Changeset 1201
- Timestamp:
- 04/04/07 18:47:08 (1 year ago)
- Files:
-
- honeytrap/trunk/ChangeLog (modified) (1 diff)
- honeytrap/trunk/Makefile.am (modified) (1 diff)
- honeytrap/trunk/TODO (modified) (1 diff)
- honeytrap/trunk/configure.in (modified) (1 diff)
- honeytrap/trunk/src/Makefile.am (modified) (2 diffs)
- honeytrap/trunk/src/attack.c (modified) (5 diffs)
- honeytrap/trunk/src/attack.h (modified) (3 diffs)
- honeytrap/trunk/src/dynsrv.c (modified) (3 diffs)
- honeytrap/trunk/src/logging.c (modified) (2 diffs)
- honeytrap/trunk/src/logging.h (modified) (1 diff)
- honeytrap/trunk/src/md5.c (modified) (2 diffs)
- honeytrap/trunk/src/md5.h (modified) (1 diff)
- honeytrap/trunk/src/modules/Makefile.in (modified) (6 diffs)
- honeytrap/trunk/src/modules/htm_SpamSum.c (modified) (2 diffs)
- honeytrap/trunk/src/modules/htm_SpamSum.h (modified) (1 diff)
- honeytrap/trunk/src/modules/htm_aSavePostgres.c (added)
- honeytrap/trunk/src/modules/htm_aSavePostgres.h (added)
- honeytrap/trunk/src/modules/htm_ftpDownload.c (modified) (9 diffs)
- honeytrap/trunk/src/modules/htm_ftpDownload.h (modified) (1 diff)
- honeytrap/trunk/src/modules/htm_tftpDownload.c (modified) (2 diffs)
- honeytrap/trunk/src/modules/htm_tftpDownload.h (modified) (1 diff)
- honeytrap/trunk/src/nfqmon.c (modified) (1 diff)
- honeytrap/trunk/src/readconf.c (modified) (1 diff)
- honeytrap/trunk/src/sha512.c (added)
- honeytrap/trunk/src/sha512.h (added)
- honeytrap/trunk/src/signals.c (modified) (1 diff)
- honeytrap/trunk/src/tcp.c (modified) (3 diffs)
- honeytrap/trunk/src/udp.c (modified) (3 diffs)
- honeytrap/trunk/src/util.c (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
honeytrap/trunk/ChangeLog
r1131 r1201 1 Version 0.7.0 2 - PostgreSQL module for commits into mwcollect database 3 - SHA512 hash support 4 - Performance improvements 5 - Improved connection request handling in the nfq stream monitor 6 - FTP download plugin is now source-based routing safe 1 7 Version 0.6.5 2 8 - Introduced an nfnetlink_queue-based connection monitor honeytrap/trunk/Makefile.am
r1088 r1201 12 12 13 13 $(INSTALL_DATA) etc/honeytrap.conf.dist $(DESTDIR)/$(sysconfdir)/honeytrap/honeytrap.conf.dist 14 $(INSTALL_DATA) etc/honeytrap.conf.dist $(DESTDIR)/$(sysconfdir)/honeytrap/honeytrap.conf14 test -f $(DESTDIR)/$(sysconfdir)/honeytrap/honeytrap.conf || $(INSTALL_DATA) etc/honeytrap.conf.dist $(DESTDIR)/$(sysconfdir)/honeytrap/honeytrap.conf 15 15 $(INSTALL_DATA) etc/ports.conf.dist $(DESTDIR)/$(sysconfdir)/honeytrap/ports.conf.dist 16 16 $(INSTALL_DATA) etc/responses/* $(DESTDIR)/$(sysconfdir)/honeytrap/responses honeytrap/trunk/TODO
r1101 r1201 9 9 10 10 -- Future plans ------------------------------------------------------- 11 o optional syslog support12 11 o dump attack data into MySQL and Postgres databases 13 o support approximate string matching (i.e. via edit distance) for 14 new records (command line tool is included, port it into a module?) 15 o add nfqueue and ipfw connection monitors 12 o add ipfw connection monitors honeytrap/trunk/configure.in
