def action(self, packet):
targetip = utils.bin_to_ip(packet.data.src)
targetport = 137
nbns_response = packet.data.data.data
nbns_response.op = 0x8500
# For each question, add an answer
for query in nbns_response.qd:
name = decode_name(query.name).rstrip()
address = self.getAddress(name)
if not address:
out.debug("%s: Skipped Query from %s for %s" % (self.getName(), targetip, name), 0)
continue
answer = NS.RR()
answer.name = query.name # We reinsert in encoded format
answer.type = query.type
answer.cls = query.cls
answer.ttl = 120 # Not very long TTL
answer.rlen = 6
answer.rdata = '\x00\x00' + utils.ip_to_bin(address) # 0x0000 is flags for Unique name + B-Node
nbns_response.an.append(answer)
nbns_response.qd = []
if len(nbns_response.an) == 0:
return False
# Response is a UDP packet with 137 source port and Query's IP+Port as destination
sock = socket(AF_INET, SOCK_DGRAM)
sock.bind(('0.0.0.0', targetport))
sock.sendto(str(nbns_response), (targetip, packet.data.data.sport))
sock.close()
for answer in nbns_response.an:
out.verbose("%s: \tResponse: %s - %s" % (self.getName(), decode_name(answer.name).rstrip(), utils.bin_to_ip(answer.rdata[2:])))
return True
def loadModules(self,modules):
out.debug("Started loading modules", 2)
# If no modules specified through command-line args, import
# all modules in modules directory.
if not modules:
modules = self.findModules()
for module in modules:
self.loadModule(module)
out.debug("Finished loading modules", 2)
def loadModule(self, name):
try:
f, pathname, desc = imp.find_module(name, [self.mod_dir])
except ImportError:
out.error("Couldn't find %s module." % name)
self.stop()
lm = imp.load_source(name, pathname)
module = [x for x in getmembers(lm) if x[0] == name][0][1]
out.debug("loaded module %s" % name, 0)
self.addModule(module)
def handlePackets(self, pktlen, data, timestamp):
# First, parse the packet
packet = self.parseData(data)
if not packet:
return False
# Then send it for each module's condition
for module in self.modules:
if module.condition(packet):
out.debug("%s module accepted new packet." % module.getName(), 1)
# TODO Dispatch to another thread
module.action(packet)
def action(self, packet):
targetip = utils.bin_to_ip(packet.data.src)
targetport = 5355
llmnr_response = packet.data.data.data
llmnr_response.op = 0x8000
# For each question, add an answer
for query in llmnr_response.qd:
address = self.getAddress(query.name, query.type)
if not address:
out.debug("%s: Skipped query from %s for %s" % (self.getName(), targetip, query.name), 0)
continue
answer = dpkt.dns.DNS.RR()
answer.name = query.name
answer.type = query.type
answer.cls = query.cls
answer.ttl = 30
if answer.type == dpkt.dns.DNS_A:
answer.rlen = 4
answer.rdata = utils.ip_to_bin(address)
elif answer.type == dpkt.dns.DNS_AAAA:
answer.rlen = 16
answer.rdata = utils.ip6_to_bin(address)
llmnr_response.an.append(answer)
if len(llmnr_response.an) == 0:
return False
# Response is a UDP packet with 5355 source port and Query's source port
# as destination port.
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.bind(('0.0.0.0', targetport))
sock.sendto(str(llmnr_response), (targetip, packet.data.data.sport))
sock.close()
for answer in llmnr_response.an:
if answer.type == dpkt.dns.DNS_A:
out.verbose("%s: \tResponse: %s - %s" % (self.getName(), answer.name, utils.bin_to_ip(answer.rdata)))
elif answer.type == dpkt.dns.DNS_AAAA:
out.verbose("%s: \tResponse: %s - %s" % (self.getName(), answer.name, utils.bin_to_ip6(answer.rdata)))
return True
def __init__(self, interface):
self.interface = interface
self.loadConfig()
out.debug("Initialized " + self.getName() + " module", 2)
