mirror of
https://github.com/drk1wi/portspoof.git
synced 2024-06-30 18:51:39 +00:00
Improved logging mechanism
This commit is contained in:
parent
1e1139636e
commit
3d860d99f6
10
README
10
README
@ -1,6 +1,6 @@
|
||||
Portspoof overview
|
||||
Portspoof software overview
|
||||
|
||||
Short description
|
||||
Short description:
|
||||
|
||||
The portspoof program is designed to enhance OS security through emulation of legitimate service signatures on otherwise closed ports.
|
||||
It is meant to be a lightweight, fast, portable and secure addition to the any firewall system or security infrastructure.
|
||||
@ -10,13 +10,11 @@ Short description
|
||||
General benefits of using this software are:
|
||||
- Protection against well known port scanners (all scanning results are chaotic and difficult to interpret)
|
||||
- Possibility to use your current firewall rules to decide for which hosts "port spoofing" applies
|
||||
-
|
||||
- Port scanning detection functionality
|
||||
|
||||
http://portspoof.duszynski.eu
|
||||
|
||||
Author:
|
||||
Piotr Duszynski (piotr@duszynski.eu)
|
||||
Twitter: @drk1wi
|
||||
Author: Piotr Duszynski (piotr@duszynski.eu) # Follow me at @drk1wi
|
||||
|
||||
License
|
||||
|
||||
|
@ -40,6 +40,7 @@
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <time.h>
|
||||
|
||||
#ifdef OPENBSD
|
||||
|
||||
@ -254,6 +255,9 @@ void process_connection(void *arg)
|
||||
char buffer;
|
||||
int original_port=DEFAULT_PORT;
|
||||
int n = 0;
|
||||
time_t timestamp;
|
||||
struct sockaddr_in peer_sockaddr;
|
||||
int peer_sockaddr_len=sizeof(struct sockaddr_in);
|
||||
|
||||
while(1) {
|
||||
|
||||
@ -264,14 +268,44 @@ void process_connection(void *arg)
|
||||
if(threads[tid].clients[i] != 0)
|
||||
{
|
||||
|
||||
timestamp = time(NULL);
|
||||
|
||||
n = recv(threads[tid].clients[i], &buffer,1, 0);
|
||||
|
||||
// deal with different recv buffer size
|
||||
if(n == 0){
|
||||
|
||||
#ifdef OPENBSD
|
||||
|
||||
if ( getpeername(threads[tid].clients[i], (struct sockaddr *) &peer_sockaddr, &peer_sockaddr_len)){
|
||||
perror("Getsockopt failed");
|
||||
goto close_socket;
|
||||
}
|
||||
else
|
||||
original_port=get_original_port(peer_sockaddr.sin_addr,peer_sockaddr.sin_port);
|
||||
|
||||
#else
|
||||
|
||||
if ( getsockopt (threads[tid].clients[i], SOL_IP, SO_ORIGINAL_DST, (struct sockaddr*)&peer_sockaddr, &peer_sockaddr_len )){
|
||||
perror("Getsockopt failed");
|
||||
goto close_socket;
|
||||
}
|
||||
else
|
||||
original_port = ntohs(peer_sockaddr.sin_port);
|
||||
|
||||
#endif
|
||||
|
||||
//LOG
|
||||
char* msg=malloc(MAX_LOG_MSG_LEN);
|
||||
memset(msg,0,MAX_LOG_MSG_LEN);
|
||||
snprintf(msg,MAX_LOG_MSG_LEN,"%d # Port_probe # REMOVING_SOCKET # source_ip:%s # dst_port:%d \n",(int)timestamp,(char*)inet_ntoa(peer_sockaddr.sin_addr),original_port);//" port:%d src_ip%s\n", original_port,;
|
||||
log_write(msg);
|
||||
free(msg);
|
||||
//
|
||||
|
||||
close_socket:
|
||||
if(opts & OPT_DEBUG)
|
||||
fprintf(stderr,"client %d closed connection 0\n", threads[tid].clients[i]);
|
||||
fprintf(stderr,"Thread nr. %d : client %d closed connection\n",tid, threads[tid].clients[i]);
|
||||
|
||||
close(threads[tid].clients[i]);
|
||||
|
||||
@ -284,17 +318,47 @@ void process_connection(void *arg)
|
||||
}
|
||||
else if(n < 0){
|
||||
|
||||
|
||||
if(errno == EAGAIN)
|
||||
{
|
||||
continue; // Nmap NULL probe (no data) -> skip && go to another socket (client)
|
||||
}
|
||||
else if(errno == 104) // Client terminted connection -> get rid of the socket now!