r1131 r1201 18 18 AC_PROG_LIBTOOL 19 19 if test -n "$GCC"; then 20 CFLAGS="$CFLAGS -Wall 20 CFLAGS="$CFLAGS -Wall" 21 21 fi 22 22 honeytrap/trunk/src/Makefile.am
r1131 r1201 1 1 AUTOMAKE_OPTIONS=foreign no-dependencies 2 2 3 AM_CFLAGS=-export-dynamic 3 AM_CFLAGS=-export-dynamic -Wall -Werror 4 4 5 5 sbin_PROGRAMS = honeytrap … … 23 23 udp.c udp.h \ 24 24 proxy.c proxy.h \ 25 sha512.c sha512.h \ 25 26 md5.c md5.h 26 27 honeytrap/trunk/src/attack.c
r1126 r1201 30 30 #include "response.h" 31 31 #include "md5.h" 32 #include "sha512.h" 32 33 #include "proxy.h" 33 34 #include "plughook.h" … … 46 47 a->a_conn.r_port = r_port; 47 48 a->a_conn.protocol = proto; 49 a->dl_count = 0; 50 // memset(a->download, 0, sizeof(struct s_download)); 51 a->download = NULL; 48 52 if (time(&(a->start_time)) == ((time_t)-1)) 49 53 logmsg(LOG_WARN, 1, "Warning - Could not set attack start time: %s.\n", strerror(errno)); … … 73 77 } 74 78 75 memcpy(a->a_conn.payload.chksum, (char*)mem_md5sum(a->a_conn.payload.data, a->a_conn.payload.size), 33); 79 memcpy(a->a_conn.payload.sha512sum, mem_sha512sum(a->a_conn.payload.data, a->a_conn.payload.size), 129); 80 memcpy(a->a_conn.payload.md5sum, mem_md5sum(a->a_conn.payload.data, a->a_conn.payload.size), 33); 76 81 /* mirror string */ 77 82 a->p_conn.payload.size = p_size; … … 80 85 memcpy(a->p_conn.payload.data, p_data, p_size); 81 86 } 82 memcpy((char *) &(a->p_conn.payload. chksum),87 memcpy((char *) &(a->p_conn.payload.md5sum), 83 88 (char *) mem_md5sum(a->p_conn.payload.data, a->p_conn.payload.size), 32); 84 89 … … 100 105 return(1); 101 106 } 107 108 /* add a downloaded file to the attack instance */ 109 int add_download(const char *dl_type, const uint32_t r_addr, const uint16_t r_port, const char *user, const char *pass, const char *filename, const u_char *data, const u_int32_t size, Attack *a) { 110 if ((data == NULL) || (!size)) return(0); 111 112 if (a == NULL) { 113 logmsg(LOG_ERR, 1, "Error - Could not add download: No attack record given.\n"); 114 return(-1); 115 } 116 117 if ((a->download = realloc(a->download, a->dl_count + 1)) == NULL) { 118 logmsg(LOG_ERR, 1, "Error - Unable to allocate memory: %s.\n", strerror(errno)); 119 return(-1); 120 } 121 122 if (((a->download[a->dl_count].dl_type = strdup(dl_type)) == NULL) || 123 ((a->download[a->dl_count].user = strdup(user)) == NULL) || 124 ((a->download[a->dl_count].pass = strdup(pass)) == NULL) || 125 ((a->download[a->dl_count].filename = strdup(filename)) == NULL) || 126 ((a->download[a->dl_count].dl_payload.data = (u_char *) malloc(size)) == NULL)) { 127 logmsg(LOG_ERR, 1, "Error - Unable to allocate memory: %s.\n", strerror(errno)); 128 free(a->download[a->dl_count].dl_type); 129 free(a->download[a->dl_count].user); 130 free(a->download[a->dl_count].pass); 131 free(a->download[a->dl_count].filename); 132 free(a->download[a->dl_count].dl_payload.data); 133 return(-1); 134 } 135 memcpy(a->download[a->dl_count].dl_payload.data, data, size); 136 memcpy(a->download[a->dl_count].dl_payload.md5sum, mem_md5sum(a->download->dl_payload.data, size), 33); 137 memcpy(a->download[a->dl_count].dl_payload.sha512sum, mem_sha512sum(a->download->dl_payload.data, size), 129); 138 139 a->download[a->dl_count].dl_payload.size = size; 140 a->download[a->dl_count].r_addr = r_addr; 141 a->download[a->dl_count].r_port = r_port; 142 a->dl_count++; 143 144 logmsg(LOG_DEBUG, 1, "%d. malware download added to attack record.\n", a->dl_count); 145 146 return(0); 147 } honeytrap/trunk/src/attack.h
