exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

tcplog.c

tcplog.c
Posted Aug 17, 1999

No information is available for this file.

tags | system logging
systems | unix
SHA-256 | d5da37fc521e034554e3472cbfd79cbe497e5f317c9d25d922a4ba608b386648

tcplog.c

Change Mirror Download
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <signal.h>
#include <fcntl.h>
#include <syslog.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <linux/ip.h>
#include <linux/tcp.h>
extern int errno;

#ifndef NOFILE
#define NOFILE 1024
#endif

int go_background(void);
char *hostlookup(unsigned long int);
char *servlookup(unsigned short);

struct ippkt
{
struct iphdr ip;
struct tcphdr tcp;
char buffer[10000];
}pkt;

int go_background(void)
{
int fd;
int fs;

if(getppid() != 1)
{
signal(SIGTTOU, SIG_IGN);
signal(SIGTTIN, SIG_IGN);
signal(SIGTSTP, SIG_IGN);
fs=fork();
if(fs < 0)
{
perror("fork");
exit(1);
}
if(fs > 0) exit(0);
setpgrp();
fd=open("/dev/tty", O_RDWR);
if(fd >= 0)
{
ioctl(fd, TIOCNOTTY, (char *)NULL);
close(fd);
}
}
for(fd=0;fd < NOFILE;fd++) close(fd);
errno=0;
chdir("/");
umask(0);
}

int main(void)
{
int s;
int i;
char tmpbuff[1024];

setuid(0);
if(geteuid() != 0)
{
printf("This program requires root privledges\n");
exit(0);
}
go_background();
s=socket(AF_INET, SOCK_RAW, 6);
openlog("tcplog", 0, LOG_DAEMON);

while(1)
{
read(s, (struct ippkt *)&pkt, 9999);
if(pkt.tcp.syn == 1 && pkt.tcp.ack == 0)
{
if(ntohs(pkt.tcp.source) == 20 && ntohs(pkt.tcp.dest) < 1024)
{
syslog(LOG_NOTICE, "FTPBounce attack detected from %s", hostlookup(pkt.ip.saddr));
continue;
}
if(ntohs(pkt.tcp.source) != 20) syslog(LOG_NOTICE, "%s connection attempt from %s", servlookup(pkt.tcp.dest), hostlookup(pkt.ip.saddr));
}
}
}

char *hostlookup(unsigned long int in)
{
static char blah[1024];
struct in_addr i;
struct hostent *he;

i.s_addr=in;
he=gethostbyaddr((char *)&i, sizeof(struct in_addr),AF_INET);
if(he == NULL) strcpy(blah, inet_ntoa(i));
else strcpy(blah, he->h_name);
return blah;
}


char *servlookup(unsigned short port)
{
struct servent *se;
static char buff[1024];

se=getservbyport(port, "tcp");
if(se == NULL) sprintf(buff, "port %d", ntohs(port));
else sprintf(buff, "%s", se->s_name);
return buff;
}

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close