoredPrefixes = () => {`
fixed wrong prefix filtering based on more specifics 2019-07-10 18:06:30 +02:00			`this.monitored = this.input.getMonitoredPrefixes();`
fixed alert grouping 2019-06-28 03:46:48 +02:00			`};`

			`filter = (message) => {`
			`return message.type === 'announcement';`
			`};`

			`squashAlerts = (alerts) => {`
			`return alerts[0].message;`
			`};`

introduced test connector, able to replay an arbitrary stream 2019-07-05 12:01:38 +02:00			`monitor = (message) =>`
			`new Promise((resolve, reject) => {`

			`const messagePrefix = message.prefix;`

			`let matches = this.monitored.filter(item => {`
fixed wrong prefix filtering based on more specifics 2019-07-10 18:06:30 +02:00			`const sameOrigin = message.originAs == item.asn;`
			`return !sameOrigin &&`
			`(item.prefix == messagePrefix \|\|`
			`(!item.ignoreMorespecifics && ip.cidrSubnet(item.prefix).contains(messagePrefix)));`
introduced test connector, able to replay an arbitrary stream 2019-07-05 12:01:38 +02:00			`});`
			`if (matches.length > 1) {`
			`matches = [matches.sort((a, b) => ipUtils.sortByPrefixLength(a.prefix, b.prefix)).pop()];`
			`}`

			`if (matches.length !== 0) {`
			`const match = matches[0];`
introduced visibility monitor 2019-07-06 22:40:39 +02:00
			`const text = (message.prefix === match.prefix) ?`
			`The prefix ${match.prefix} (${match.description}) is announced by AS${message.originAs} instead of AS${match.asn}` :
			`A new prefix ${message.prefix} is announced by AS${message.originAs}. ` +
			`It should be instead ${match.prefix} (${match.description}) announced by AS${match.asn}`;

			`this.publishAlert(message.originAs + "-" + message.prefix,`
			`text,`
introduced test connector, able to replay an arbitrary stream 2019-07-05 12:01:38 +02:00			`match.asn,`
introduced input polymorphism and users groups 2019-07-05 17:06:57 +02:00			`matches[0],`
			`message,`
			`{});`
introduced test connector, able to replay an arbitrary stream 2019-07-05 12:01:38 +02:00			`}`

			`resolve(true);`
fixed alert grouping 2019-06-28 03:46:48 +02:00			`});`

init 2019-06-14 18:04:20 +02:00			`}`