r1119 r1201 17 17 18 18 struct s_payload { 19 uint32_t size; 20 char chksum[33]; /* md5 checksum */ 21 u_char *data; 19 uint32_t size; /* length of attack string */ 20 char md5sum[33]; /* md5 checksum */ 21 char sha512sum[129]; /* sha512 checksum */ 22 u_char *data; /* attack string */ 22 23 }; 23 24 … … 31 32 }; 32 33 34 struct s_download { 35 char *dl_type; /* (FTP, TFTP, VNC, ...) */ 36 uint32_t r_addr; /* remote IP address */ 37 uint16_t r_port; /* remote port */ 38 uint16_t protocol; /* protocol as in IP header */ 39 char *user; /* username for download connection */ 40 char *pass; /* user's password */ 41 char *filename; /* filename of download */ 42 struct s_payload dl_payload; /* downloaded data */ 43 }; 44 33 45 typedef struct s_attack { 34 time_t start_time; /* time of attack start */ 35 time_t end_time; /* time of attack end */ 36 struct s_conn a_conn; /* attack connection */ 37 struct s_conn p_conn; /* proxy/mirror connection */ 38 u_char op_mode; /* mode of operation (none, ignore, normal, proxy, mirror) */ 46 time_t start_time; /* time of attack start */ 47 time_t end_time; /* time of attack end */ 48 struct s_conn a_conn; /* attack connection */ 49 struct s_conn p_conn; /* proxy/mirror connection */ 50 u_char op_mode; /* mode of operation (none, ignore, normal, proxy, mirror) */ 51 uint16_t dl_count; /* number of downloads */ 52 // struct s_download download[]; /* array of download structs */ 53 struct s_download *download; /* array of download structs */ 39 54 } Attack; 40 55 … … 42 57 Attack *new_attack(struct in_addr l_addr, struct in_addr r_addr, uint16_t l_port, uint16_t r_port, uint16_t proto); 43 58 int process_data(u_char *a_data, uint32_t a_size, u_char *p_data, uint32_t p_size, uint16_t port, Attack *a); 44 59 int add_download(const char *dl_type, const uint32_t r_addr, const uint16_t r_port, const char *user, const char *pass, const char *filename, const u_char *data, const u_int32_t size, Attack *a); 45 60 46 61 #endif honeytrap/trunk/src/dynsrv.c
r1131 r1201 87 87 proxy_sock_fd = -1; 88 88 proxy_this = 0; 89 mirror_this = 1;89 mirror_this = 0; 90 90 established = 0; 91 91 port_mode = PORTCONF_IGNORE; … … 118 118 119 119 #ifndef USE_IPQ_MON 120 #ifndef USE_NFQ_MON 120 121 /* don't need root privs any more */ 121 122 drop_privileges(); 122 123 logmsg(LOG_DEBUG, 1, "Server is now running with user id %d and group id %d.\n", getuid(), getgid()); 124 #endif 123 125 #endif 124 126 … … 151 153 * Just do it in the stream monitor 152 154 */ 153 //nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);155 nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL); 154 156 155 157 /* don't need root privs any more */ honeytrap/trunk/src/logging.c
