function UpdateDNSCache($db)
{
global $debug_mode, $dns_cache_lifetime;
$cnt = 0;
$ip_result = $db->baseExecute("SELECT DISTINCT ip_src FROM acid_event " . "LEFT JOIN acid_ip_cache ON ipc_ip = ip_src " . "WHERE ipc_fqdn IS NULL");
while (($row = $ip_result->baseFetchRow()) != NULL) {
//if ($debug_mode > 0) echo $row[0] . " - " . baseLong2IP($row[0]) . "<BR>";
baseGetHostByAddr(baseLong2IP($row[0]), $db, $dns_cache_lifetime);
++$cnt;
}
$ip_result->baseFreeRows();
$ip_result = $db->baseExecute("SELECT DISTINCT ip_dst FROM acid_event " . "LEFT JOIN acid_ip_cache ON ipc_ip = ip_dst " . "WHERE ipc_fqdn IS NULL");
while (($row = $ip_result->baseFetchRow()) != NULL) {
//if ($debug_mode > 0) echo $row[0] . " - " . baseLong2IP($row[0]) . "<BR>";
baseGetHostByAddr(baseLong2IP($row[0]), $db, $dns_cache_lifetime);
++$cnt;
}
$ip_result->baseFreeRows();
ErrorMessage(gettext("Added ") . $cnt . gettext(" hostnames to the IP DNS cache"));
}
$(document).ready(function(){
$('.flnk').on('click', function(){
setTimeout('parent.GB_hide(paramns)', 250);
});
});
</script>
<FORM METHOD="POST" ACTION="base_stat_ipaddr.php">
<?php
/* Print the Statistics the IP address */
echo ' <p align="CENTER">FQDN: <B>';
if ($resolve_IP == 0) {
echo ' (' . gettext("no DNS resolution attempted") . ')';
} else {
if ($ip != "255.255.255.255") {
echo baseGetHostByAddr(Util::htmlentities($ip), '', $db);
} else {
echo Util::htmlentities($ip) . ' (Broadcast)';
}
}
//if (VerifySocketSupport()) echo ' ( <A HREF="base_stat_ipaddr.php?ip=' . $ip . '&netmask=' . $netmask . '&action=whois">local whois</A> )';
echo '</B></p>
<TABLE BORDER=0 class="table_list" style="width:90%">
<TR>
<TD CLASS="headerbasestat uppercase">' . gettext("Devices #") . '</TD>
<TD CLASS="headerbasestat uppercase">' . gettext("Src Occurances #") . '</TD>
<TD CLASS="headerbasestat uppercase">' . gettext("Dst Occurances #") . '</TD>
<TD CLASS="headerbasestat uppercase">' . gettext("First Event Date") . '</TD>
<TD CLASS="headerbasestat uppercase">' . gettext("Last Event Date") . '</TD>
</TR>';
/* Number of Sensors, First, and Last timestamp */
$_conn = $dbo->custom_connect($_SESSION["server"][0], $_SESSION["server"][2], $_SESSION["server"][3]);
} else {
$_conn = $dbo->connect();
}
while (($myrow = $result->baseFetchRow()) && $i < $qs->GetDisplayRowCnt()) {
$sip = $myrow[0];
$ip_sip = inet_ntop($sip);
$dip = $myrow[1];
$ip_dip = inet_ntop($dip);
$src_host = $myrow[7];
$dst_host = $myrow[8];
$proto = $myrow[2];
$ctx = $myrow[3];
if ($fqdn == "yes") {
$sip_fqdn = baseGetHostByAddr($ip_sip, $ctx, $db);
$dip_fqdn = baseGetHostByAddr($ip_dip, $ctx, $db);
}
/* Get stats on the link */
if ($sip && $dip) {
#$temp = "SELECT COUNT(DISTINCT layer4_dport), " . "COUNT(acid_event.cid), COUNT(DISTINCT acid_event.signature) " . $from . $where . " AND acid_event.ip_src='" . $sip . "' AND acid_event.ip_dst='" . $dip . "' AND acid_event.ip_proto='" . $proto . "'";
#$result2 = $db->baseExecute($temp);
#$row = $result2->baseFetchRow();
#$num_occurances = $row[1];
#$num_unique_dport = $row[0];
#$num_unique = $row[2];
#$result2->baseFreeRows();
$num_unique_dport = $myrow[4];
$num_occurances = $myrow[5];
