added db based dns spoofing check

README.md

@@ -11,7 +11,7 @@
     - [X] 3. Rate-Based Anomaly Detection
     - [X] 4. Malformed Packet Detection
     - [X] 5. ICMP Flood Detection
-    - [ ] 6. DNS Spoofing Detection
+    - [X] 6. DNS Spoofing Detection
     - [X] 7. ARP Spoofing Detection
     - [ ] 8. Protocol-Specific Anomalies
     - [X] 9. Content-Learning Mismatch

code/src/packet_capturing.py

@@ -147,13 +147,16 @@ def tcp_reset_attack(packet):
 def dns_spoofing(packet):
 	if packet.getlayer(DNS).qr == 1:  # DNS response
 		dns_response = packet.getlayer(DNS)
-		db_conn.contains_address()
 		if dns_response.an is not None:
 			for i in range(dns_response.ancount):
 				dns_rr = dns_response.an[i]
 				if dns_rr.rdata in reserved_ips:
 					print(f"Possible DNS spoofing detected: {dns_rr.rrname} -> {dns_rr.rdata}")
 
+def dns_spoofing_with_db_check(packet):
+	if packet.getlayer(DNS).qr == 1 and db_conn.contains_malicious_address(connection, packet): # DNS response
+		print(f"Possible DNS spoofing: ip address {packet[IP].src} matches a known malicious ip")
+
 # Checks if checksum is corrupted
 def checksum_verification(packet):
 	if IP in packet:
@@ -205,6 +208,7 @@ def packet_handler(packet):
 		tcp_reset_attack(packet)
 	if DNS in packet:
 		dns_spoofing(packet)
+		dns_spoofing_with_db_check(packet)
 	if Raw in packet:
 		payload_pattern_matching(packet)
 		content_length_mismatch(packet)