def handle(self, data, address): session = conpot_core.get_session( "bacnet", address[0], address[1], get_interface_ip(address[0]), self.server.server_port, ) logger.info("New Bacnet connection from %s:%d. (%s)", address[0], address[1], session.id) session.add_event({"type": "NEW_CONNECTION"}) # I'm not sure if gevent DatagramServer handles issues where the # received data is over the MTU -> fragmentation if data: pdu = PDU() pdu.pduData = bytearray(data) apdu = APDU() try: apdu.decode(pdu) except DecodingError: logger.warning("DecodingError - PDU: {}".format(pdu)) return self.bacnet_app.indication(apdu, address, self.thisDevice) # send an appropriate response from BACnet app to the attacker self.bacnet_app.response(self.bacnet_app._response, address) logger.info("Bacnet client disconnected %s:%d. (%s)", address[0], address[1], session.id)
def handle(self, data, address): session = conpot_core.get_session('bacnet', address[0], address[1]) logger.info('New Bacnet connection from %s:%d. (%s)', address[0], address[1], session.id) session.add_event({'type': 'NEW_CONNECTION'}) # I'm not sure if gevent DatagramServer handles issues where the # received data is over the MTU -> fragmentation if data: pdu = PDU() pdu.pduData = data apdu = APDU() npdu = NPDU() bvlpdu = BVLPDU() try: bvlpdu.decode(pdu) npdu.decode(bvlpdu) apdu.decode(npdu) except DecodingError as e: logger.error("DecodingError: %s", e) logger.error("PDU: " + format(pdu)) return self.bacnet_app.indication(apdu, address, self.thisDevice) self.bacnet_app.response(self.bacnet_app._response, npdu, bvlpdu, address) logger.info('Bacnet client disconnected %s:%d. (%s)', address[0], address[1], session.id)
def confirmation(self, pdu): if _debug: SnifferNode._debug("confirmation(%s) %r", self.name, pdu) # it's an NPDU npdu = NPDU() npdu.decode(pdu) # decode as a generic APDU apdu = APDU() apdu.decode(npdu) # "lift" the source and destination address if npdu.npduSADR: apdu.pduSource = npdu.npduSADR else: apdu.pduSource = npdu.pduSource if npdu.npduDADR: apdu.pduDestination = npdu.npduDADR else: apdu.pduDestination = npdu.pduDestination # make a more focused interpretation atype = apdu_types.get(apdu.apduType) if _debug: SnifferNode._debug(" - atype: %r", atype) xpdu = apdu apdu = atype() apdu.decode(xpdu) print(repr(apdu)) apdu.debug_contents() print("")
def handle(self, data, address): session = conpot_core.get_session('bacnet', address[0], address[1]) logger.info('New Bacnet connection from %s:%d. (%s)', address[0], address[1], session.id) session.add_event({'type': 'NEW_CONNECTION'}) # I'm not sure if gevent DatagramServer handles issues where the # received data is over the MTU -> fragmentation if data: pdu = PDU() pdu.pduData = data apdu = APDU() try: apdu.decode(pdu) except DecodingError as e: logger.error("DecodingError: %s", e) logger.error("PDU: " + format(pdu)) return self.bacnet_app.indication(apdu, address, self.thisDevice) self.bacnet_app.response(self.bacnet_app._response, address) logger.info('Bacnet client disconnected %s:%d. (%s)', address[0], address[1], session.id)
def handle(self, data, address): session = conpot_core.get_session('bacnet', address[0], address[1], get_interface_ip(address[0]), self.server.server_port) logger.info('New Bacnet connection from %s:%d. (%s)', address[0], address[1], session.id) session.add_event({'type': 'NEW_CONNECTION'}) # I'm not sure if gevent DatagramServer handles issues where the # received data is over the MTU -> fragmentation if data: pdu = PDU() pdu.pduData = bytearray(data) apdu = APDU() try: apdu.decode(pdu) except DecodingError: logger.warning("DecodingError - PDU: {}".format(pdu)) return self.bacnet_app.indication(apdu, address, self.thisDevice) # send an appropriate response from BACnet app to the attacker self.bacnet_app.response(self.bacnet_app._response, address) logger.info('Bacnet client disconnected %s:%d. (%s)', address[0], address[1], session.id)
def confirmation(self, pdu): if _debug: SnifferStateMachine._debug("confirmation(%s) %r", self.name, pdu) # it's an NPDU npdu = NPDU() npdu.decode(pdu) # filter out network layer traffic if there is any, probably not if npdu.npduNetMessage is not None: if _debug: SnifferStateMachine._debug(" - network message: %r", npdu.npduNetMessage) return # decode as a generic APDU apdu = APDU() apdu.decode(npdu) # "lift" the source and destination address if npdu.npduSADR: apdu.pduSource = npdu.npduSADR else: apdu.pduSource = npdu.pduSource if npdu.npduDADR: apdu.pduDestination = npdu.npduDADR else: apdu.pduDestination = npdu.pduDestination # make a more focused interpretation atype = apdu_types.get(apdu.apduType) if _debug: SnifferStateMachine._debug(" - atype: %r", atype) xpdu = apdu apdu = atype() apdu.decode(xpdu) if _debug: SnifferStateMachine._debug(" - apdu: %r", apdu) # pass to the state machine self.receive(apdu)
npdu.decode(pdu) if _debug: decode_packet._debug(" - npdu: %r", npdu) except Exception, err: if _debug: decode_packet._debug(" - decoding Error: %r", err) return None # application or network layer message if npdu.npduNetMessage is None: if _debug: decode_packet._debug( " - not a network layer message, try as an APDU") # decode as a generic APDU try: xpdu = APDU() xpdu.decode(npdu) if _debug: decode_packet._debug(" - xpdu: %r", xpdu) apdu = xpdu except Exception, err: if _debug: decode_packet._debug(" - decoding Error: %r", err) return npdu # "lift" the source and destination address if npdu.npduSADR: apdu.pduSource = npdu.npduSADR else: apdu.pduSource = npdu.pduSource if npdu.npduDADR: apdu.pduDestination = npdu.npduDADR else: apdu.pduDestination = npdu.pduDestination