def check_ICMP_probes(pkt, nfq_packet, os_pattern):
"""
Identify the ICMP based probes
and reply with a faked packet if needed
"""
if pkt[ICMP].type is 8:
# Probe 1 + 2
if (pkt[ICMP].seq == 295 and pkt[IP].flags == 0x02 and len(pkt[ICMP].payload) == 120) or (pkt[ICMP].seq == 296 and pkt[IP].tos == 0x04 and len(pkt[ICMP].payload) == 150):
drop_packet(nfq_packet)
if os_pattern.PROBES_2_SEND["IE"]:
# ICMP type = 0 =^ echo reply
ICMP_type = 0
send_ICMP_reply(pkt, ICMP_type, os_pattern, os_pattern.TCP_OPTIONS['IE'])
# print "IE Probe"
else:
forward_packet(nfq_packet)
else:
forward_packet(nfq_packet)
def check_UDP_probe(pkt, nfq_packet, os_pattern):
"""
Identify the UDP based probe
and reply with a faked reply if needed
"""
if pkt[IP].id == 0x1042 and pkt[UDP].payload.load[0] == "C" and pkt[
UDP].payload.load[1] == "C" and pkt[UDP].payload.load[2] == "C":
drop_packet(nfq_packet)
if os_pattern.PROBES_2_SEND["U1"]:
# create reply packet (ICMP port unreachable)
# ICMP type = 3 =^ destination unreable
ICMP_type = 3
send_ICMP_reply(pkt, ICMP_type, os_pattern,
os_pattern.TCP_OPTIONS['U1'])
# print "U1 Probe"
else:
forward_packet(nfq_packet)
def check_TCP_Nmap_match(pkt,
nfq_packet,
INPUT_TCP_OPTIONS,
EXPECTED_TCP_flags,
IP_flags="no",
urgt_ptr=0):
"""
Check if the packet is a Nmap probe
IPflags and urgt_ptr are optional
return 1 if packet is a Nmap probe
"""
# print pkt[TCP]
if pkt[TCP].window == EXPECTED_TCP_flags['WSZ'] and pkt[
TCP].flags == EXPECTED_TCP_flags['FLGS'] and pkt[
TCP].options == INPUT_TCP_OPTIONS:
if IP_flags == "no":
if urgt_ptr == 0:
drop_packet(nfq_packet)
return 1
elif pkt[TCP].urgptr == ECN_URGT_PTR:
drop_packet(nfq_packet)
return 1
elif pkt[IP].flags == IP_flags['FLGS']:
drop_packet(nfq_packet)
return 1
return 0