#include "spp_portscan2.h"#include "spp_conversation.h"#include "mempool.h"#include "plugbase.h"#include "mstring.h"#include "util.h"#include "log.h"#include "parser.h"#include "detect.h"#include "rules.h"#include "decode.h"#include "debug.h"#include "ubi_SplayTree.h"#include "ubi_BinTree.h"#include <sys/socket.h>#include <netinet/in.h>#include <arpa/inet.h>#include "generators.h"#include <assert.h>Go to the source code of this file.
Defines | |
| #define | MODNAME "spp_portscan2" |
| #define | MAX_TARGETS 5 |
| #define | MAX_PORTS 64 |
| #define | MEM_CHUNK 32 |
| #define | PS_T 1 |
| #define | TGT_T 2 |
| #define | TRUE 0 |
| #define | FALSE 1 |
| #define | OPT_TARGET_COUNT "targets_max" |
| #define | OPT_MAX_SCANNER "scanners_max" |
| #define | OPT_TGT_LIMIT "target_limit" |
| #define | OPT_PORT_LIMIT "port_limit" |
| #define | OPT_TIMEOUT "timeout" |
| #define | OPT_LOG "log" |
| #define | DEFAULT_MAX_SCANNER 1000 |
| #define | DEFAULT_TARGET_COUNT 1000 |
| #define | DEFAULT_TARGET_LIMIT 5 |
| #define | DEFAULT_PORT_LIMIT 20 |
| #define | DEFAULT_TIMEOUT 60 |
| #define | INLINE inline |
Typedefs | |
| typedef _PortScanner | Portscanner |
| typedef _ScanTarget | ScanTarget |
| typedef _hostNode | HostNode |
| typedef _Portscan2Data | Portscan2Data |
Functions | |
| void | Scan2Init (u_char *) |
| static int | targetCompareFunc (ubi_trItemPtr, ubi_trNodePtr) |
| void | ParseScanmungeArgs (u_char *) |
| static int | PruneTargets (Portscanner *p, u_int32_t now, int tokill) |
| static int | PrunePortscanners (u_int32_t now, int tokill, Portscanner *saveme) |
| void | SLog (Packet *, int, Portscanner *) |
| void | SAlert (Packet *, int, Portscanner *) |
| INLINE int | portIsSet (char *, int) |
| INLINE void | InitPortlist (ScanTarget *target) |
| void | setPort (char *, int) |
| void | dumpPacketStats (Portscanner *) |
| void | InitIgnoreHosts (u_char *) |
| IpAddrSet * | IgnoreAllocAddrNode (HostNode *) |
| void | ScanParseIp (char *, HostNode *) |
| void | InitIgnoreFrom (u_char *) |
| void | InitIgnoreTo (u_char *) |
| void | InitIgnorePorts (u_char *, u_int32_t **, int *) |
| u_int32_t | ScanParsePort (char *) |
| int | IsIgnored (Packet *) |
| INLINE void | AddTargetPort (ScanTarget *target, u_int16_t offset, Packet *p) |
| void | AddTarget (Portscanner *ps, Packet *p) |
| void | AddPortScanner (Packet *p) |
| static int | psCompareFunc (ubi_trItemPtr ItemPtr, ubi_trNodePtr NodePtr) |
| void | psWatch (Packet *p) |
| void | SetupScan2 (void) |
| static void | DeleteTarget (ScanTarget *target) |
| static void | DeletePortscanner (Portscanner *ps) |
Variables | |
| HostNode * | ignoreList |
| int | num_ports_from |
| int | num_ports_to |
| u_int32_t * | ignorePortFrom |
| u_int32_t * | ignorePortTo |
| Portscan2Data | ps2data |
| char * | file_name |
| int | file_line |
| u_int32_t | event_id |
|
|
Definition at line 66 of file spp_portscan2.c. Referenced by ParseScanmungeArgs(). |
|
|
Definition at line 69 of file spp_portscan2.c. Referenced by ParseScanmungeArgs(). |
|
|
Definition at line 67 of file spp_portscan2.c. Referenced by ParseScanmungeArgs(). |
|
|
Definition at line 68 of file spp_portscan2.c. Referenced by ParseScanmungeArgs(). |
|
|
Definition at line 70 of file spp_portscan2.c. Referenced by ParseScanmungeArgs(). |
|
|
Definition at line 56 of file spp_portscan2.c. |
|
|
Definition at line 77 of file spp_portscan2.c. |
|
|
Definition at line 47 of file spp_portscan2.c. |
|
|
Definition at line 46 of file spp_portscan2.c. |
|
|
Definition at line 48 of file spp_portscan2.c. Referenced by InitIgnorePorts(). |
|
|
Definition at line 45 of file spp_portscan2.c. |
|
|
Definition at line 64 of file spp_portscan2.c. Referenced by ParseScanmungeArgs(). |
|
|
Definition at line 60 of file spp_portscan2.c. Referenced by ParseScanmungeArgs(). |
