#!/usr/bin/perl

# Extract eval.cpp table data from labels.txt for week 2
# Uncomment the appropriate line below for each part

# Copyright (C) 2003, Matt Mahoney.  This program is distributed
# without warranty under terms of the GNU general public license
# See http://www.gnu.org/licenses/gpl.txt

# Classify as probe, DOS, R2L, U2R, data (1000, 2000, 4000, 8000, 10000)
$flags{"ntinfoscan"}="0x01000";
$flags{"pod"}="0x02000";
$flags{"back"}="0x02000";
$flags{"httptunnel"}="0x04000";
$flags{"land"}="0x02000";
$flags{"secret"}="0x10000";
$flags{"ps"}="0x08000";
$flags{"portsweep"}="0x01000";
$flags{"eject"}="0x08000";
$flags{"loadmodule"}="0x08000";
$flags{"mailbomb"}="0x02000";
$flags{"ipsweep"}="0x01000";
$flags{"phf"}="0x04000";
$flags{"satan"}="0x01000";
$flags{"perl"}="0x08000";
$flags{"crashiis"}="0x02000";
$flags{"neptune"}="0x02000";
$flags{"ftpwrite"}="0x04000";

$id=202;
while (<>) {

  # Find lines describing attack segments
  if (($month,$day,$hour,$min,$sec,$ip3,$ip2,$ip1,$ip0,$name)=
    /(\d\d)\/(\d\d)\/1999 (\d\d):(\d\d):(\d\d) +(172|192)\.(0*1|0*16|168)\.(\d+)\.(\*|\d+) *1 ([a-z]*\w+)/) {
    $start=(((($month-2)*31+$day)*24+$hour)*60+$min)*60+$sec;
    $ip=(($ip3*256+$ip2)*256+$ip1)*256+$ip0;

    # Uncomment to print attack data
#    printf("{%3d,%s,\"2%d.%02d%02d%02d %s\"},\n", $id++, $flags{$name}, $day-7, $hour, $min, $sec, $name);

    # Uncomment to print attack segment data
#    printf("{%3d,0x%08X,%d,%d},\n", $id++, $ip, $start, $start+1);
  }
}