#include <sys/types.h>#include <string.h>#include <stdio.h>#include <stdlib.h>#include <time.h>#include <sys/time.h>#include <sys/socket.h>#include <netinet/in.h>#include <arpa/inet.h>#include "rules.h"#include "log.h"#include "util.h"#include "debug.h"#include "generators.h"#include "detect.h"#include "plugbase.h"#include "parser.h"#include "mstring.h"#include "snort.h"Go to the source code of this file.
|
|
Definition at line 59 of file spp_portscan.c. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Definition at line 95 of file spp_portscan.c. |
|
|
Definition at line 87 of file spp_portscan.c. |
|
|
Definition at line 233 of file spp_portscan.c. |
|
||||||||||||||||
|
Definition at line 305 of file spp_portscan.c. References FatalError(), MODNAME, NewConnection(), _connectionInfo::nextNode, and _connectionInfo::prevNode. Referenced by NewScan(). |
|
||||||||||||||||
|
Definition at line 331 of file spp_portscan.c. References FatalError(), MODNAME, NewDestination(), _destinationInfo::nextNode, and _destinationInfo::prevNode. Referenced by NewScan(). |
|
||||||||||||||||
|
Definition at line 389 of file spp_portscan.c. References FatalError(), MODNAME, NewSource(), _sourceInfo::nextNode, and _sourceInfo::prevNode. Referenced by NewScan(). |
|
|
Definition at line 1530 of file spp_portscan.c. References CallAlertFuncs(), _sourceInfo::event_id, GENERATOR_SPP_PORTSCAN, MODNAME, NULL, _sourceInfo::numberOfConnections, _sourceInfo::numberOfDestinations, _sourceInfo::numberOfTCPConnections, _sourceInfo::numberOfUDPConnections, PORTSCAN_INTER_INFO, _sourceInfo::saddr, SetEvent(), and _sourceInfo::stealthScanUsed. Referenced by PortscanPreprocFunction(). |
|
|
Definition at line 1107 of file spp_portscan.c. References DEBUG_PLUGIN, DEBUG_WRAP, R_ACK, R_FIN, R_PSH, R_RES1, R_RES2, R_RST, R_SYN, R_URG, sFIN, sFULLXMAS, sINVALIDACK, sNMAPID, sNOACK, sNONE, sNULL, sSPAU, sSYN, sSYNFIN, sVECNA, and sXMAS. Referenced by PortscanPreprocFunction(). |
|
|
|
Definition at line 797 of file spp_portscan.c. References _scanList::lastSource, _scanList::listHead, NULL, and _scanList::numberOfSources. Referenced by PortscanInit(). |
|
|
Definition at line 1630 of file spp_portscan.c. References _serverNode::address, DEBUG_PLUGIN, DEBUG_WRAP, FatalError(), file_line, file_name, _IpAddrSet::ip_addr, memset, MODNAME, mSplit(), mSplitFree(), _IpAddrSet::netmask, _serverNode::nextNode, NULL, and PortscanIgnoreParseIP(). Referenced by PortscanIgnoreHostsInit(). |
|
||||||||||||||||
|
||||||||||||||||||||||||
|
Definition at line 1553 of file spp_portscan.c. References _Packet::dp, _IPHdr::ip_dst, _IPHdr::ip_src, _Packet::iph, and _Packet::sp. Referenced by NewScan(). |
|
|
Definition at line 1574 of file spp_portscan.c. References _serverNode::address, ANY_SRC_PORT, CHECK_SRC, CheckAddrPort(), _serverNode::ignoreFlags, _IpAddrSet::ip_addr, _IPHdr::ip_src, _Packet::iph, memset, MODNAME, _IpAddrSet::netmask, and _serverNode::nextNode. |
|
|
Definition at line 1381 of file spp_portscan.c. References _destinationInfo::connectionsList, _destinationInfo::daddr, DEBUG_PLUGIN, DEBUG_WRAP, _sourceInfo::destinationsList, _connectionInfo::dport, logFile, memset, _connectionInfo::nextNode, _destinationInfo::nextNode, _sourceInfo::saddr, _connectionInfo::scanType, sFIN, sFULLXMAS, sINVALIDACK, sNMAPID, sNOACK, sNULL, _connectionInfo::sport, sRESERVEDBITS, sSPAU, sSYN, sSYNFIN, sUDP, sVECNA, sXMAS, _connectionInfo::tcpFlags, timeFormat, _connectionInfo::timestamp, tLOCAL, and spp_timeval::tv_sec. Referenced by PortscanPreprocFunction(). |
|
||||||||||||
|
Definition at line 245 of file spp_portscan.c. References CreateTCPFlagString(), _Packet::dp, _connectionInfo::dport, FatalError(), _IPHdr::ip_proto, _Packet::iph, logLevel, lPACKET, MODNAME, _connectionInfo::nextNode, NULL, _Packet::pkth, _connectionInfo::prevNode, _connectionInfo::scanType, _Packet::sp, _connectionInfo::sport, _connectionInfo::tcpFlags, _connectionInfo::timestamp, pcap_pkthdr::ts, spp_timeval::tv_sec, and spp_timeval::tv_usec. Referenced by AddConnection(), and NewDestination(). |
