From: dtk@all.net Reply-to: dtk@all.net Organization: Deception ToolKit Mailing List Subject: DTK Mailing List 19990724
--------------------------------------------- Subject: Generic.pl update for remote port, local IP Date: Sat, 24 Jul 1999 07:35:03 -0700 (PDT) The following update to Generic.pl allows remote port and local IP address to be properly added to the log files (of the most recent version of DTK) when run via TCP wrappers. Also upcoming - we are beta-testing a version of DTK that will allow systems that can differentiate on destination IP address to use customized responses by IP address and by class C, B, and A networks. non-existent response files will use the 'default' responses. This should provide closure on the multi-homed deception capability and allow - among other things - the appearance that there are a wide range of diccferent operating systems, services, and functional uses for the same single deception machine. If anybody has any insight on additional features, please let us all know by mailing to the list. FC ====================================================================================== #!WHICH_PERL # deceptive defense - wear down the attackers and all their port scanners and so forth # Copyright (c), 1998, Fred Cohen - All Right Reserved # NOTICE: By taking this copy, you agree that all updates and modifications # will be reported back to us, that you will only use it to defend systems and # not to figure out how to attack them, that we retain all right to the # software provided to you and any revisions, enhancements, or derivitive # works that may result from it, that you will retain all copyright notices on # all copies you distribute elsewhere, and that anyone you give it to will # also agree to these terms. $PERLLIB="WHICH_PERL_LIB"; # require 'syscall.ph'; $state="0"; # initial state $timeout=TIME_OUT; # seconds to say something else or I go away $maxloops=MAX_LOOP; # maximum number of input lines before we exit anyway $progname="Generic.pl"; chdir "WORKING_DIR" || die "configuration error - please contact the site administrator\n"; # go to the right directory for this stuf require 'logging.pl'; require 'respond.pl'; require 'orders.pl'; # output right away $|=1; alarm($timeout); $ipadd=@ARGV[0];$port=@ARGV[1];$uid=@ARGV[2];$daemon=@ARGV[3];$user=@ARGV[4]; $realtime=0;$listenPID=$$;$con=1; $OurPort=$port; # for logging if (-x "/usr/bin/getpeername") {($otherport, $junk)=split(/\n/,`/usr/bin/getpeername`,2);} # get remote system's port else {$otherport='unknown';} if (-x "/usr/bin/getsockname") {($junk, $toIPaddr)=split(/\n/,`/usr/bin/getsockname`,2);chop($toIPaddr);} # get your system's IP address else {$toIPaddr='unknown';} $IN="$uid $daemon $user";LOG(); # always timeout if (!-e "$port.response") {die "configuration file error - please contact the site administrator\n";} # if no file, a generic error message open(File,";close(File); @XREF=grep('!^#',@tmp);@ORDERS=grep(/^!/,@XREF);DoOrders(); # get Xref and Orders $port=$otherport; # remote system logging # respond to the initial entry $what="START";$IN="START";RESPOND(STDOUT); $loopcount=0; # as long as we are alive, keep responding while ($continue ne "0") {alarm($timeout); $IN= ; ($what, $garbage)=split(" ",$IN,2); # chop($IN);chop($IN); if (length($what)<1) {$IN="TheyQuit";LOGON();exit;} LOGON(); $what=~y/A-Za-z0-9//cd; $what=~tr/A-Z/a-z/; if ($what eq "") {$what="NIL";} RESPOND(STDOUT); $loopcount=$loopcount+1; if ($loopcount > $maxloops) {$continue = "0";} } $IN="WeClose";LOGON(); exit; ====================================================================================== ---------------------------------------------