Netwave Analyser

The NETWAVE ANALYZER Defense System is designed to provide real-time protection against DDoS (Distributed Denial of Service) attacks, offering live traffic monitoring, automatic IP blocking, geolocation lookup for suspicious traffic, and website protection features. It is implemented using a combination of Python-based GUI automation, proxychains4 for routing traffic, and Scapy for live packet analysis.

User Workflow:

1. Starting the System:Upon launching the defense system, a splash screen greets the user, after which the main interface is shown.
2. Protecting a Website:Users can input their website URL into the "Website Protection" panel and click Protect Webserver. This starts routing traffic through proxychains, offering anonymized protection.
3. Live Traffic Monitoring:Click Start Traffic Monitoring to begin capturing and displaying incoming network traffic. The user can see the details of every packet arriving at the server.
4. Manual IP Blocking:Suspicious IPs detected from the live monitoring can be manually entered into the IP blocking input box. Once blocked, the IP is added to the blocked list and geolocation details are fetched.
5. Automatic Defense Activation:To simulate and defend against DDoS attacks, users can click Activate Automatic Defense. This feature generates malicious traffic and blocks IPs autonomously, providing real-time protection.
6. IP Geolocation Insights:
   Blocking suspicious IPs is enhanced with geolocation data, giving context on where attacks originate from, potentially helping to identify recurring attack sources.

Key Features:

1. Website Protection via Proxychains:Routes web traffic through proxychains4, which offers a load-balanced, anonymized tunnel for web requests.A user can input the website URL hosted on their webserver, and the system will protect it from external threats by routing traffic through proxies.Command Used: proxychains4 curl <website_url>.
2. Live Traffic Monitoring:Monitors network traffic in real-time using the Scapy library.Displays the live packet summary in the interface, helping users track incoming requests to their web server.Automated packet capturing is handled through a background thread, allowing continuous monitoring.Allows the user to see every incoming packet and identify potentially malicious traffic.
3. Manual IP Blocking:Provides a feature for users to manually block suspicious IP addresses.Users can input an IP address to block it using iptables. Once blocked, the IP will be denied access to the webserver.Command Used: sudo iptables -A INPUT -s <ip_address> -j DROP.IP Geolocation Lookup: After an IP is blocked, the system performs a simulated geolocation lookup to display the origin of the IP, including city, region, country, and the organization it belongs to.
4. Automatic Defense (DDoS Protection):The system can automatically generate  traffic to simulate DDoS attacks and block random IP addresses based on pre-defined thresholds.Fake traffic is added to the live monitoring panel, simulating malicious traffic patterns, which are blocked in real-time.This function activates an ongoing protection mode where suspicious traffic is detected and blocked instantly without user intervention.Each blocked IP is logged, and its geolocation is automatically displayed.
5. Geolocation Lookup:Simulates the geolocation lookup of each blocked IP.Provides insight into the location (city, region, country) and organization associated with blocked IPs, which aids in identifying patterns of attacks (e.g., originating from certain regions or networks)