r1097 r1201 22 22 23 23 24 char *log_time(char ltime[20]) {25 time_t timeval;26 27 time(&timeval);28 strftime(ltime, 50, "%F %T", localtime(&timeval));29 return(ltime);30 }31 32 33 24 void logmsg(int level, int add_time, const char *format, ...) { 34 25 char logline[LOGLINE_SIZE]; 35 26 va_list ap; 36 27 int bytes_written, logline_size; 28 time_t timeval; 37 29 38 30 if(level <= log_level) { … … 40 32 va_start(ap, format); 41 33 if (add_time) { 42 snprintf(logline, 24, "[%s] ", log_time(ltime)); 34 time(&timeval); 35 strftime(logline, 23, "[%F %T] ", localtime(&timeval)); 43 36 if (log_level == LOG_DEBUG) 44 37 snprintf(logline + strlen(logline), LOGLINE_SIZE - strlen(logline), "%5d ", getpid()); honeytrap/trunk/src/logging.h
r1081 r1201 28 28 #define LOGLINE_SIZE 256 /* truncates longer lines */ 29 29 30 char ltime[20];31 30 u_char log_level; 32 31 33 32 int logfile_fd; 34 33 35 char *log_time(char ltime[20]);36 34 void logmsg(int level, int add_time, const char * format, ...) __attribute__ ((format (printf, 3, 4))); 37 35 honeytrap/trunk/src/md5.c
r1099 r1201 278 278 } 279 279 280 char *mem_md5sum(u_char *m empos, u_int32_t size)280 char *mem_md5sum(u_char *msg, u_int32_t size) 281 281 { 282 282 unsigned char digest[16]; … … 290 290 while (size > 0) { 291 291 bytes = (size < 8192) ? size : 8192; 292 MD5_Update(&ctx, m empos, bytes);293 m empos+= bytes;292 MD5_Update(&ctx, msg, bytes); 293 msg += bytes; 294 294 size -= bytes; 295 295 } honeytrap/trunk/src/md5.h
r1081 r1201 32 32 extern void MD5_Update(MD5_CTX *ctx, void *data, unsigned long size); 33 33 extern void MD5_Final(unsigned char *result, MD5_CTX *ctx); 34 char *mem_md5sum(u_char *m empos, u_int32_t size);34 char *mem_md5sum(u_char *msg, u_int32_t size); 35 35 36 36 #endif honeytrap/trunk/src/modules/Makefile.in
r1142 r1201 61 61 am_htm_aSaveFile_la_OBJECTS = htm_aSaveFile.lo 62 62 htm_aSaveFile_la_OBJECTS = $(am_htm_aSaveFile_la_OBJECTS) 63 htm_aSavePostgres_la_LIBADD = 64 htm_aSavePostgres_la_SOURCES = htm_aSavePostgres.c 65 htm_aSavePostgres_la_OBJECTS = htm_aSavePostgres.lo 63 66 htm_b64Decode_la_LIBADD = 64 67 am_htm_b64Decode_la_OBJECTS = htm_b64Decode.lo … … 85 88 $(AM_LDFLAGS) $(LDFLAGS) -o $@ 86 89 SOURCES = $(htm_SpamSum_la_SOURCES) $(htm_aSaveFile_la_SOURCES) \ 87 $(htm_b64Decode_la_SOURCES) $(htm_ftpDownload_la_SOURCES) \ 88 $(htm_tftpDownload_la_SOURCES) $(htm_vncDownload_la_SOURCES) 90 htm_aSavePostgres.c $(htm_b64Decode_la_SOURCES) \ 91 $(htm_ftpDownload_la_SOURCES) $(htm_tftpDownload_la_SOURCES) \ 92 $(htm_vncDownload_la_SOURCES) 89 93 DIST_SOURCES = $(htm_SpamSum_la_SOURCES) $(htm_aSaveFile_la_SOURCES) \ 90 $(htm_b64Decode_la_SOURCES) $(htm_ftpDownload_la_SOURCES) \ 91 $(htm_tftpDownload_la_SOURCES) $(htm_vncDownload_la_SOURCES) 94 htm_aSavePostgres.c $(htm_b64Decode_la_SOURCES) \ 95 $(htm_ftpDownload_la_SOURCES) $(htm_tftpDownload_la_SOURCES) \ 96 $(htm_vncDownload_la_SOURCES) 92 97 ETAGS = etags 93 98 CTAGS = ctags … … 200 205 target_alias = @target_alias@ 201 206 AUTOMAKE_OPTIONS = foreign no-dependencies 207 AM_CFLAGS = -Wall -Werror 202 208 