$num_unique = $myrow[6];
/* Print out */
qroPrintEntryHeader($i);
$country_name = geoip_country_name_by_addr($gi, $currentIP);
$homelan = ($match_cidr = Net::is_ip_in_cache_cidr($_conn, $currentIP)) || in_array($currentIP, $hosts_ips) ? " <a href='javascript:;' class='scriptinfo' style='text-decoration:none' ip='{$currentIP}'><img src=\"" . Host::get_homelan_icon($currentIP, $icons, $match_cidr, $_conn) . "\" border=0></a>" : "";
if ($country) {
$country_img = " <img src=\"/ossim/pixmaps/flags/" . $country . ".png\" title=\"" . $country_name . "\">";
$slnk = $current_url . "/pixmaps/flags/" . $country . ".png";
} else {
$country_img = "";
$slnk = $homelan != "" ? $current_url . "/forensics/images/homelan.png" : "";
}
$sip_aux = $sensors[$currentIP] != "" ? $sensors[$currentIP] : ($hosts[$currentIP] != "" ? $hosts[$currentIP] : $currentIP);
$div = '<div id="' . $currentIP . ';' . $ip_aux . '" class="HostReportMenu">';
$bdiv = '</div>';
qroPrintEntry($div . BuildAddressLink($currentIP, 32) . $currentIP . '</A> ' . $country_img . $homelan . $bdiv, 'center', '', 'nowrap');
}
if ($resolve_IP == 1) {
qroPrintEntry(' ' . baseGetHostByAddr($currentIP, $db, $dns_cache_lifetime) . ' ');
}
/* Print # of Occurances */
$tmp_iplookup = 'base_qry_main.php?num_result_rows=-1' . '&submit=' . gettext("Query+DB") . '&current_view=-1';
$tmp_iplookup2 = 'base_stat_alerts.php?num_result_rows=-1' . '&submit=' . gettext("Query+DB") . '&current_view=-1&sort_order=occur_d';
if ($addr_type == 1) {
if ($no_ip) {
$url_criteria = BuildSrcIPFormVars(NULL_IP);
} else {
$url_criteria = BuildSrcIPFormVars($currentIP);
}
} else {
if ($addr_type == 2) {
if ($no_ip) {
$url_criteria = BuildDstIpFormVars(NULL_IP);
} else {
$geo_info = Asset_host::get_extended_location($_conn, $geoloc, $currentIP);
if ($geo_info['html_icon'] != '') {
$country_img = $geo_info['html_icon'] . ' ';
$slnk = $current_url . preg_replace("/.*src\\='\\/ossim([^']+)'.*/", "\\1", $country_img);
} else {
$country_img = "";
$slnk = "";
}
$div = '<div id="' . $currentIP . ';' . $currentIP . ';' . $host_id . '" ctx="' . (Session::show_entities() ? $ctx : Session::get_default_ctx()) . '" class="HostReportMenu" style="padding:0px 0px 0px 25px">';
//'.getrepbgcolor($prio,1).'
$bdiv = '</div>';
qroPrintEntry($div . $country_img . " " . BuildAddressLink($currentIP, 32) . $currentIP . '</A> ' . $bdiv, 'left', '', 'nowrap');
qroPrintEntry(getrepimg($prio, $rel, $act, $currentIP), "center", "middle");
}
if ($resolve_IP == 1) {
qroPrintEntry(' ' . baseGetHostByAddr($currentIP, $ctx, $db) . ' ');
}
/* Print # of Occurances */
$tmp_iplookup = 'base_qry_main.php?num_result_rows=-1' . '&submit=' . gettext("Query DB") . '&current_view=-1';
$tmp_iplookup2 = 'base_stat_alerts.php?num_result_rows=-1' . '&submit=' . gettext("Query DB") . '&current_view=-1&sort_order=occur_d';
if ($addr_type == 1) {
if ($no_ip) {
$url_criteria = BuildSrcIPFormVars(NULL_IP);
} else {
$url_criteria = BuildSrcIPFormVars($currentIP);
}
} else {
if ($addr_type == 2) {
if ($no_ip) {
$url_criteria = BuildDstIpFormVars(NULL_IP);
} else {
echo '<TR>';
if ($ICMPitype == "5") {
echo '<TD class="plfield">';
