sad/portspoof
1
0
Fork 0
mirror of https://github.com/drk1wi/portspoof.git synced 2024-06-28 09:41:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improved logging mechanism

Browse Source
This commit is contained in:
Piotr 2012-08-13 16:39:43 +02:00
parent 1e1139636e
commit 3d860d99f6
5 changed files with 110 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
README
View File

@ -1,6 +1,6 @@
Portspoof overview
Portspoof software overview
Short description
Short description:
The portspoof program is designed to enhance OS security through emulation of legitimate service signatures on otherwise closed ports.
It is meant to be a lightweight, fast, portable and secure addition to the any firewall system or security infrastructure.
@ -10,28 +10,26 @@ Short description
General benefits of using this software are:
- Protection against well known port scanners (all scanning results are chaotic and difficult to interpret)
- Possibility to use your current firewall rules to decide for which hosts "port spoofing" applies
-
- Port scanning detection functionality
http://portspoof.duszynski.eu
Author:
Piotr Duszynski (piotr@duszynski.eu)
Twitter: @drk1wi
Author: Piotr Duszynski (piotr@duszynski.eu) # Follow me at @drk1wi
License
Consult the COPYING file.
Consult the COPYING file.
Compile instructions
Consult the INSTALL file.
Consult the INSTALL file.
Other important files
AUTHORS File with Author contact info
Changelog What I have implemented
TODO What I am planning to implement in the upcoming versions
FAQ Bug reporting and frequently asked questions
AUTHORS File with Author contact info
Changelog What I have implemented
TODO What I am planning to implement in the upcoming versions
FAQ Bug reporting and frequently asked questions

103
src/connection.c
View File

@ -40,6 +40,7 @@
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <time.h>
#ifdef OPENBSD
@ -254,6 +255,9 @@ void process_connection(void *arg)
char buffer;
int original_port=DEFAULT_PORT;
int n = 0;
time_t timestamp;
struct sockaddr_in peer_sockaddr;
int peer_sockaddr_len=sizeof(struct sockaddr_in);
while(1) {
@ -264,37 +268,97 @@ void process_connection(void *arg)
if(threads[tid].clients[i] != 0)
{
timestamp = time(NULL);
n = recv(threads[tid].clients[i], &buffer,1, 0);
// deal with different recv buffer size
if(n == 0){
if(opts & OPT_DEBUG)
fprintf(stderr,"client %d closed connection 0\n", threads[tid].clients[i]);
close(threads[tid].clients[i]);
#ifdef OPENBSD
if ( getpeername(threads[tid].clients[i], (struct sockaddr *) &peer_sockaddr, &peer_sockaddr_len)){
perror("Getsockopt failed");
goto close_socket;
}
else
original_port=get_original_port(peer_sockaddr.sin_addr,peer_sockaddr.sin_port);
#else
if ( getsockopt (threads[tid].clients[i], SOL_IP, SO_ORIGINAL_DST, (struct sockaddr*)&peer_sockaddr, &peer_sockaddr_len )){
perror("Getsockopt failed");
goto close_socket;
}
else
original_port = ntohs(peer_sockaddr.sin_port);
#endif
pthread_mutex_lock(&new_connection_mutex);
threads[tid].clients[i] = 0;
threads[tid].client_count--;
pthread_mutex_unlock(&new_connection_mutex);
//LOG
char* msg=malloc(MAX_LOG_MSG_LEN);
memset(msg,0,MAX_LOG_MSG_LEN);
snprintf(msg,MAX_LOG_MSG_LEN,"%d # Port_probe # REMOVING_SOCKET # source_ip:%s # dst_port:%d \n",(int)timestamp,(char*)inet_ntoa(peer_sockaddr.sin_addr),original_port);//" port:%d src_ip%s\n", original_port,;
log_write(msg);
free(msg);
//
close_socket:
if(opts & OPT_DEBUG)
fprintf(stderr,"Thread nr. %d : client %d closed connection\n",tid, threads[tid].clients[i]);
close(threads[tid].clients[i]);
pthread_mutex_lock(&new_connection_mutex);
threads[tid].clients[i] = 0;
threads[tid].client_count--;
pthread_mutex_unlock(&new_connection_mutex);
}
else if(n < 0){
if(errno == EAGAIN)
{
continue; // Nmap NULL probe (no data) -> skip && go to another socket (client)
}
else if(errno == 104) // Client terminted connection -> get rid of the socket now!
{
close(threads[tid].clients[i]);
}
{}
else
fprintf(stderr,"errno: %d\n", errno);
#ifdef OPENBSD
if ( getpeername(threads[tid].clients[i], (struct sockaddr *) &peer_sockaddr, &peer_sockaddr_len)){
perror("Getsockopt failed");
goto close_socket2;
}
else
original_port=get_original_port(peer_sockaddr.sin_addr,peer_sockaddr.sin_port);
#else
if ( getsockopt (threads[tid].clients[i], SOL_IP, SO_ORIGINAL_DST, (struct sockaddr*)&peer_sockaddr, &peer_sockaddr_len )){
perror("Getsockopt failed");
goto close_socket2;
}
else
original_port = ntohs(peer_sockaddr.sin_port);
#endif
//LOG
char* msg=malloc(MAX_LOG_MSG_LEN);
memset(msg,0,MAX_LOG_MSG_LEN);
snprintf(msg,MAX_LOG_MSG_LEN,"%d # Port_probe # REMOVING_SOCKET # source_ip:%s # dst_port:%d \n",(int)timestamp,(char*)inet_ntoa(peer_sockaddr.sin_addr),original_port);//" port:%d src_ip%s\n", original_port,;
log_write(msg);
free(msg);
//
close_socket2:
close(threads[tid].clients[i]);
pthread_mutex_lock(&new_connection_mutex);
threads[tid].clients[i] = 0;
threads[tid].client_count--;
@ -304,28 +368,31 @@ void process_connection(void *arg)
else
{
struct sockaddr_in peer_sockaddr;
int peer_sockaddr_len=sizeof(struct sockaddr_in);
#ifdef OPENBSD
// BSD
getpeername(threads[tid].clients[i], (struct sockaddr *) &peer_sockaddr, &peer_sockaddr_len);
original_port=get_original_port(peer_sockaddr.sin_addr,peer_sockaddr.sin_port);
//
#else
// Linux
if ( getsockopt (threads[tid].clients[i], SOL_IP, SO_ORIGINAL_DST, (struct sockaddr*)&peer_sockaddr, &peer_sockaddr_len ))
perror("Getsockopt failed");
original_port = ntohs(peer_sockaddr.sin_port);
//
#endif
//LOG
char* msg=malloc(MAX_LOG_MSG_LEN);
memset(msg,0,MAX_LOG_MSG_LEN);
snprintf(msg,MAX_LOG_MSG_LEN,"Connection_attempt: source_ip:%s dst_port:%d \n",(char*)inet_ntoa(peer_sockaddr.sin_addr),original_port);//" port:%d src_ip%s\n", original_port,;
snprintf(msg,MAX_LOG_MSG_LEN,"%d # Service_probe # SIGNATURE_SEND # source_ip:%s # dst_port:%d \n",(int)timestamp,(char*)inet_ntoa(peer_sockaddr.sin_addr),original_port);//" port:%d src_ip%s\n", original_port,;
log_write(msg);
free(msg);
//
if(opts & OPT_DEBUG)
{
fprintf(stderr,"\n---\nThread nr.%d for port %d \n", tid,original_port);//: rcv from %s:%d\n", (int)tid,inet_ntoa(peer_sockaddr.sin_addr), ntohs(peer_sockaddr.sin_port));
fprintf(stderr,"\n---\nThread nr.%d for port %d \n", tid,original_port);
}
str=((signature*)(arr_lines2[signatures[original_port]]))->cptr;
@ -350,6 +417,8 @@ void process_connection(void *arg)
}
if(send(threads[tid].clients[i], str, len,0)==-1)
perror("Send to socket failed");