AM_YFLAGS = -d 203 lib_LTLIBRARIES = htm_aSaveFile.la htm_ftpDownload.la htm_tftpDownload.la htm_vncDownload.la htm_b64Decode.la htm_SpamSum.la 209 lib_LTLIBRARIES = htm_aSaveFile.la htm_ftpDownload.la htm_tftpDownload.la htm_vncDownload.la htm_b64Decode.la htm_SpamSum.la htm_aSavePostgres.la 204 210 htm_aSaveFile_la_SOURCES = htm_aSaveFile.c htm_aSaveFile.h 205 211 htm_aSaveFile_la_LDFLAGS = -module -no-undefined -avoid-version … … 214 220 htm_SpamSum_la_SOURCES = htm_SpamSum.c htm_SpamSum.h 215 221 htm_SpamSum_la_LDFLAGS = -module -no-undefined -avoid-version 222 htm_aSavePostgres = htm_aSavePostgres.c htm_aSavePostgres.h 223 htm_aSavePostgres_la_LDFLAGS = -module -no-undefined -avoid-version -lpq 216 224 all: all-am 217 225 … … 278 286 htm_aSaveFile.la: $(htm_aSaveFile_la_OBJECTS) $(htm_aSaveFile_la_DEPENDENCIES) 279 287 $(LINK) -rpath $(libdir) $(htm_aSaveFile_la_LDFLAGS) $(htm_aSaveFile_la_OBJECTS) $(htm_aSaveFile_la_LIBADD) $(LIBS) 288 htm_aSavePostgres.la: $(htm_aSavePostgres_la_OBJECTS) $(htm_aSavePostgres_la_DEPENDENCIES) 289 $(LINK) -rpath $(libdir) $(htm_aSavePostgres_la_LDFLAGS) $(htm_aSavePostgres_la_OBJECTS) $(htm_aSavePostgres_la_LIBADD) $(LIBS) 280 290 htm_b64Decode.la: $(htm_b64Decode_la_OBJECTS) $(htm_b64Decode_la_DEPENDENCIES) 281 291 $(LINK) -rpath $(libdir) $(htm_b64Decode_la_LDFLAGS) $(htm_b64Decode_la_OBJECTS) $(htm_b64Decode_la_LIBADD) $(LIBS) … … 481 491 install-exec-am: 482 492 $(mkinstalldirs) $(DESTDIR)/$(sysconfdir)/honeytrap/plugins 483 for module in `find .libs -name htm_*.so | grep -v SpamSum`; do \493 for module in `find .libs -name 'htm_*.so' | egrep -v 'SpamSum|aSavePostgres'`; do \ 484 494 [ -h $$module ] || $(INSTALL_DATA) "$$module" $(DESTDIR)/$(sysconfdir)/honeytrap/plugins/ ; \ 485 495 done 486 for module in `find . -name htm_*.*a | grep -v SpamSum`; do \496 for module in `find . -name 'htm_*.*a' | egrep -v 'SpamSum|aSavePostgres'`; do \ 487 497 rm -f $(DESTDIR)/$(sysconfdir)/honeytrap/plugins/`basename "$$module"` ; \ 488 498 done honeytrap/trunk/src/modules/htm_SpamSum.c
r1126 r1201 109 109 if (sig[32] == '\n') sig[32] = 0; 110 110 logmsg(LOG_DEBUG, 1, "Comparing with %s.\n", sig); 111 if (strcmp(attack->a_conn.payload. chksum, sig) == 0) sig_match = 1;111 if (strcmp(attack->a_conn.payload.md5sum, sig) == 0) sig_match = 1; 112 112 } 113 113 } … … 121 121 return(0); 122 122 } 123 if (fprintf(hashfile, "%s\n", attack->a_conn.payload. chksum) != 33) {123 if (fprintf(hashfile, "%s\n", attack->a_conn.payload.md5sum) != 33) { 124 124 logmsg(LOG_ERR, 1, "Error - Could not append MD5 hash to signature file: %s.\n", strerror(errno)); 125 125 fclose(hashfile); honeytrap/trunk/src/modules/htm_SpamSum.h
r1126 r1201 19 19 20 20 const char module_name[]="htm_SpamSum"; 21 const char module_version[]="0. 2.1";21 const char module_version[]="0.3.0"; 22 22 23 23 void plugin_init(void); honeytrap/trunk/src/modules/htm_ftpDownload.c
