def check_ICMP_probes(pkt, nfq_packet, os_pattern): """ Identify the ICMP based probes and reply with a faked packet if needed """ if pkt[ICMP].type is 8: # Probe 1 + 2 if (pkt[ICMP].seq == 295 and pkt[IP].flags == 0x02 and len(pkt[ICMP].payload) == 120) or (pkt[ICMP].seq == 296 and pkt[IP].tos == 0x04 and len(pkt[ICMP].payload) == 150): drop_packet(nfq_packet) if os_pattern.PROBES_2_SEND["IE"]: # ICMP type = 0 =^ echo reply ICMP_type = 0 send_ICMP_reply(pkt, ICMP_type, os_pattern, os_pattern.TCP_OPTIONS['IE']) # print "IE Probe" else: forward_packet(nfq_packet) else: forward_packet(nfq_packet)
def check_UDP_probe(pkt, nfq_packet, os_pattern): """ Identify the UDP based probe and reply with a faked reply if needed """ if pkt[IP].id == 0x1042 and pkt[UDP].payload.load[0] == "C" and pkt[ UDP].payload.load[1] == "C" and pkt[UDP].payload.load[2] == "C": drop_packet(nfq_packet) if os_pattern.PROBES_2_SEND["U1"]: # create reply packet (ICMP port unreachable) # ICMP type = 3 =^ destination unreable ICMP_type = 3 send_ICMP_reply(pkt, ICMP_type, os_pattern, os_pattern.TCP_OPTIONS['U1']) # print "U1 Probe" else: forward_packet(nfq_packet)
def check_TCP_Nmap_match(pkt, nfq_packet, INPUT_TCP_OPTIONS, EXPECTED_TCP_flags, IP_flags="no", urgt_ptr=0): """ Check if the packet is a Nmap probe IPflags and urgt_ptr are optional return 1 if packet is a Nmap probe """ # print pkt[TCP] if pkt[TCP].window == EXPECTED_TCP_flags['WSZ'] and pkt[ TCP].flags == EXPECTED_TCP_flags['FLGS'] and pkt[ TCP].options == INPUT_TCP_OPTIONS: if IP_flags == "no": if urgt_ptr == 0: drop_packet(nfq_packet) return 1 elif pkt[TCP].urgptr == ECN_URGT_PTR: drop_packet(nfq_packet) return 1 elif pkt[IP].flags == IP_flags['FLGS']: drop_packet(nfq_packet) return 1 return 0