Skip to content
Snippets Groups Projects
Commit e261a06a authored by Pavel Valach's avatar Pavel Valach
Browse files

dionaea/log_wardenfiler.py: Add option of static target IPv4 or IPv6

parent f4294a9c
No related branches found
No related tags found
1 merge request!3dionaea/log_wardenfiler.py: Add option of static target IPv4 or IPv6
Show whitespace changes
Inline Side-by-side
dionaea/log_wardenfiler.py
+ 14
2
View file @ e261a06a
...@@ -128,6 +128,10 @@ class LogWardenfilerHandler(ihandler): ...@@ -128,6 +128,10 @@ class LogWardenfilerHandler(ihandler):
self.nat_host = self._config.get('nat_host') self.nat_host = self._config.get('nat_host')
if 'nat_port' in self._config: if 'nat_port' in self._config:
self.nat_port = self._config.get('nat_port') self.nat_port = self._config.get('nat_port')
if 'reported_ipv4' in self._config:
self.reported_ipv4 = self._config.get('reported_ipv4')
if 'reported_ipv6' in self._config:
self.reported_ipv6 = self._config.get('reported_ipv6')
if 'anon_mask_4' in self._config: if 'anon_mask_4' in self._config:
self.anon_mask_4 = self._config.get('anon_mask_4') self.anon_mask_4 = self._config.get('anon_mask_4')
if 'anon_mask_6' in self._config: if 'anon_mask_6' in self._config:
...@@ -278,7 +282,13 @@ class LogWardenfilerHandler(ihandler): ...@@ -278,7 +282,13 @@ class LogWardenfilerHandler(ihandler):
if dst_ip.startswith("::ffff:"): if dst_ip.startswith("::ffff:"):
dst_ip = dst_ip[7:] dst_ip = dst_ip[7:]
if self.resolve_nat: af = "IP4" if not ':' in src_ip else "IP6"
# Test for static IP to report as attack target
if af == "IP4" and self.reported_ipv4:
dst_ip = self.reported_ipv4
# Resolve NAT if instructed
elif af == "IP4" and self.resolve_nat:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((self.nat_host, self.nat_port)) s.connect((self.nat_host, self.nat_port))
s.sendall((','.join((src_ip, str(con.local.port))).encode("utf-8"))) s.sendall((','.join((src_ip, str(con.local.port))).encode("utf-8")))
...@@ -289,8 +299,10 @@ class LogWardenfilerHandler(ihandler): ...@@ -289,8 +299,10 @@ class LogWardenfilerHandler(ihandler):
else: else:
logger.warn("no translation for %s:%s" % (src_ip, con.local.port)) logger.warn("no translation for %s:%s" % (src_ip, con.local.port))
return() return()
elif af == "IP6" and self.reported_ipv6:
dst_ip = self.reported_ipv6
af = "IP4" if not ':' in src_ip else "IP6"
anon = (self.anon_mask_4 < 32) and (not ':' in dst_ip) or (self.anon_mask_6 < 128) anon = (self.anon_mask_4 < 32) and (not ':' in dst_ip) or (self.anon_mask_6 < 128)
if anon: if anon:
dst_ip = [( dst_ip = [(
......
dionaea/log_wardenfiler.yaml.example
+ 2
0
View file @ e261a06a
...@@ -4,6 +4,8 @@ ...@@ -4,6 +4,8 @@
resolve_nat: no resolve_nat: no
# nat_host: "gateway" # nat_host: "gateway"
# nat_port: 1456 # nat_port: 1456
# reported_ipv4: "198.51.100.42"
# reported_ipv6: "2001:db8:cafe:beef::42"
# anon_mask_4: 24 # anon_mask_4: 24
# anon_mask_6: 64 # anon_mask_6: 64
aggr_win: 300 aggr_win: 300
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment