def handle(self, data, address):
session = conpot_core.get_session(
"bacnet",
address[0],
address[1],
get_interface_ip(address[0]),
self.server.server_port,
)
logger.info("New Bacnet connection from %s:%d. (%s)", address[0],
address[1], session.id)
session.add_event({"type": "NEW_CONNECTION"})
# I'm not sure if gevent DatagramServer handles issues where the
# received data is over the MTU -> fragmentation
if data:
pdu = PDU()
pdu.pduData = bytearray(data)
apdu = APDU()
try:
apdu.decode(pdu)
except DecodingError:
logger.warning("DecodingError - PDU: {}".format(pdu))
return
self.bacnet_app.indication(apdu, address, self.thisDevice)
# send an appropriate response from BACnet app to the attacker
self.bacnet_app.response(self.bacnet_app._response, address)
logger.info("Bacnet client disconnected %s:%d. (%s)", address[0],
address[1], session.id)
def handle(self, data, address):
session = conpot_core.get_session('bacnet', address[0], address[1])
logger.info('New Bacnet connection from %s:%d. (%s)', address[0],
address[1], session.id)
session.add_event({'type': 'NEW_CONNECTION'})
# I'm not sure if gevent DatagramServer handles issues where the
# received data is over the MTU -> fragmentation
if data:
pdu = PDU()
pdu.pduData = data
apdu = APDU()
npdu = NPDU()
bvlpdu = BVLPDU()
try:
bvlpdu.decode(pdu)
npdu.decode(bvlpdu)
apdu.decode(npdu)
except DecodingError as e:
logger.error("DecodingError: %s", e)
logger.error("PDU: " + format(pdu))
return
self.bacnet_app.indication(apdu, address, self.thisDevice)
self.bacnet_app.response(self.bacnet_app._response, npdu, bvlpdu,
address)
logger.info('Bacnet client disconnected %s:%d. (%s)', address[0],
address[1], session.id)
def confirmation(self, pdu):
if _debug: SnifferNode._debug("confirmation(%s) %r", self.name, pdu)
# it's an NPDU
npdu = NPDU()
npdu.decode(pdu)
# decode as a generic APDU
apdu = APDU()
apdu.decode(npdu)
# "lift" the source and destination address
if npdu.npduSADR:
apdu.pduSource = npdu.npduSADR
else:
apdu.pduSource = npdu.pduSource
if npdu.npduDADR:
apdu.pduDestination = npdu.npduDADR
else:
apdu.pduDestination = npdu.pduDestination
# make a more focused interpretation
atype = apdu_types.get(apdu.apduType)
if _debug: SnifferNode._debug(" - atype: %r", atype)
xpdu = apdu
apdu = atype()
apdu.decode(xpdu)
print(repr(apdu))
apdu.debug_contents()
print("")
def handle(self, data, address):
session = conpot_core.get_session('bacnet', address[0], address[1])
logger.info('New Bacnet connection from %s:%d. (%s)', address[0], address[1], session.id)
session.add_event({'type': 'NEW_CONNECTION'})
# I'm not sure if gevent DatagramServer handles issues where the
# received data is over the MTU -> fragmentation
if data:
pdu = PDU()
pdu.pduData = data
apdu = APDU()
try:
apdu.decode(pdu)
except DecodingError as e:
logger.error("DecodingError: %s", e)
logger.error("PDU: " + format(pdu))
return
self.bacnet_app.indication(apdu, address, self.thisDevice)
self.bacnet_app.response(self.bacnet_app._response, address)
logger.info('Bacnet client disconnected %s:%d. (%s)', address[0], address[1], session.id)
def handle(self, data, address):
session = conpot_core.get_session('bacnet', address[0], address[1], get_interface_ip(address[0]), self.server.server_port)
logger.info('New Bacnet connection from %s:%d. (%s)', address[0], address[1], session.id)
session.add_event({'type': 'NEW_CONNECTION'})
# I'm not sure if gevent DatagramServer handles issues where the
# received data is over the MTU -> fragmentation
if data:
pdu = PDU()
pdu.pduData = bytearray(data)
apdu = APDU()
try:
apdu.decode(pdu)
except DecodingError:
logger.warning("DecodingError - PDU: {}".format(pdu))
return
self.bacnet_app.indication(apdu, address, self.thisDevice)
# send an appropriate response from BACnet app to the attacker
self.bacnet_app.response(self.bacnet_app._response, address)
logger.info('Bacnet client disconnected %s:%d. (%s)', address[0], address[1], session.id)
def confirmation(self, pdu):
if _debug:
SnifferStateMachine._debug("confirmation(%s) %r", self.name, pdu)
# it's an NPDU
npdu = NPDU()
npdu.decode(pdu)
# filter out network layer traffic if there is any, probably not
if npdu.npduNetMessage is not None:
if _debug:
SnifferStateMachine._debug(" - network message: %r",
npdu.npduNetMessage)
return
# decode as a generic APDU
apdu = APDU()
apdu.decode(npdu)
# "lift" the source and destination address
if npdu.npduSADR:
apdu.pduSource = npdu.npduSADR
else:
apdu.pduSource = npdu.pduSource
if npdu.npduDADR:
apdu.pduDestination = npdu.npduDADR
else:
apdu.pduDestination = npdu.pduDestination
# make a more focused interpretation
atype = apdu_types.get(apdu.apduType)
if _debug: SnifferStateMachine._debug(" - atype: %r", atype)
xpdu = apdu
apdu = atype()
apdu.decode(xpdu)
if _debug: SnifferStateMachine._debug(" - apdu: %r", apdu)
# pass to the state machine
self.receive(apdu)
npdu.decode(pdu)
if _debug: decode_packet._debug(" - npdu: %r", npdu)
except Exception, err:
if _debug: decode_packet._debug(" - decoding Error: %r", err)
return None
# application or network layer message
if npdu.npduNetMessage is None:
if _debug:
decode_packet._debug(
" - not a network layer message, try as an APDU")
# decode as a generic APDU
try:
xpdu = APDU()
xpdu.decode(npdu)
if _debug: decode_packet._debug(" - xpdu: %r", xpdu)
apdu = xpdu
except Exception, err:
if _debug: decode_packet._debug(" - decoding Error: %r", err)
return npdu
# "lift" the source and destination address
if npdu.npduSADR:
apdu.pduSource = npdu.npduSADR
else:
apdu.pduSource = npdu.pduSource
if npdu.npduDADR:
apdu.pduDestination = npdu.npduDADR
else:
apdu.pduDestination = npdu.pduDestination
