2019-06-28 03:46:48 +02:00
|
|
|
import Monitor from "./monitor";
|
|
|
|
|
import ipUtils from "../ipUtils";
|
|
|
|
|
import ip from "ip";
|
|
|
|
|
|
|
|
|
|
export default class MonitorHijack extends Monitor {
|
|
|
|
|
|
2019-07-03 01:41:05 +02:00
|
|
|
constructor(name, channel, env){
|
|
|
|
|
super(name, channel, env);
|
2019-06-28 03:46:48 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
updateMonitoredPrefixes = () => {
|
|
|
|
|
this.monitored = this.input.getMonitoredMoreSpecifics();
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
filter = (message) => {
|
|
|
|
|
return message.type === 'announcement';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
squashAlerts = (alerts) => {
|
|
|
|
|
return alerts[0].message;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
monitor = (message) => new Promise((resolve, reject) => {
|
|
|
|
|
|
|
|
|
|
const messagePrefix = message.prefix;
|
|
|
|
|
|
|
|
|
|
let matches = this.monitored.filter(item => {
|
|
|
|
|
return item.prefix === messagePrefix || ip.cidrSubnet(item.prefix).contains(messagePrefix);
|
|
|
|
|
});
|
|
|
|
|
if (matches.length > 1) {
|
|
|
|
|
matches = [matches.sort((a, b) => ipUtils.sortByPrefixLength(a.prefix, b.prefix)).pop()];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (matches.length !== 0) {
|
|
|
|
|
const match = matches[0];
|
|
|
|
|
this.publishAlert(message.originAs + "-" + match.prefix,
|
|
|
|
|
`The prefix ${match.prefix} is announced by the AS${message.originAs} instead of AS${match.asn}`,
|
|
|
|
|
match.asn,
|
2019-06-29 03:35:53 +02:00
|
|
|
{
|
|
|
|
|
rule: matches[0],
|
|
|
|
|
received: message
|
|
|
|
|
});
|
2019-06-28 03:46:48 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resolve(true);
|
|
|
|
|
});
|
|
|
|
|
|
2019-06-14 18:04:20 +02:00
|
|
|
}
|