echo '<A HREF="base_stat_ipaddr.php?ip=' . $gateway . '&netmask=32" TARGET="_PL_SIP">' . $gateway . '</A></TD>';
echo '<TD class="plfield">' . baseGetHostByAddr($gateway, $ctx, $db) . '</TD>';
}
echo '<TD class="plfield">' . Protocol::get_protocol_by_number($icmp_proto, TRUE) . '</TD>';
echo '<TD class="plfield">';
echo '<A HREF="base_stat_ipaddr.php?ip=' . $icmp_src . '&netmask=32" TARGET="_PL_SIP">' . $icmp_src . '</A></TD>';
echo '<TD class="plfield">' . baseGetHostByAddr($icmp_src, $ctx, $db) . '</TD>';
if ($icmp_proto == "6" || $icmp_proto == "17") {
echo '<TD class="plfield">' . $icmp_src_port . '</TD>';
}
echo '<TD class="plfield">';
echo '<A HREF="base_stat_ipaddr.php?ip=' . $icmp_dst . '&netmask=32" TARGET="_PL_DIP">' . $icmp_dst . '</A></TD>';
echo '<TD class="plfield">' . baseGetHostByAddr($icmp_dst, $ctx, $db) . '</TD>';
if ($icmp_proto == "6" || $icmp_proto == "17") {
echo '<TD class="plfield">' . $icmp_dst_port . '</TD>';
}
echo '</TR>';
echo '</TABLE>';
}
}
} else {
/* Don't have payload so lets print out why by checking the detail level */
/* if have fast detail level */
echo '<div class="siem_detail_dark">';
if ($detail == "0") {
echo '<BR>   <I>' . _("Fast logging used -i so payload was discarded") . '</I><BR>';
} else {
echo '<div class="siem_detail_payloadnone">' . _("none") . '</div>';
echo '<TR>';
if ($ICMPitype == "5") {
echo '<TD class="plfield">';
echo '<A HREF="base_stat_ipaddr.php?ip=' . $gateway . '&netmask=32" TARGET="_PL_SIP">' . $gateway . '</A></TD>';
echo '<TD class="plfield">' . baseGetHostByAddr($gateway, $db, $dns_cache_lifetime) . '</TD>';
}
echo '<TD class="plfield">' . IPProto2Str($icmp_proto) . '</TD>';
echo '<TD class="plfield">';
echo '<A HREF="base_stat_ipaddr.php?ip=' . $icmp_src . '&netmask=32" TARGET="_PL_SIP">' . $icmp_src . '</A></TD>';
echo '<TD class="plfield">' . baseGetHostByAddr($icmp_src, $db, $dns_cache_lifetime) . '</TD>';
if ($icmp_proto == "6" || $icmp_proto == "17") {
echo '<TD class="plfield">' . $icmp_src_port . '</TD>';
}
echo '<TD class="plfield">';
echo '<A HREF="base_stat_ipaddr.php?ip=' . $icmp_dst . '&netmask=32" TARGET="_PL_DIP">' . $icmp_dst . '</A></TD>';
echo '<TD class="plfield">' . baseGetHostByAddr($icmp_dst, $db, $dns_cache_lifetime) . '</TD>';
if ($icmp_proto == "6" || $icmp_proto == "17") {
echo '<TD class="plfield">' . $icmp_dst_port . '</TD>';
}
echo '</TR>';
echo '</TABLE>';
}
}
} else {
/* Don't have payload so lets print out why by checking the detail level */
/* if have fast detail level */
if ($detail == "0") {
echo '<BR>   <I>' . gettext("Fast logging used -i so payload was discarded") . '</I><BR>';
} else {
echo '<BR>   <I>' . gettext("none") . ' </I><BR>';
}
//$conn_object = $db_object->connect();
echo '<CENTER><B>' . $ip . '</B> ( ';
?>
<a href="<?php
echo Sensor::get_sensor_link($conn_object, $ip) . "/{$ip}.html";
?>
">See host Detail</a>
<?php
$db_object->close($conn_object);
echo ') <BR>FQDN: <B>';
if ($resolve_IP == 0) {
echo ' (' . gettext("no DNS resolution attempted") . ')';
} else {
if ($ip != "255.255.255.255") {
echo baseGetHostByAddr($ip, $db, $dns_cache_lifetime);
} else {
echo $ip . ' (Broadcast)';
}
}
if (VerifySocketSupport()) {