r1125 r1201 26 26 #include <sys/socket.h> 27 27 #include <ctype.h> 28 #include <stdio.h>29 28 30 29 #include <honeytrap.h> … … 71 70 /* do ftp download */ 72 71 addr = (struct in_addr *) &(attack->a_conn.l_addr); 73 return(get_ftpcmd(string_for_processing, attack->a_conn.payload.size, *addr));72 get_ftpcmd(string_for_processing, attack->a_conn.payload.size, *addr,attack); 74 73 } 75 74 } … … 78 77 } 79 78 80 int get_ftpcmd(char *attack_string, uint32_t string_size, struct in_addr lhost ) {79 int get_ftpcmd(char *attack_string, uint32_t string_size, struct in_addr lhost, Attack *attack) { 81 80 char *parse_string=NULL, port[6], *user=NULL, *pass=NULL, *file=NULL; 82 81 struct hostent *host=NULL; … … 200 199 201 200 /* Do FTP transaction */ 202 return(get_ftp_res source(user, pass, (struct in_addr *) &lhost,203 (struct in_addr *) host->h_addr_list[0], atoi(port), file ));201 return(get_ftp_resource(user, pass, (struct in_addr *) &lhost, 202 (struct in_addr *) host->h_addr_list[0], atoi(port), file, attack)); 204 203 } 205 204 } … … 250 249 251 250 252 int get_ftp_res source(const char *user, const char* pass, struct in_addr *lhost, struct in_addr *rhost, const int port, const char *save_file) {251 int get_ftp_resource(const char *user, const char* pass, struct in_addr *lhost, struct in_addr *rhost, const int port, const char *save_file, Attack *attack) { 253 252 struct sockaddr_in control_socket, local_data_socket, remote_data_socket; 254 253 int control_sock_fd, data_sock_listen_fd, data_sock_fd, dumpfile_fd, … … 393 392 } 394 393 394 /* set local IP address for data connection */ 395 if (ftp_host) { 396 /* use this ip address (host) for data connection */ 397 logmsg(LOG_DEBUG, 1, "FTP download - Accept data connections on %s.\n", ftp_host); 398 if ((data_host = gethostbyname(ftp_host)) == NULL) { 399 logmsg(LOG_ERR, 1, "FTP download error - Unable to resolve %s.\n", ftp_host); 400 return(-1); 401 } 402 logmsg(LOG_DEBUG, 1, "FTP download - %s resolves to %s.\n", ftp_host, 403 inet_ntoa(*(struct in_addr*)data_host->h_addr_list[0])); 404 405 if (!valid_ipaddr((uint32_t) *(data_host->h_addr_list[0]))) { 406 logmsg(LOG_INFO, 1, "FTP download error - %s is not a valid ip address.\n", 407 inet_ntoa(*(struct in_addr*)data_host->h_addr_list[0])); 408 return(-1); 409 } 410 lhost = (struct in_addr*)data_host->h_addr_list[0]; 411 memcpy(ip_octet, lhost, 4); 412 } else { 413 /* determine local IP address of control connection socket */ 414 addr_len = sizeof(struct sockaddr_in); 415 if (getsockname(control_sock_fd, (struct sockaddr *) &control_socket, (socklen_t *) &addr_len) != 0) { 416 logmsg(LOG_ERR, 1, "FTP download error - Unable to get local address from FTP control connection socket: %s\n", strerror(errno)); 417 return(-1); 418 } 419 memcpy(ip_octet, &control_socket.sin_addr.s_addr, 4); 420 } 421 memcpy(&ftp_port, &local_data_socket.sin_port, sizeof(local_data_socket.sin_port)); 422 395 423 /* listen on data channel socket */ 396 424 memset(&local_data_socket, 0, sizeof(local_data_socket)); 397 425 local_data_socket.sin_family = AF_INET; 398 local_data_socket.sin_addr.s_addr = htonl(INADDR_ANY);426 local_data_socket.sin_addr.s_addr = control_socket.sin_addr.s_addr; 399 427 local_data_socket.sin_port = htons(local_data_port); 428 400 429 /* TODO: Check if errno == EINVAL (socket in use) */ 401 430 while(((bind(data_sock_listen_fd, (struct sockaddr *) &local_data_socket, … … 427 456 428 457 /* send PORT */ 429 if (ftp_host) {430 /* use this ip address (host) for data connection */431 logmsg(LOG_DEBUG, 1, "FTP download - Accept data connections on %s.