j Part $1$: PortScanner Detector

Task: Create a tool that records and analyzes first$-$contact connection requests $($ to $)$ within a LAN, including self$-$initiated scans.

Data Management: Use a Python dictionary to log these first$-$contact requests with their timestamps. Entries older than $10$ minutes should be continuously cleared.

Analysis: Calculate the "fan$-$out rate" for each source IP$,$ which is defined as the rate of establishing first$-$contact connections. Calculate this rate over three intervals: per second, per minute, and per $5$ minutes.

Detection Criteria: A source IP is flagged as a port scanner if its fan$-$out rate exceeds any of the following thresholds: $5$ per second, $100$ per minute, or $300$ per $5$ minutes.

Output: For each detected port scanner, display the source IP$,$ average fan$-$out rates, and the specific reason for detection.

Example Output:

A scanner detected on source IP x

avg. fan$-$out per sec: y$,$ avg fan$-$out per min: z$,$ fan$-$out per $5$min: d

reason for detection: fan$-$out rate per sec $=6($must be less than $5).$

Part $2$: PortScanner Update

Task: Modify the port scanner developed in Lab $2$ to accept a waiting time $($in milliseconds$)$ between each scan to different destinations. Also, enhance it to scan a range of network addresses $($CIDR notation$).$

Functionality: The updated scanner should adhere to the specified waiting time between consecutive scans.

Part $3$: Testing Environment Setup

Configuration: Utilize two Kali VMs $($one original, one copy$)$ in the same LAN $(192\mathrm{.}168\mathrm{.}10\mathrm{.}0/24).$ Designate one VM for defense and the other for attacks.

Execution: Run the PortScanner Detector on the defense VM and execute the updated port scanner on the attack VM under five different waiting times $(1$ ms$,0\mathrm{.}5$s$,1$s$,5$s$,10$s$).$ Collect your results under each of these five scenarios.