echo ' ( <A HREF="base_stat_ipaddr.php?ip=' . $ip . '&netmask=' . $netmask . '&action=whois">local whois</A> )';
}
echo '</B>
<TABLE BORDER=0>
<TR>
<TD CLASS="headerbasestat">' . gettext("Num of <BR>Sensors") . '</TD>
<TD CLASS="headerbasestat">' . gettext("Occurances <BR>as Src.") . '</TD>
<TD CLASS="headerbasestat">' . gettext("Occurances <BR>as Dest.") . '</TD>
<TD CLASS="headerbasestat">' . gettext("First<BR> Occurrence") . '</TD>
<TD CLASS="headerbasestat">' . gettext("Last<BR> Occurrence") . '</TD>
$cell_data['IP_PORTDST'] = $div . '<A class="trlnk" alt="' . $current_dip . '" title="' . $current_dip . '" HREF="base_qry_main.php?new=2&hmenu=Forensics&smenu=Forensics&num_result_rows=-1&submit=Query+DB¤t_view=-1&ip_addr_cnt=1&sort_order=time_d&ip_addr%5B0%5D%5B0%5D=+&ip_addr%5B0%5D%5B1%5D=ip_dst&ip_addr%5B0%5D%5B2%5D=%3D&ip_addr%5B0%5D%5B3%5D=' . $current_dip . '&ip_addr%5B0%5D%5B8%5D=+">' . $dip_aux . '</A><FONT SIZE="-1">' . $current_dport . '</FONT>' . $country_img . $homelan . $bdiv;
$cell_pdfdata['IP_PORTDST'] = $dip_aux . $current_dport . $dlnk;
$cell_data['IP_DST'] = $current_dip . $country_img . $homelan;
$cell_data['PORT_DST'] = str_replace(":", "", $current_dport);
//qroPrintEntry($div.'<A HREF="base_stat_ipaddr.php?ip=' . $current_dip . '&netmask32">' . $dip_aux . '</A><FONT SIZE="-1">' . $current_dport . '</FONT>' . $country_img . $homelan . $bdiv, 'center', 'top', 'nowrap');
} else {
//qroPrintEntry('<A HREF="' . $BASE_urlpath . '/help/base_app_faq.php#1">' . gettext("unknown") . '</A>');
$cell_data['IP_PORTDST'] = '<A class="trlnk" HREF="' . $BASE_urlpath . '/help/base_app_faq.php#1">' . gettext("unknown") . '</A>';
$cell_data['IP_DST'] = gettext("unknown");
$cell_data['PORT_DST'] = gettext("unknown");
}
$cell_align['IP_PORTDST'] = "center";
$cell_align['IP_DST'] = "center";
$cell_align['PORT_DST'] = "center";
if (in_array("IP_DST_FQDN", $_SESSION['views'][$_SESSION['current_cview']]['cols'])) {
$cell_data['IP_DST_FQDN'] = baseGetHostByAddr($current_dip, $db, $dns_cache_lifetime);
}
// 7- Asset
//qroPrintEntry("<img src=\"bar2.php?value=" . $current_oasset_s . "&value2=" . $current_oasset_d . "&max=5\" border='0' align='absmiddle' title='$current_oasset_s -> $current_oasset_d'> ");
$cell_data['ASSET'] = "<img src=\"bar2.php?value=" . $current_oasset_s . "&value2=" . $current_oasset_d . "&max=5\" border='0' align='absmiddle' title='{$current_oasset_s} -> {$current_oasset_d}'> ";
$cell_pdfdata['ASSET'] = "<img src='" . $current_url . "/forensics/bar2.php?value=" . $current_oasset_s . "&value2=" . $current_oasset_d . "&max=5' border='0' align='absmiddle' style='width:10mm'>";
$cell_align['ASSET'] = "center";
$current_orisk = $current_dip != "255.255.255.255" ? $current_oriska : $current_oriskc;
/*if ($current_dip != "255.255.255.255") {
qroPrintEntry("<img src=\"bar.php?value=" . $current_oasset_d . "&max=5\" border='0' align='absmiddle'> ");
$current_orisk = $current_oriska;
} else {
qroPrintEntry("<img src=\"bar.php?value=" . $current_oasset_s . "&max=5\" border='0' align='absmiddle'> ");
$current_orisk = $current_oriskc;
}*/
// 8- Priority
$report_data = array();
// data to fill report_data