|
||||
{
|
||||
close(threads[tid].clients[i]);
|
||||
}
|
||||
{}
|
||||
else
|
||||
fprintf(stderr,"errno: %d\n", errno);
|
||||
|
||||
#ifdef OPENBSD
|
||||
|
||||
if ( getpeername(threads[tid].clients[i], (struct sockaddr *) &peer_sockaddr, &peer_sockaddr_len)){
|
||||
perror("Getsockopt failed");
|
||||
goto close_socket2;
|
||||
}
|
||||
else
|
||||
original_port=get_original_port(peer_sockaddr.sin_addr,peer_sockaddr.sin_port);
|
||||
|
||||
#else
|
||||
|
||||
if ( getsockopt (threads[tid].clients[i], SOL_IP, SO_ORIGINAL_DST, (struct sockaddr*)&peer_sockaddr, &peer_sockaddr_len )){
|
||||
perror("Getsockopt failed");
|
||||
goto close_socket2;
|
||||
}
|
||||
else
|
||||
original_port = ntohs(peer_sockaddr.sin_port);
|
||||
|
||||
#endif
|
||||
|
||||
//LOG
|
||||
char* msg=malloc(MAX_LOG_MSG_LEN);
|
||||
memset(msg,0,MAX_LOG_MSG_LEN);
|
||||
snprintf(msg,MAX_LOG_MSG_LEN,"%d # Port_probe # REMOVING_SOCKET # source_ip:%s # dst_port:%d \n",(int)timestamp,(char*)inet_ntoa(peer_sockaddr.sin_addr),original_port);//" port:%d src_ip%s\n", original_port,;
|
||||
log_write(msg);
|
||||
free(msg);
|
||||
//
|
||||
|
||||
close_socket2:
|
||||
close(threads[tid].clients[i]);
|
||||
|
||||
pthread_mutex_lock(&new_connection_mutex);
|
||||
threads[tid].clients[i] = 0;
|
||||
threads[tid].client_count--;
|
||||
@ -304,28 +368,31 @@ void process_connection(void *arg)
|
||||
else
|
||||
{
|
||||
|
||||
struct sockaddr_in peer_sockaddr;
|
||||
int peer_sockaddr_len=sizeof(struct sockaddr_in);
|
||||
|
||||
#ifdef OPENBSD
|
||||
// BSD
|
||||
getpeername(threads[tid].clients[i], (struct sockaddr *) &peer_sockaddr, &peer_sockaddr_len);
|
||||
original_port=get_original_port(peer_sockaddr.sin_addr,peer_sockaddr.sin_port);
|
||||
//
|
||||
#else
|
||||
// Linux
|
||||
if ( getsockopt (threads[tid].clients[i], SOL_IP, SO_ORIGINAL_DST, (struct sockaddr*)&peer_sockaddr, &peer_sockaddr_len ))
|
||||
perror("Getsockopt failed");
|
||||
original_port = ntohs(peer_sockaddr.sin_port);
|
||||
//
|
||||
#endif
|
||||
|
||||
//LOG
|
||||
char* msg=malloc(MAX_LOG_MSG_LEN);
|
||||
memset(msg,0,MAX_LOG_MSG_LEN);
|
||||
snprintf(msg,MAX_LOG_MSG_LEN,"Connection_attempt: source_ip:%s dst_port:%d \n",(char*)inet_ntoa(peer_sockaddr.sin_addr),original_port);//" port:%d src_ip%s\n", original_port,;
|
||||
snprintf(msg,MAX_LOG_MSG_LEN,"%d # Service_probe # SIGNATURE_SEND # source_ip:%s # dst_port:%d \n",(int)timestamp,(char*)inet_ntoa(peer_sockaddr.sin_addr),original_port);//" port:%d src_ip%s\n", original_port,;
|
||||
log_write(msg);
|
||||
free(msg);
|
||||
//
|
||||
|
||||
