def check_UDP_probe(pkt, nfq_packet, os_pattern):
"""
Identify the UDP based probe
and reply with a faked reply if needed
"""
if pkt[IP].id == 0x1042 and pkt[UDP].payload.load[0] == "C" and pkt[
UDP].payload.load[1] == "C" and pkt[UDP].payload.load[2] == "C":
drop_packet(nfq_packet)
if os_pattern.PROBES_2_SEND["U1"]:
# create reply packet (ICMP port unreachable)
# ICMP type = 3 =^ destination unreable
ICMP_type = 3
send_ICMP_reply(pkt, ICMP_type, os_pattern,
os_pattern.TCP_OPTIONS['U1'])
# print "U1 Probe"
else:
forward_packet(nfq_packet)
def check_ICMP_probes(pkt, nfq_packet, os_pattern):
"""
Identify the ICMP based probes
and reply with a faked packet if needed
"""
if pkt[ICMP].type is 8:
# Probe 1 + 2
if (pkt[ICMP].seq == 295 and pkt[IP].flags == 0x02 and len(pkt[ICMP].payload) == 120) or (pkt[ICMP].seq == 296 and pkt[IP].tos == 0x04 and len(pkt[ICMP].payload) == 150):
drop_packet(nfq_packet)
if os_pattern.PROBES_2_SEND["IE"]:
# ICMP type = 0 =^ echo reply
ICMP_type = 0
send_ICMP_reply(pkt, ICMP_type, os_pattern, os_pattern.TCP_OPTIONS['IE'])
# print "IE Probe"
else:
forward_packet(nfq_packet)
else:
forward_packet(nfq_packet)
def check_TCP_probes(pkt, nfq_packet, os_pattern, session, debug):
# Check TCP Probes
# Check if the packet is a probe and if a reply should be sent
# SEQ, OPS, WIN, and T1 - Sequence generation
# 6 Probes sent
if check_TCP_Nmap_match(pkt, nfq_packet, NMAP_PROBE_TCP_OPTION['P1'], NMAP_PROBE_TCP_ATTR['P1']):
if os_pattern.PROBES_2_SEND['P1']:
check_in_session(session, pkt.src, debug)
send_TCP_reply(pkt, os_pattern, os_pattern.TCP_OPTIONS['P1'], os_pattern.TCP_FLAGS['SEQ'], os_pattern.IP_ID_TI_CNT)
# print "TCP Probe #1"
elif check_TCP_Nmap_match(pkt, nfq_packet, NMAP_PROBE_TCP_OPTION['P2'], NMAP_PROBE_TCP_ATTR['P2']):
if os_pattern.PROBES_2_SEND['P2']:
check_in_session(session, pkt.src, debug)
send_TCP_reply(pkt, os_pattern, os_pattern.TCP_OPTIONS['P2'], os_pattern.TCP_FLAGS['SEQ'], os_pattern.IP_ID_TI_CNT)
# print "TCP Probe #2"
elif check_TCP_Nmap_match(pkt, nfq_packet, NMAP_PROBE_TCP_OPTION['P3'], NMAP_PROBE_TCP_ATTR['P3']):
if os_pattern.PROBES_2_SEND['P3']:
check_in_session(session, pkt.src, debug)
send_TCP_reply(pkt, os_pattern, os_pattern.TCP_OPTIONS['P3'], os_pattern.TCP_FLAGS['SEQ'], os_pattern.IP_ID_TI_CNT)
# print "TCP Probe #3"
elif check_TCP_Nmap_match(pkt, nfq_packet, NMAP_PROBE_TCP_OPTION['P4'], NMAP_PROBE_TCP_ATTR['P4']):
if os_pattern.PROBES_2_SEND['P4']:
check_in_session(session, pkt.src, debug)
send_TCP_reply(pkt, os_pattern, os_pattern.TCP_OPTIONS['P4'], os_pattern.TCP_FLAGS['SEQ'], os_pattern.IP_ID_TI_CNT)
# print "TCP Probe #4"
elif check_TCP_Nmap_match(pkt, nfq_packet, NMAP_PROBE_TCP_OPTION['P5'], NMAP_PROBE_TCP_ATTR['P5']):
if os_pattern.PROBES_2_SEND['P5']:
check_in_session(session, pkt.src, debug)
send_TCP_reply(pkt, os_pattern, os_pattern.TCP_OPTIONS['P5'], os_pattern.TCP_FLAGS['SEQ'], os_pattern.IP_ID_TI_CNT)
