Changeset 577

Show
Ignore:
Timestamp:
06/25/06 01:11:49 (3 years ago)
Author:
common
Message:

nepenthes
- module-honeytrap

  • add SYN detection to IPFW reading, to avoid false positives due too bad ipfw knowledge
  • fix replacement bug, compiles again on fbsd
Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • nepenthes/trunk/modules/module-honeytrap/module-honeytrap.cpp

    r576 r577  
    249249{ 
    250250#ifdef HAVE_IPFW 
    251     if ((m_DivertSocket = socket(PF_INET, SOCK_RAW, IPPROTO_IPFW)) == -1)  
     251    if ((m_DivertSocket = socket(PF_INET, SOCK_RAW, IPPROTO_DIVERT)) == -1)  
    252252    { 
    253253        logCrit("Could not create divert socket for ipfw %s\n",strerror(errno)); 
     
    714714 
    715715                                                                                                                                                                 
    716         printIPpacket((unsigned char *)buf,len); 
    717  
    718         if (1) // isPortListening(ntohs(tcp->th_dport),*(uint32_t *)&(ip->ip_dst)) == false ) 
     716 
     717 
     718        if (1 && ( tcp->th_flags & TH_SYN && !(tcp->th_flags & TH_ACK) ) // isPortListening(ntohs(tcp->th_dport),*(uint32_t *)&(ip->ip_dst)) == false ) 
    719719        /* 
    720720         * FreeBSD got no /proc/net/tcp and the code to retrieve the data from the kvm or sys*whatever* is pretty cruel 
     
    724724        { 
    725725//              logInfo("Connection to unbound port %i requested, binding port\n",ntohs(tcp->th_dport)); 
     726 
     727                printIPpacket((unsigned char *)buf,len); 
    726728 
    727729                Socket *sock = g_Nepenthes->getSocketMgr()->bindTCPSocket(INADDR_ANY,ntohs(tcp->th_dport),60,60);