Changeset 1661
- Timestamp:
- 11/13/06 23:47:34 (2 years ago)
- Files:
-
- psad/branches/sigdevel/psad (modified) (9 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
psad/branches/sigdevel/psad
r1660 r1661 1186 1186 {$pkt{'chain'}}{$pkt{'log_prefix'}}++; 1187 1187 1188 unless ($pkt{'proto'} eq 'icmp') {1188 if ($pkt{'proto'} eq 'tcp' or $pkt{'proto'} eq 'udp') { 1189 1189 ### initialize the start and end port for the scanned port range 1190 1190 if (not defined $curr_scan{$pkt{'src'}}{$pkt{'dst'}}{$pkt{'proto'}}{'strtp'}) { … … 1692 1692 $dl = $dl_tmp if $dl_tmp > $dl; 1693 1693 1694 $scan{$pkt_hr->{'src'}}{$pkt_hr->{'dst'}}{'tcp'} {'curr_sig'}1695 { $pkt_hr->{'sid'}}{$pkt_hr->{'chain'}}{'dp'}1694 $scan{$pkt_hr->{'src'}}{$pkt_hr->{'dst'}}{'tcp'} 1695 {'curr_sig'}{$sid}{$pkt_hr->{'chain'}}{'dp'} 1696 1696 {$pkt_hr->{'dp'}}++; 1697 1697 1698 $scan{$pkt_hr->{'src'}}{$pkt_hr->{'dst'}}{'tcp'} {'curr_sig'}1699 { $pkt_hr->{'sid'}}{$pkt_hr->{'chain'}}{'flags'}1698 $scan{$pkt_hr->{'src'}}{$pkt_hr->{'dst'}}{'tcp'} 1699 {'curr_sig'}{$sid}{$pkt_hr->{'chain'}}{'flags'} 1700 1700 {$pkt_hr->{'dp'}} = $pkt_hr->{'flags'}; 1701 1701 … … 1707 1707 $dl = $dl_tmp if $dl_tmp > $dl; 1708 1708 1709 $scan{$pkt_hr->{'src'}}{$pkt_hr->{'dst'}}{'udp'} {'curr_sig'}1710 { $pkt_hr->{'sid'}}{$pkt_hr->{'chain'}}{'dp'}1709 $scan{$pkt_hr->{'src'}}{$pkt_hr->{'dst'}}{'udp'} 1710 {'curr_sig'}{$sid}{$pkt_hr->{'chain'}}{'dp'} 1711 1711 {$pkt_hr->{'dp'}}++; 1712 1712 } … … 1845 1845 "$sig_hr->{'sid'} (psad_id: $sig_hr->{'psad_id'})\n"; 1846 1846 } 1847 1848 $scan{$pkt_hr->{'src'}}{$pkt_hr->{'dst'}}{'ip'}{'curr_sig'} 1849 {$sig_hr->{'sid'}}{$pkt_hr->{'chain'}}{'pkts'}++; 1850 1847 1851 return $sig_hr->{'dl'} 1848 1852 } … … 1874 1878 1875 1879 if ($sig_ip =~ m|$ip_re/\d+|) { 1876 return 1 if ipv4_in_network($ pkt_ip, $sig_ip);1880 return 1 if ipv4_in_network($sig_ip, $pkt_ip); 1877 1881 } elsif ($sig_ip =~ m|$ip_re|) { 1878 1882 return 1 if $pkt_ip eq $sig_ip; 1879 1883 } 1884 1880 1885 return 0; 1881 1886 } … … 2565 2570 2566 2571 my $connected_str = ''; 2567 $connected_str .= "$_ " for @connected_subnets; 2568 $connected_str .= "$_ " for @connected_subnets_cidr; 2569 $connected_str =~ s|\s*$||; 2572 $connected_str .= "$_, " for @connected_subnets_cidr; 2573 $connected_str =~ s|,\s*$||; 2570 2574 2571 2575 $config{'HOME_NET'} = $connected_str; … … 4258 4262 4259 4263 for my $fh (@print_fh) { 4260 for my $proto qw(tcp udp icmp ) {4264 for my $proto qw(tcp udp icmp ip) { 4261 4265 next unless defined $scan{$src}{$dst}{$proto}; 4262 4266 my $href = $scan{$src}{$dst}{$proto}; … … 4349 4353 print $fh " \"$msg\"\n", 4350 4354 " sid=$sid chain=$chain packets=$pkts dp=$dp flags=[$flags] ", 4351 " **Your machine is listening on $proto port: $dp!\n";4355 "[*] Your machine is listening on $proto port: $dp!\n"; 4352 4356 } else { 4353 4357 print $fh " \"$msg\"\n", 4354 4358 " sid=$sid chain=$chain packets=$pkts dp=$dp ", 4355 " **Your machine is listening on $proto port: $dp!\n";4359 "[*] Your machine is listening on $proto port: $dp!\n"; 4356 4360 } 4357 4361 } else { … … 4377 4381 } 4378 4382 } else { 4379 my $pkts = $scan{$src}{$dst}{ 'icmp'}4383 my $pkts = $scan{$src}{$dst}{$proto} 4380 4384 {'curr_sig'}{$sid}{$chain}{'pkts'}; 4381 4385 print $fh qq( "$msg" sid=$sid chain=$chain packets=$pkts\n);