|
||||||||||||
|
Definition at line 317 of file spp_portscan.c. References _destinationInfo::connectionsList, _destinationInfo::daddr, _IPHdr::ip_dst, _Packet::iph, NewConnection(), _destinationInfo::nextNode, NULL, _destinationInfo::numberOfConnections, and _destinationInfo::prevNode. Referenced by AddDestination(), NewScan(), and NewSource(). |
|
||||||||||||||||
|
||||||||||||
|
|
Definition at line 1233 of file spp_portscan.c. References DEBUG_PLUGIN, DEBUG_WRAP, FatalError(), file_line, file_name, lEXTENDED, lFILE, lNONE, _progvars::log_dir, logFile, logLevel, maxPorts, MODNAME, mSplit(), mSplitFree(), packetLogSize, PortscanParseIP(), pv, _progvars::quiet_flag, scansToWatch, sRESERVEDBITS, sUDP, tGMT, timeFormat, tLOCAL, spp_timeval::tv_sec, spp_timeval::tv_usec, and _progvars::use_utc. Referenced by PortscanInit(). |
|
|
Definition at line 1794 of file spp_portscan.c. References FatalError(), _IpAddrSet::next, and NULL. Referenced by PortscanParseIP(). |
|
|
Definition at line 1831 of file spp_portscan.c. References _serverNode::address, FatalError(), _IpAddrSet::next, and NULL. Referenced by PortscanIgnoreParseIP(). |
|
|
Definition at line 1619 of file spp_portscan.c. References CreateServerList(). Referenced by SetupPortscanIgnoreHosts(). |
|
||||||||||||
|
Definition at line 1737 of file spp_portscan.c. References FatalError(), file_line, file_name, mSplit(), mSplitFree(), NULL, ParseIP(), PortscanIgnoreAllocAddrNode(), and VarGet(). Referenced by CreateServerList(). |
|
|
Definition at line 1090 of file spp_portscan.c. References AddFuncToPreprocList(), CreateScanList(), LogMessage(), NULL, ParsePortscanArgs(), and PortscanPreprocFunction(). Referenced by SetupPortscan(), and SetupPsng(). |
|
|
Definition at line 1687 of file spp_portscan.c. References EXCEPT_DST_IP, FatalError(), file_line, file_name, homeFlags, mSplit(), mSplitFree(), NULL, ParseIP(), PortscanAllocAddrNode(), and VarGet(). Referenced by ParsePortscanArgs(). |
|
||||||||||||
|
|
Definition at line 401 of file spp_portscan.c. References _connectionInfo::nextNode, NULL, and _connectionInfo::prevNode. Referenced by ClearConnectionInfoFromSource(), and ExpireConnections(). |
|
|
Definition at line 430 of file spp_portscan.c. References _destinationInfo::nextNode, NULL, and _destinationInfo::prevNode. Referenced by ClearConnectionInfoFromSource(), and ExpireConnections(). |
|
|
Definition at line 459 of file spp_portscan.c. References _sourceInfo::nextNode, NULL, and _sourceInfo::prevNode. Referenced by ExpireConnections(). |
|
|
Definition at line 1084 of file spp_portscan.c. References PortscanInit(), and RegisterPreprocessor(). Referenced by InitPreprocessors(). |
|
|
Definition at line 1613 of file spp_portscan.c. References PortscanIgnoreHostsInit(), and RegisterPreprocessor(). Referenced by InitPreprocessors(). |
|
|
Definition at line 225 of file spp_portscan.c. |
|
|
|
|
|
Definition at line 228 of file spp_portscan.c. |
|
|
Definition at line 229 of file spp_portscan.c. Referenced by PortscanParseIP(), and PortscanPreprocFunction(). |
|
|
Definition at line 237 of file spp_portscan.c. Referenced by LogScanInfoToSeparateFile(), and ParsePortscanArgs(). |
|
|
Definition at line 232 of file spp_portscan.c. Referenced by NewConnection(), ParsePortscanArgs(), and PortscanPreprocFunction(). |
|
|
Definition at line 231 of file spp_portscan.c. Referenced by ParsePortscanArgs(), and PortscanPreprocFunction(). |
|
|
Definition at line 230 of file spp_portscan.c. |
|
|
Definition at line 238 of file spp_portscan.c. Referenced by ParsePortscanArgs(). |
|
|
Definition at line 222 of file spp_portscan.c. |
|
|
Definition at line 224 of file spp_portscan.c. Referenced by ParsePortscanArgs(), and PortscanPreprocFunction(). |
|
|
Definition at line 223 of file spp_portscan.c. |
|
|
Referenced by LogScanInfoToSeparateFile(), and ParsePortscanArgs(). |
1.4.2