|
|
Definition at line 62 of file spp_portscan2.c. Referenced by ParseScanmungeArgs(). |
|
|
Definition at line 59 of file spp_portscan2.c. Referenced by ParseScanmungeArgs(). |
|
|
Definition at line 61 of file spp_portscan2.c. Referenced by ParseScanmungeArgs(). |
|
|
Definition at line 63 of file spp_portscan2.c. |
|
|
Definition at line 49 of file spp_portscan2.c. |
|
|
Definition at line 50 of file spp_portscan2.c. |
|
|
Definition at line 53 of file spp_portscan2.c. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||
|
Definition at line 840 of file spp_portscan2.c. References AddTargetPort(), _MemBucket::data, DEBUG_PORTSCAN2, DEBUG_WRAP, _Packet::dp, FALSE, InitPortlist(), _IPHdr::ip_dst, _Packet::iph, mempool_alloc(), NULL, _Packet::pkth, PrunePortscanners(), SAlert(), _PortScanner::scanner_ip, SLog(), _PortScanner::target_count, _Portscan2Data::TargetPool, _PortScanner::targetRootPtr, _PortScanner::targetsExceeded, _Portscan2Data::tgtThreshold, TRUE, pcap_pkthdr::ts, ubi_sptInsert(), and ubi_trFALSE. Referenced by AddPortScanner(), and psWatch(). |
|
||||||||||||||||
|
Definition at line 789 of file spp_portscan2.c. References FALSE, _ScanTarget::parent, _ScanTarget::plist, _PortScanner::port_count, _ScanTarget::port_count, _PortScanner::portsExceeded, _Portscan2Data::portThreshold, SAlert(), SLog(), and TRUE. Referenced by AddTarget(), and psWatch(). |
|
|
Definition at line 1291 of file spp_portscan2.c. References DEBUG_PORTSCAN2, DEBUG_WRAP, DeleteTarget(), _PortScanner::initial_time, _PortScanner::last_time, mempool_free(), _PortScanner::scanner_ip, _Portscan2Data::ScannerPool, _Portscan2Data::ScannersPtr, _PortScanner::targetRootPtr, ubi_sptRemove(), and ubi_trKillTree. Referenced by PrunePortscanners(). |
|
|
Definition at line 1285 of file spp_portscan2.c. References _ScanTarget::bucket, mempool_free(), and _Portscan2Data::TargetPool. Referenced by DeletePortscanner(), and PruneTargets(). |
|
|
|
|
|
Definition at line 481 of file spp_portscan2.c. References _hostNode::address, FatalError(), _IpAddrSet::next, and NULL. Referenced by ScanParseIp(). |
|
|
Definition at line 589 of file spp_portscan2.c. References ignorePortFrom, InitIgnorePorts(), and num_ports_from. Referenced by SetupScan2(). |
|
|
Definition at line 409 of file spp_portscan2.c. References _hostNode::address, ErrorMessage(), FatalError(), file_line, file_name, _IpAddrSet::ip_addr, memset, MODNAME, mSplit(), mSplitFree(), _IpAddrSet::netmask, _hostNode::nextNode, NULL, and ScanParseIp(). Referenced by SetupScan2(). |
|
||||||||||||||||
|
Definition at line 607 of file spp_portscan2.c. References ErrorMessage(), FatalError(), file_line, file_name, MAX_PORTS, MEM_CHUNK, memcpy, MODNAME, mSplit(), mSplitFree(), NULL, and ScanParsePort(). Referenced by InitIgnoreFrom(), and InitIgnoreTo(). |
|
|
Definition at line 598 of file spp_portscan2.c. References ignorePortTo, InitIgnorePorts(), and num_ports_to. Referenced by SetupScan2(). |
|
|
Definition at line 773 of file spp_portscan2.c. References _ScanTarget::plist. Referenced by AddTarget(). |
|
|
Definition at line 700 of file spp_portscan2.c. References _hostNode::address, CHECK_SRC, CheckAddrPort(), _Packet::dp, _hostNode::flags, _hostNode::hsp, ignorePortFrom, ignorePortTo, _IpAddrSet::ip_addr, _IPHdr::ip_src, _Packet::iph, _hostNode::lsp, memset, MODNAME, _IpAddrSet::netmask, _hostNode::nextNode, num_ports_from, num_ports_to, and _Packet::sp. Referenced by psWatch(). |
|
|
||||||||||||
|
Definition at line 828 of file spp_portscan2.c. Referenced by psWatch(). |
|
||||||||||||||||
|
Definition at line 1396 of file spp_portscan2.c. References DEBUG_CONVERSATION, DEBUG_WRAP, DeletePortscanner(), _PortScanner::last_time, NULL, _Portscan2Data::ScannersPtr, _Portscan2Data::timeout, ubi_btFirst(), ubi_btLeafNode(), ubi_btNext(), and ubi_trCount. Referenced by AddTarget(), and psWatch(). |