\n", ftp_host);432 if ((data_host = gethostbyname(ftp_host)) == NULL) {433 logmsg(LOG_ERR, 1, "FTP download error - Unable to resolve %s.\n", ftp_host);434 return(-1);435 }436 logmsg(LOG_DEBUG, 1, "FTP download - %s resolves to %s.\n", ftp_host,437 inet_ntoa(*(struct in_addr*)data_host->h_addr_list[0]));438 439 if (!valid_ipaddr((uint32_t) *(data_host->h_addr_list[0]))) {440 logmsg(LOG_INFO, 1, "FTP download error - %s is not a valid ip address.\n",441 inet_ntoa(*(struct in_addr*)data_host->h_addr_list[0]));442 return(-1);443 }444 lhost = (struct in_addr*)data_host->h_addr_list[0];445 }446 memcpy(ip_octet, lhost, 4);447 memcpy(&ftp_port, &local_data_socket.sin_port, sizeof(local_data_socket.sin_port));448 458 logmsg(LOG_NOISY, 1, "FTP download - Sending 'PORT %u,%u,%u,%u,%u,%u.\n", 449 459 ip_octet[0], ip_octet[1], ip_octet[2], ip_octet[3], … … 519 529 return(-1); 520 530 } else if (FD_ISSET(data_sock_listen_fd, &rfds)) { 521 if ((data_sock_fd = accept(data_sock_listen_fd, (struct sockaddr *) &remote_data_socket, &addr_len)) < 0) {531 if ((data_sock_fd = accept(data_sock_listen_fd, (struct sockaddr *) &remote_data_socket, (u_int *) &addr_len)) < 0) { 522 532 logmsg(LOG_ERR, 1, "FTP download error - Unable to accept FTP data connection: %s\n", 523 533 strerror(errno)); … … 579 589 logmsg(LOG_NOTICE, 1, "FTP download - %s saved.\n", save_file); 580 590 } else logmsg(LOG_NOISY, 1, "FTP download - No data received.\n"); 591 592 /* add download struct to attack struct*/ 593 logmsg(LOG_DEBUG, 1, "(htm_ftp) Adding download to attack struct.\n"); 594 add_download("ftp", rhost->s_addr, port, user, pass, (const char *) save_file, binary_stream, total_bytes, attack); 595 // return(0); 581 596 close(data_sock_fd); 582 } else logmsg(LOG_DEBUG, 1, "FTP download - Select on FTP data channel returned but socket is not set: %s\n", 583 strerror(errno)); 597 } else logmsg(LOG_DEBUG, 1, "FTP download - Select on FTP data channel returned but socket is not set: %s\n", strerror(errno)); 584 598 585 599 /* close open descriptors and return */ honeytrap/trunk/src/modules/htm_ftpDownload.h
r1120 r1201 27 27 int read_ftp_line(int control_sock_fd, char *rline, int timeout); 28 28 int ftp_quit(int control_sock_fd, int data_sock_fd, int dumpfile_fd); 29 int get_ftp_res source(const char *user, const char* pass, struct in_addr *lhost, struct in_addr *rhost, const int port, const char *save_file);30 int get_ftpcmd(char *attack_string, uint32_t string_size, struct in_addr lhost );29 int get_ftp_resource(const char *user, const char* pass, struct in_addr *lhost, struct in_addr *rhost, const int port, const char *save_file, Attack *attack); 30 int get_ftpcmd(char *attack_string, uint32_t string_size, struct in_addr lhost, Attack *attack); 31 31 32 32 #endif honeytrap/trunk/src/modules/htm_tftpDownload.c
