A lightweight Intrusion Detection System (IDS) built with Python to monitor network traffic and detect potential DoS/DDoS attacks based on request rate per IP.
- 📡 Real-time packet sniffing using Scapy
- 📊 Tracks number of requests per IP address
- 🚨 Detects potential DoS/DDoS attacks
- 🪟 GUI alert system using Tkinter
- ⚡ Multi-threaded for better performance
- The script listens to all incoming IP packets.
- Each packet source IP is tracked.
- Requests are counted per second.
- If a specific IP exceeds the threshold (default: 100 requests/sec), an alert is triggered.
Make sure you have Python 3 installed, then install dependencies:
pip install scapy
⚠️ Note: You may need administrative/root privileges to sniff network traffic.
Run the script:
sudo python plugin.py(Use sudo on Linux/macOS for packet sniffing permissions)
You can adjust detection sensitivity by modifying:
THRESHOLD = 100 # Requests per second- Displays a popup window when suspicious activity is detected
- Prints alert message in the terminal
Example:
Possible DDoS/DoS attack detected!
Source IP: 192.168.1.5
- May produce false positives (e.g. high traffic like downloads or streaming)
- Detects only based on packet rate (not protocol-specific attacks)
- GUI alerts may cause performance issues if triggered frequently
- Requires root/admin privileges
- Detect specific attack types (SYN Flood, UDP Flood)
- Add logging system instead of GUI alerts
- Integrate with firewall to block malicious IPs
- Web dashboard for monitoring
- Port-based filtering
.
├── plugin.py
└── README.md
Belal Eladawy Network Engineer & Security Researcher
This project is open-source and available under the MIT License.
If you find this project useful, consider giving it a star ⭐ on GitHub!