|
||||||||||||||||
|
Definition at line 1319 of file spp_portscan2.c. References DEBUG_CONVERSATION, DEBUG_WRAP, DeleteTarget(), _ScanTarget::last_time, NULL, _ScanTarget::port_count, _PortScanner::port_count, _PortScanner::target_count, _PortScanner::targetRootPtr, _Portscan2Data::timeout, ubi_btFirst(), ubi_btLeafNode(), ubi_btNext(), ubi_sptRemove(), and ubi_trCount. Referenced by psWatch(). |
|
||||||||||||
|
Definition at line 1003 of file spp_portscan2.c. References DEBUG_PORTSCAN2, and _PortScanner::scanner_ip. Referenced by Scan2Init(). |
|
|
||||||||||||||||
|
Definition at line 1057 of file spp_portscan2.c. References CallAlertFuncs(), DEBUG_PORTSCAN2, DEBUG_WRAP, _Event::event_id, _PortScanner::event_id, GENERATOR_SPP_SCAN2, _PortScanner::initial_time, NULL, _Packet::pkth, _PortScanner::port_count, SCAN2_PREFIX_STR, SCAN_TYPE, _PortScanner::scanner_ip, SetEvent(), snprintf, _PortScanner::target_count, and pcap_pkthdr::ts. Referenced by AddTarget(), and AddTargetPort(). |
|
|
FUNCTION PROTOTYPES Definition at line 1243 of file spp_portscan2.c. References conv_data, FatalError(), gettimeofday(), _Portscan2Data::isInitialized, _conversationData::isInitialized, LogMessage(), mempool_init(), memset, ParseScanmungeArgs(), psCompareFunc(), _Portscan2Data::scanner_count, _Portscan2Data::ScannerPool, _Portscan2Data::Scanners, _Portscan2Data::ScannersPtr, _Portscan2Data::target_count, _Portscan2Data::TargetPool, ubi_trInitTree, and _conversationData::watch_scans. Referenced by SetupScan2(). |
|
||||||||||||
|
Definition at line 500 of file spp_portscan2.c. References ANY_SRC_PORT, ErrorMessage(), EXCEPT_SRC_IP, EXCEPT_SRC_PORT, FatalError(), file_line, file_name, _hostNode::flags, _hostNode::hsp, IgnoreAllocAddrNode(), _hostNode::lsp, mSplit(), mSplitFree(), NULL, ParseIP(), ParsePort(), and VarGet(). Referenced by InitIgnoreHosts(). |
|
|
Definition at line 663 of file spp_portscan2.c. References FatalError(), file_line, file_name, NULL, and VarGet(). Referenced by InitIgnorePorts(). |
|
||||||||||||
|
|
|
|
Definition at line 1232 of file spp_portscan2.c. References InitIgnoreFrom(), InitIgnoreHosts(), InitIgnoreTo(), RegisterPreprocessor(), and Scan2Init(). Referenced by InitPreprocessors(). |
|
||||||||||||||||
|
Definition at line 1081 of file spp_portscan2.c. References _ICMPHdr::code, CreateTCPFlagString(), _Packet::dp, _PortScanner::event_id, _Packet::icmph, _IPHdr::ip_dst, _IPHdr::ip_src, _Packet::iph, _Portscan2Data::logfile, _Packet::pkth, _PortScanner::port_count, _Packet::sp, STD_BUF, strlcpy, _PortScanner::target_count, _Packet::tcph, TIMEBUF_SIZE, pcap_pkthdr::ts, ts_print(), _ICMPHdr::type, and _Packet::udph. Referenced by AddTarget(), and AddTargetPort(). |
|
||||||||||||
|
Definition at line 1036 of file spp_portscan2.c. References _ScanTarget::target_ip. Referenced by AddPortScanner(). |
|
|
Definition at line 99 of file detect.c. Referenced by CallAlertFuncs(), CallLogFuncs(), flowps_generate_flow_event(), fpLogEvent(), GeneratePSSnortEvent(), OldUnifiedLogPacketAlert(), PortscanPreprocFunction(), and SetEvent(). |
|
|
|
|
|
external globals from rules.c |
|
|
Definition at line 163 of file spp_portscan2.c. |
|
|
Definition at line 168 of file spp_portscan2.c. Referenced by InitIgnoreFrom(), and IsIgnored(). |
|
|
Definition at line 169 of file spp_portscan2.c. Referenced by InitIgnoreTo(), and IsIgnored(). |
|
|
Definition at line 166 of file spp_portscan2.c. Referenced by InitIgnoreFrom(), and IsIgnored(). |
|
|
Definition at line 167 of file spp_portscan2.c. Referenced by InitIgnoreTo(), and IsIgnored(). |
|
|
Definition at line 195 of file spp_portscan2.c. |
1.4.2