# print "TCP Probe #5"
elif check_TCP_Nmap_match(pkt, nfq_packet, NMAP_PROBE_TCP_OPTION['P6'], NMAP_PROBE_TCP_ATTR['P6']):
if os_pattern.PROBES_2_SEND['P6']:
check_in_session(session, pkt.src, debug)
send_TCP_reply(pkt, os_pattern, os_pattern.TCP_OPTIONS['P6'], os_pattern.TCP_FLAGS['SEQ'], os_pattern.IP_ID_TI_CNT)
# print "TCP Probe #6"
# ECN
elif check_TCP_Nmap_match(pkt, nfq_packet, NMAP_PROBE_TCP_OPTION['ECN'], NMAP_PROBE_TCP_ATTR['ECN'],):
if os_pattern.PROBES_2_SEND['ECN']:
check_in_session(session, pkt.src, debug)
send_TCP_reply(pkt, os_pattern, os_pattern.TCP_OPTIONS['ECN'], os_pattern.TCP_FLAGS['ECN'], os_pattern.IP_ID_TI_CNT, ECN_URGT_PTR)
# print "TCP Probe #ECN"
# T2-T7
elif check_TCP_Nmap_match(pkt, nfq_packet, NMAP_PROBE_TCP_OPTION['T2-T6'], NMAP_PROBE_TCP_ATTR['T2'], NMAP_PROBE_IP_ATTR['T2']):
if os_pattern.PROBES_2_SEND['T2']:
check_in_session(session, pkt.src, debug)
send_TCP_reply(pkt, os_pattern, os_pattern.TCP_OPTIONS['T2'], os_pattern.TCP_FLAGS['T2'], 0, os_pattern.TCP_SEQ_NR['T2'], os_pattern.TCP_ACK_NR['T2'])
# print "TCP Probe #T2"
elif check_TCP_Nmap_match(pkt, nfq_packet, NMAP_PROBE_TCP_OPTION['T2-T6'], NMAP_PROBE_TCP_ATTR['T3']):
if os_pattern.PROBES_2_SEND['T3']:
check_in_session(session, pkt.src, debug)
send_TCP_reply(pkt, os_pattern, os_pattern.TCP_OPTIONS['T3'], os_pattern.TCP_FLAGS['T3'], 0, os_pattern.TCP_SEQ_NR['T3'], os_pattern.TCP_ACK_NR['T3'])
# print "TCP Probe #T3"
elif check_TCP_Nmap_match(pkt, nfq_packet, NMAP_PROBE_TCP_OPTION['T2-T6'], NMAP_PROBE_TCP_ATTR['T4'], NMAP_PROBE_IP_ATTR['T4']):
if os_pattern.PROBES_2_SEND['T4']:
check_in_session(session, pkt.src, debug)
send_TCP_reply(pkt, os_pattern, os_pattern.TCP_OPTIONS['T4'], os_pattern.TCP_FLAGS['T4'], 0, os_pattern.TCP_SEQ_NR['T4'], os_pattern.TCP_ACK_NR['T4'])
# print "TCP Probe #T4"
elif check_TCP_Nmap_match(pkt, nfq_packet, NMAP_PROBE_TCP_OPTION['T2-T6'], NMAP_PROBE_TCP_ATTR['T5']):
if os_pattern.PROBES_2_SEND['T5']:
check_in_session(session, pkt.src, debug)
send_TCP_reply(pkt, os_pattern, os_pattern.TCP_OPTIONS['T5'], os_pattern.TCP_FLAGS['T5'], os_pattern.IP_ID_CI_CNT, os_pattern.TCP_SEQ_NR['T5'], os_pattern.TCP_ACK_NR['T5'])
# print "TCP Probe #T5"
elif check_TCP_Nmap_match(pkt, nfq_packet, NMAP_PROBE_TCP_OPTION['T2-T6'], NMAP_PROBE_TCP_ATTR['T6'], NMAP_PROBE_IP_ATTR['T6']):
if os_pattern.PROBES_2_SEND['T6']:
check_in_session(session, pkt.src, debug)
send_TCP_reply(pkt, os_pattern, os_pattern.TCP_OPTIONS['T6'], os_pattern.TCP_FLAGS['T6'], os_pattern.IP_ID_CI_CNT, os_pattern.TCP_SEQ_NR['T6'], os_pattern.TCP_ACK_NR['T6'])
# print "TCP Probe #T6"
elif check_TCP_Nmap_match(pkt, nfq_packet, NMAP_PROBE_TCP_OPTION['T7'], NMAP_PROBE_TCP_ATTR['T7']):
if os_pattern.PROBES_2_SEND['T7']:
check_in_session(session, pkt.src, debug)
send_TCP_reply(pkt, os_pattern, os_pattern.TCP_OPTIONS['T7'], os_pattern.TCP_FLAGS['T7'], os_pattern.IP_ID_CI_CNT, os_pattern.TCP_SEQ_NR['T7'], os_pattern.TCP_ACK_NR['T7'])
# print "TCP Probe #T7"
else:
forward_packet(nfq_packet)