if (is_array($_SESSION["server"]) && $_SESSION["server"][0] != "") {
$_conn = $dbo->custom_connect($_SESSION["server"][0], $_SESSION["server"][2], $_SESSION["server"][3]);
} else {
$_conn = $dbo->connect();
}
while (($myrow = $result->baseFetchRow()) && $i < $qs->GetDisplayRowCnt()) {
$sip = $myrow[0];
$ip_sip = baseLong2IP($sip);
$dip = $myrow[1];
$ip_dip = baseLong2IP($dip);
$proto = $myrow[2];
if ($fqdn == "yes") {
$sip_fqdn = baseGetHostByAddr($ip_sip, $db, $dns_cache_lifetime);
$dip_fqdn = baseGetHostByAddr($ip_dip, $db, $dns_cache_lifetime);
}
/* Get stats on the link */
if ($sip && $dip) {
#$temp = "SELECT COUNT(DISTINCT layer4_dport), " . "COUNT(acid_event.cid), COUNT(DISTINCT acid_event.signature) " . $from . $where . " AND acid_event.ip_src='" . $sip . "' AND acid_event.ip_dst='" . $dip . "' AND acid_event.ip_proto='" . $proto . "'";
#$result2 = $db->baseExecute($temp);
#$row = $result2->baseFetchRow();
#$num_occurances = $row[1];
#$num_unique_dport = $row[0];
#$num_unique = $row[2];
#$result2->baseFreeRows();
$num_occurances = $myrow[4];
$num_unique_dport = $myrow[3];
$num_unique = $myrow[5];
/* Print out */
qroPrintEntryHeader($i);
$cell_data['IP_PORTDST'] = $div . $dst_img . " " . $dip_lnk . " " . $rep_dst_icon . $bdiv;
$cell_pdfdata['IP_PORTDST'] = $dst_name . $current_dport;
$cell_more['IP_PORTDST'] = preg_match("/\\d+\\.\\d+\\.\\d+\\.\\d+/", $cell_data['IP_PORTSRC']) ? "nowrap" : "";
$cell_data['IP_DST'] = $dst_img . " " . ($homelan_dst ? "<b>{$current_dip}</b>" : $current_dip) . " " . $rep_dst_icon;
$cell_pdfdata['IP_DST'] = $current_dip;
$cell_data['PORT_DST'] = str_replace(":", "", $current_dport);
} else {
$cell_data['IP_PORTDST'] = gettext("unknown");
$cell_data['IP_DST'] = gettext("unknown");
$cell_data['PORT_DST'] = gettext("unknown");
}
$cell_align['IP_PORTDST'] = "left";
$cell_align['IP_DST'] = "left";
$cell_align['PORT_DST'] = "center";
if (in_array("IP_DST_FQDN", $_SESSION['views'][$_SESSION['current_cview']]['cols'])) {
$cell_data['IP_DST_FQDN'] = baseGetHostByAddr($current_dip, $ctx, $db);
$cell_align['IP_DST_FQDN'] = "center";
}
// 7- Asset
//qroPrintEntry("<img src=\"bar2.php?value=" . $current_oasset_s . "&value2=" . $current_oasset_d . "&max=5\" border='0' align='absmiddle' title='$current_oasset_s -> $current_oasset_d'> ");
$cell_data['ASSET'] = "<img src=\"bar2.php?value=" . $current_oasset_s . "&value2=" . $current_oasset_d . "&max=5\" border='0' align='absmiddle' title='{$current_oasset_s} -> {$current_oasset_d}'>";
$cell_pdfdata['ASSET'] = "<img src='" . $current_url . "/forensics/bar2.php?value=" . $current_oasset_s . "&value2=" . $current_oasset_d . "&max=5' border='0' align='absmiddle' style='width:10mm'>";
$cell_align['ASSET'] = "center";
$current_orisk = $current_dip != "255.255.255.255" ? $current_oriska : $current_oriskc;
/*if ($current_dip != "255.255.255.255") {
qroPrintEntry("<img src=\"bar.php?value=" . $current_oasset_d . "&max=5\" border='0' align='absmiddle'> ");
$current_orisk = $current_oriska;
} else {
qroPrintEntry("<img src=\"bar.php?value=" . $current_oasset_s . "&max=5\" border='0' align='absmiddle'> ");
$current_orisk = $current_oriskc;
}*/
