def handle_syn(syn): dst = socket.inet_ntoa(syn.dst) if '127.0.0.1' == dst: return if dst not in pending_syn and dst not in domestic_zone and dst not in international_zone \ and not pending_connection.is_ip_pending(dst): pending_syn[dst] = time.time() for ip, sent_at in pending_syn.items(): elapsed_seconds = time.time() - sent_at if elapsed_seconds > 2: log_jamming_event(ip, 'syn packet drop') del pending_syn[ip] full_proxy_service.add_to_black_list(ip, syn=syn) return False return True
def handle_syn(syn): dst = socket.inet_ntoa(syn.dst) if '127.0.0.1' == dst: return if dst not in pending_syn and dst not in domestic_zone and dst not in international_zone \ and not pending_connection.is_ip_pending(dst): pending_syn[dst] = time.time() for ip, sent_at in pending_syn.items(): elapsed_seconds = time.time() - sent_at if elapsed_seconds > 3: log_jamming_event(ip, 'syn packet drop') del pending_syn[ip] full_proxy_service.add_to_black_list(ip, syn=syn) return False return True
def contains_wrong_answer(dns_packet): if dpkt.dns.DNS_A not in [question.type for question in dns_packet.qd]: return False # not answer to A question, might be PTR for answer in dns_packet.an: if dpkt.dns.DNS_A == answer.type: resolved_ip = socket.inet_ntoa(answer['rdata']) if resolved_ip in WRONG_ANSWERS: return True if 'plus.google.com' in dns_packet.domain and resolved_ip in GOOGLE_PLUS_WRONG_ANSWERS: return True else: domains[resolved_ip] = dns_packet.domain LOGGER.info('dns resolve: %s => %s' % (dns_packet.domain, resolved_ip)) if 'twitter.com' in dns_packet.domain: full_proxy_service.add_to_black_list(resolved_ip) return False # if the blacklist is incomplete, we will think it is right answer return True # to find empty answer
def contains_wrong_answer(dns_packet): if dpkt.dns.DNS_A not in [question.type for question in dns_packet.qd]: return False # not answer to A question, might be PTR for answer in dns_packet.an: if dpkt.dns.DNS_A == answer.type: resolved_ip = socket.inet_ntoa(answer['rdata']) if resolved_ip in WRONG_ANSWERS: return True if 'plus.google.com' in dns_packet.domain and resolved_ip in GOOGLE_PLUS_WRONG_ANSWERS: return True else: domains[resolved_ip] = dns_packet.domain LOGGER.info('dns resolve: %s => %s' % (dns_packet.domain, resolved_ip)) if 'twitter.com' in dns_packet.domain: full_proxy_service.add_to_black_list(resolved_ip) return False # if the blacklist is incomplete, we will think it is right answer return True # to find empty answer