r1127 r1201 130 130 131 131 /* Do TFTP download */ 132 return(get_tftp_res source((struct in_addr *) host->h_addr_list[0], file));132 return(get_tftp_resource((struct in_addr *) host->h_addr_list[0], file)); 133 133 } 134 134 … … 141 141 142 142 143 int get_tftp_res source(struct in_addr* host, const char *save_file) {143 int get_tftp_resource(struct in_addr* host, const char *save_file) { 144 144 struct sockaddr_in data_socket, from; 145 145 int data_sock_fd, dumpfile_fd, honeytrap/trunk/src/modules/htm_tftpDownload.h
r1102 r1201 29 29 int get_tftpcmd(char *attack_string, int string_size); 30 30 int tftp_quit(int data_sock_fd, int dumpfile_fd); 31 int get_tftp_res source(struct in_addr* host, const char *save_file);31 int get_tftp_resource(struct in_addr* host, const char *save_file); 32 32 33 33 #endif honeytrap/trunk/src/nfqmon.c
r1132 r1201 99 99 100 100 /* nfq_set_verdict()'s return value is really confusing and documented nowhere */ 101 nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);101 // nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL); 102 102 103 103 return(1); honeytrap/trunk/src/readconf.c
r1127 r1201 315 315 /* open logfile */ 316 316 if((logfile_fd = open(logfile_name, EXCL_FILE_RW, 0644)) == -1) { 317 fprintf(stderr, " Error - Unable to open logfile .\n");317 fprintf(stderr, " Error - Unable to open logfile %s: %s.\n", logfile_name, strerror(errno)); 318 318 exit(1); 319 319 } honeytrap/trunk/src/signals.c
r1117 r1201 46 46 break; 47 47 case SIGSEGV: 48 logmsg(LOG_ DEBUG, 1, "SIGSEGV received.\n");48 logmsg(LOG_ERR, 1, "Error - Segmentation fault (SIGSEGV received).\n"); 49 49 _exit(0); 50 50 case SIGINT: honeytrap/trunk/src/tcp.c
r1125 r1201 29 29 #include "logging.h" 30 30 #include "ipqmon.h" 31 #include "nfqmon.h" 31 32 #include "tcp.h" 32 33 … … 67 68 return(-1); 68 69 #else 70 #ifdef USE_NFQ_MON 71 /* hand packet processing back to the kernel */ 72 nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL); 73 return(-1); 74 #else 69 75 if (errno != 98) 70 76 logmsg(LOG_NOISY, 1, "Warning - Could not bind to port %u/tcp: %s.\n", ntohs(port), strerror(errno)); … … 73 79 close(fd); 74 80 return(-1); 81 #endif 75 82 #endif 76 83 } honeytrap/trunk/src/udp.c
r1119 r1201 28 28 #include "logging.h" 29 29 #include "ipqmon.h" 30 #include "nfqmon.h" 30 31 #include "udp.h" 31 32 … … 65 66 return(-1); 66 67 #else 68 #ifdef USE_NFQ_MON 69 /* hand packet processing back to the kernel */ 70 nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL); 71 return(-1); 72 #else 67 73 if (errno != 98) 68 74 logmsg(LOG_NOISY, 1, "Warning - Could not bind to port %u/udp: %s.\n", ntohs(port), strerror(errno)); … … 72 78 return(-1); 73 79 #endif 80 #endif 74 81 } 75 82 return(fd); honeytrap/trunk/src/util.c
r1129 r1201 117 117 retval.string++; 118 118 retval.offset++; 119 *parse_string++;119 parse_string++; 120 120 } 121 121 … … 126 126 (*parse_string != '\n')) { 127 127 retval.offset++; 128 *parse_string++;128 parse_string++; 129 129 } 130 130 *parse_string = 0;