5
src/log.c
View File

@ -36,9 +36,12 @@ void log_write(char* msg) {
}
if(!(opts & OPT_SYSLOG_DIS))
{
openlog("portspoof", LOG_PID|LOG_CONS, LOG_USER);
syslog(LOG_INFO,"portspoof: %s",msg);
syslog(LOG_INFO," %s",msg);
closelog();
}
pthread_mutex_unlock(&log_mutex);
return;

11
src/portspoof.c
View File

@ -106,6 +106,7 @@ usage(void)
"-p bind to a user defined port number\n"
"-f use user defined signture file\n"
"-l log port scanning alerts to a file\n"
"-d disable syslog\n"
"-t number of threads\n"
"-c length of client queue per thread\n"
"-v be verbose\n"
@ -157,7 +158,7 @@ int main(int argc, char **argv)
while ((ch = getopt(argc, argv,"l:i:p:f:t:c:dh")) != -1) {
while ((ch = getopt(argc, argv,"l:i:p:f:t:c:dvh")) != -1) {
switch (ch) {
case 'i':
bind_ip = optarg;
@ -171,10 +172,14 @@ int main(int argc, char **argv)
signature_file = optarg;
opts |= OPT_SIG_FILE;
break;
case 'd':
case 'v':
opts |= OPT_DEBUG;
printf("-> Verbose mode on.\n");
break;
case 'd':
opts |= OPT_SYSLOG_DIS;
printf("-> Syslog logging disabled.\n");
break;
case 'l':
opts |= OPT_LOG_FILE;
log_file = optarg;
@ -197,7 +202,7 @@ int main(int argc, char **argv)
}
if( !(opts&OPT_IP || opts&OPT_PORT || opts&OPT_SIG_FILE))
if( !(opts&OPT_IP || opts&OPT_PORT || opts&OPT_DEBUG || opts&OPT_SIG_FILE || opts&OPT_LOG_FILE || opts&OPT_SYSLOG_DIS))
{
printf("-> No parameters - using default values.\n");
}

2
src/portspoof.h
View File

@ -37,7 +37,7 @@
#define OPT_DEBUG 1<<3
#define OPT_SIG_FILE 1<<4
#define OPT_LOG_FILE 1<<5
#define OPT_SYSLOG_DIS 1<<6
#define DEFAULT_PORT 4444
extern char opts;