Navigation

← Previous Changeset
Next Changeset →

Changeset 576

Timestamp:

06/25/06 00:58:44 (3 years ago)

Author:

common

Message:

nepenthes

module-honeytrap
indent new divert code, rant about freebsd lacking /proc/net/tcp and the uber netstat code to retrieve the data from the kvm and sys*

Files:

nepenthes/trunk/modules/module-honeytrap/module-honeytrap.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

nepenthes/trunk/modules/module-honeytrap/module-honeytrap.cpp

r575	r576
709	709
710	710
711		const struct libnet_ipv4_hdr* ip;
712
713		ip = (struct libnet_ipv4_hdr*)buf;
714
715		int hlen = ip->ip_hl * 4;
716
717		const struct libnet_tcp_hdr* tcp;
718		tcp = (struct libnet_tcp_hdr) ((u_char )buf+hlen);
	711	const struct libnet_ipv4_hdr* ip = (struct libnet_ipv4_hdr*)buf;
	712	int hlen = ip->ip_hl * 4;
	713	const struct libnet_tcp_hdr* tcp = (struct libnet_tcp_hdr) ((u_char )buf+hlen);
719	714
720	715
721		~~// I'll add processing once i have access on a fbsd box with divert sockets enabled~~
722		~~// logWarn("You are too early, the processing logic for data from divert sockets is a todo");~~
723		~~// g_Nepenthes->getUtilities()->hexdump((byte *)buf,len);~~
724	716	printIPpacket((unsigned char *)buf,len);
725	717
726		if ( isPortListening(ntohs(tcp->th_dport),(uint32_t )&(ip->ip_dst)) == false )
727		{
728		logInfo("Connection to unbound port %i requested, binding port\n",ntohs(tcp->th_dport));
729
730		Socket *sock = g_Nepenthes->getSocketMgr()->bindTCPSocket(INADDR_ANY,ntohs(tcp->th_dport),60,60);
731		if ( sock != NULL )
732		{
733
734		DialogueFactory *diaf;
735		if ( (diaf = g_Nepenthes->getFactoryMgr()->getFactory("WinNTShell DialogueFactory")) == NULL )
736		{
737		logCrit("No WinNTShell DialogueFactory availible \n");
738		return 1;
739		}
740
741		sock->addDialogueFactory(diaf);
742		}
743		}
	718	if (1) // isPortListening(ntohs(tcp->th_dport),(uint32_t )&(ip->ip_dst)) == false )
	719	/*
	720	* FreeBSD got no /proc/net/tcp and the code to retrieve the data from the kvm or syswhatever is pretty cruel
	721	* http://cvsup.pt.freebsd.org/cgi-bin/cvsweb/cvsweb.cgi/src/usr.bin/systat/netstat.c?rev=1.25&content-type=text/x-cvsweb-markup
	722	* I hope to replace this someday with a real check, to avoid all the crit warnings when trying to bind a already bound port
	723	*/
	724	{
	725	// logInfo("Connection to unbound port %i requested, binding port\n",ntohs(tcp->th_dport));
	726
	727	Socket *sock = g_Nepenthes->getSocketMgr()->bindTCPSocket(INADDR_ANY,ntohs(tcp->th_dport),60,60);
	728	if ( sock != NULL && (sock->getDialogst()->size() == 0 && sock->getFactories()->size() == 0) )
	729	{
	730
	731	DialogueFactory *diaf;
	732	if ( (diaf = g_Nepenthes->getFactoryMgr()->getFactory("WinNTShell DialogueFactory")) == NULL )
	733	{
	734	logCrit("No WinNTShell DialogueFactory availible \n");
	735	return 1;
	736	}
	737
	738	sock->addDialogueFactory(diaf);
	739	}
	740	}
744	741
745	742

Navigation

Changeset 576

Legend:

nepenthes/trunk/modules/module-honeytrap/module-honeytrap.cpp

Download in other formats: