Changeset 1360

Timestamp:

08/24/07 21:28:24 (1 year ago)

Author:

till

Message:

- log addressed target in a grep'able way

Files:

• honeytrap/trunk/ChangeLog (modified) (1 diff)
• honeytrap/trunk/src/dynsrv.c (modified) (1 diff)
• honeytrap/trunk/src/ipqmon.c (modified) (2 diffs)
• honeytrap/trunk/src/modules/htm_ftpDownload.c (modified) (2 diffs)
• honeytrap/trunk/src/nfqmon.c (modified) (3 diffs)
• honeytrap/trunk/src/pcapmon.c (modified) (2 diffs)

honeytrap/trunk/ChangeLog

@@ -11 +11 @@
-- Improved connection request handling in the nfq stream monitor
-- Reconfiguration on SIGHUP fixed
+- Log addressed destination
-Version 0.7.0
-- Plugins can be prioritized

honeytrap/trunk/src/dynsrv.c

@@ -195 +195 @@
-                                if (FD_ISSET(sigpipe[0], &rfds) && (check_sigpipe() == -1)) exit(EXIT_FAILURE);
-                                if (FD_ISSET(listen_fd, &rfds)) {
-       logmsg(LOG_NOISY, 1
-       "   %s  Connection request from %s.\n", portstr, inet_ntoa(ip_r
+logmsg(LOG_INFO, 1, "   %s  Handling %s connection request from %s:%d to %s:%d.\n"
+portstr, PROTO(proto), inet_ntoa(ip_r), ntohs(port_r), inet_ntoa(ip_l), ntohs(port_l
-
-                                        /* initialize attack record */

honeytrap/trunk/src/ipqmon.c

@@ -128 +128 @@
-
-                                        /* Got a connection request, start dynamic server and pass packet processing back to the kernel */
+                                        logmsg(LOG_NOISY, 1, "%s:%d requesting %s connection on %s:%d.\n",
+                                                inet_ntoa(ip->ip_src), sport, PROTO(ip->ip_p), inet_ntoa(ip->ip_dst), dport);
-                                        switch (port_mode) {
-                                        case PORTCONF_NONE:
@@ -169 +171 @@
-                                        if (process == 0) break;
-
-                                        logmsg(LOG_NOISY, 1, "%s:%d/%s requesting connection on port %d/%s.\n",
-                                                inet_ntoa(ip->ip_src), sport, PROTO(ip->ip_p), dport, PROTO(ip->ip_p));
-                                        start_dynamic_server(ip->ip_src, htons(sport), ip->ip_dst, htons(dport), ip->ip_p);
-                                        break;

honeytrap/trunk/src/modules/htm_ftpDownload.c

@@ -260 +260 @@
-                        /* Do FTP transaction */
-                        return(get_ftp_resource(user, pass, (struct in_addr *) &lhost,
-               
+
-                }
-        }
@@ -361 +361 @@
-                case ENETUNREACH:
-                case ETIMEDOUT:
+                case EHOSTUNREACH:
-                        if (rhost != (struct in_addr *) &attack->a_conn.r_addr) {
-                                rhost = (struct in_addr *) &attack->a_conn.r_addr;

honeytrap/trunk/src/nfqmon.c

@@ -39 +39 @@
-        struct udp_header *udp;
-        struct tcp_header *tcp;
-
+, *srcip, *dstip
-        uint16_t sport, dport;
-        u_int8_t port_mode;
@@ -84 +84 @@
-        }
-
+        logmsg(LOG_NOISY, 1, "%s:%d requesting %s connection on %s:%d.\n",
+                inet_ntoa(ip->ip_src), sport, PROTO(ip->ip_p), inet_ntoa(ip->ip_dst), dport);
-        switch (port_mode) {
-        case PORTCONF_NONE:
@@ -123 +125 @@
-        }
-
-
-
+
+
+
+
+
+
+
+
-        start_dynamic_server(ip->ip_src, htons(sport), ip->ip_dst, htons(dport), ip->ip_p);
-        

honeytrap/trunk/src/pcapmon.c

@@ -93 +93 @@
-        }
-
+        if (ip->ip_p == UDP) logmsg(LOG_NOISY, 1, "%s:%d requesting udp connection on %s:%d.\n",
+                        inet_ntoa(ip->ip_src), sport, inet_ntoa(ip->ip_dst), dport);
+        else if (ip->ip_p == TCP) logmsg(LOG_NOISY, 1, "%s:%d requesting udp connection on %s:%d.\n",
+                        inet_ntoa(ip->ip_dst), dport, inet_ntoa(ip->ip_src), sport);
-        switch (port_mode) {
-        case PORTCONF_NONE:
@@ -116 +120 @@
-        }
-
-
-
-
-
-
-
-
-
-
+
+
+
-        return;
-}