if(opts & OPT_DEBUG)
|
||||
{
|
||||
fprintf(stderr,"\n---\nThread nr.%d for port %d \n", tid,original_port);//: rcv from %s:%d\n", (int)tid,inet_ntoa(peer_sockaddr.sin_addr), ntohs(peer_sockaddr.sin_port));
|
||||
fprintf(stderr,"\n---\nThread nr.%d for port %d \n", tid,original_port);
|
||||
}
|
||||
|
||||
str=((signature*)(arr_lines2[signatures[original_port]]))->cptr;
|
||||
@ -350,6 +417,8 @@ void process_connection(void *arg)
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
if(send(threads[tid].clients[i], str, len,0)==-1)
|
||||
perror("Send to socket failed");
|
||||
|
||||
|
@ -36,9 +36,12 @@ void log_write(char* msg) {
|
||||
|
||||
}
|
||||
|
||||
if(!(opts & OPT_SYSLOG_DIS))
|
||||
{
|
||||
openlog("portspoof", LOG_PID|LOG_CONS, LOG_USER);
|
||||
syslog(LOG_INFO,"portspoof: %s",msg);
|
||||
syslog(LOG_INFO," %s",msg);
|
||||
closelog();
|
||||
}
|
||||
pthread_mutex_unlock(&log_mutex);
|
||||
|
||||
return;
|
||||
|
@ -106,6 +106,7 @@ usage(void)
|
||||
"-p bind to a user defined port number\n"
|
||||
"-f use user defined signture file\n"
|
||||
"-l log port scanning alerts to a file\n"
|
||||
"-d disable syslog\n"
|
||||
"-t number of threads\n"
|
||||
"-c length of client queue per thread\n"
|
||||
"-v be verbose\n"
|
||||
@ -157,7 +158,7 @@ int main(int argc, char **argv)
|
||||
|
||||
|
||||
|
||||
while ((ch = getopt(argc, argv,"l:i:p:f:t:c:dh")) != -1) {
|
||||
while ((ch = getopt(argc, argv,"l:i:p:f:t:c:dvh")) != -1) {
|
||||
switch (ch) {
|
||||
case 'i':
|
||||
bind_ip = optarg;
|
||||
@ -171,10 +172,14 @@ int main(int argc, char **argv)
|
||||
signature_file = optarg;
|
||||
opts |= OPT_SIG_FILE;
|
||||
break;
|
||||
case 'd':
|
||||
case 'v':
|
||||
opts |= OPT_DEBUG;
|
||||
printf("-> Verbose mode on.\n");
|
||||
break;
|
||||
case 'd':
|
||||
opts |= OPT_SYSLOG_DIS;
|
||||
printf("-> Syslog logging disabled.\n");
|
||||
break;
|
||||
case 'l':
|
||||
opts |= OPT_LOG_FILE;
|
||||
log_file = optarg;
|
||||
@ -197,7 +202,7 @@ int main(int argc, char **argv)
|
||||
}
|
||||
|
||||
|
||||
if( !(opts&OPT_IP || opts&OPT_PORT || opts&OPT_SIG_FILE))
|
||||
if( !(opts&OPT_IP || opts&OPT_PORT || opts&OPT_DEBUG || opts&OPT_SIG_FILE || opts&OPT_LOG_FILE || opts&OPT_SYSLOG_DIS))
|
||||
{
|
||||
printf("-> No parameters - using default values.\n");
|
||||
}
|
||||
|
@ -37,7 +37,7 @@
|
||||
#define OPT_DEBUG 1<<3
|
||||
#define OPT_SIG_FILE 1<<4
|
||||
#define OPT_LOG_FILE 1<<5
|
||||
|
||||
#define OPT_SYSLOG_DIS 1<<6
|
||||
|
||||
#define DEFAULT_PORT 4444
|
||||
extern char opts;
|
||||
|
Loading…
Reference in New Issue
Block a user