Thread: port knocking

  1. #1
    Registered User
    Join Date
    Jan 2010
    Posts
    1

    Question port knocking

    Code:
     /*------------------------------- daemon.c---------------------------------------------------*/
    
    
    #include "baca.h"
    #include "apprList.h"
    #include "list.h"
    #include <unistd.h>
    #include <stdio.h>
    #include <stdlib.h>
    
    
    #include <sys/types.h>
    
    #include <string.h>
    #define list_H
    
    #define APPRLIST_H
    
    #define H_LinkedListType
    
    
    
    
    
    
    
    const int Header_Seq[3] = {610,400,503};
    const int Footer_Seq[3] = {606,505,402};
    const int SSH_Seq[5] = {402,504,505,402,503};
    const int ftp_Seq[5] = {402,607,400,401,400};
    const int maxTime = 300; //waktu ketukan harus di bawah 5 menit
    
    char *const init1[10] = {" \0","-A\0", "INPUT\0","-p\0", "tcp\0", "--dport\0", "400:402\0", "-j\0","LOG\0",NULL};
    char *const init2[10] = {" \0","-A\0", "INPUT\0","-p\0", "udp\0", "--dport\0", "400:402\0", "-j\0","LOG\0",NULL};
    char *const init3[10] = {" \0","-A\0", "INPUT\0","-p\0", "tcp\0", "--dport\0", "503:505\0", "-j\0","LOG\0",NULL};
    char *const init4[10] = {" \0","-A\0", "INPUT\0","-p\0", "udp\0", "--dport\0", "503:505\0", "-j\0","LOG\0",NULL};
    char *const init5[10] = {" \0","-A\0", "INPUT\0","-p\0", "tcp\0", "--dport\0", "606:610\0", "-j\0","LOG\0",NULL};
    char *const init6[10] = {" \0","-A\0", "INPUT\0","-p\0", "udp\0", "--dport\0", "606:610\0", "-j\0","LOG\0",NULL};
    char *const drop[6] = {" \0","-A\0", "INPUT\0","-j\0", "DROP\0",NULL};
    char *const flush[3] = {" \0","-F\0",NULL};
    
    Apprlist LogApproved = NULL;
    
    
    int filterLog(Log_struct filterIn)
    /*mengembalikan nilai 1 apabila lolos filter dan 0 apabila tidak*/
    {
    	time_t now;
    	time_t filterTemp = filterIn.waktu;
    	time(&now);
    
    	if (difftime(now,filterTemp)<3600)
    		return 1;
    	else
    		return 0;
    }
    
    void execCmd(char *cmd, char *const argv[])
    {
    	//char *arg[1] = {"-A INPUT -p tcp --dport 400:403 -j LOG"};
    	/*char *arg[10] = {" \0","-A\0", "INPUT\0","-p\0", "tcp\0", "--dport\0", "400:403\0", "-j\0","LOG\0",NULL};
    	char *arg2[10] = {" \0","-A\0", "INPUT\0","-p\0", "udp\0", "--dport\0", "400:403\0", "-j\0","LOG\0",NULL};*/
    	int pid;
    	
    	pid = fork();
    
    	if (pid == 0)
    	{
    		execvp (cmd,argv);
    	}
    	else
    	{
    		wait();
    	}
    }
    
    List readLog()
    {
    
    	FILE *filein;
    	char *line = (char *) malloc (sizeof (char));
    	char *token;
    	Log_struct test;
    	List newList = NULL;
    
    	filein = fopen("/var/log/syslog","r");
    
    	while (feof(filein) == 0)
    	{
    		do
    		{
    			free (line);
    			line = readln(filein);
    		}
    		while ((locate(line)== 0) && (feof(filein) == 0));
    		
    		if (strlen(line) > 0)
    		{
    			test = Extract(line);
    			if ((filterLog(test) != 0) &&                                                                                                (SearchData(newList,test.Src_IP,test.Des_IP,test.MAC_SRC,test.MAC_DES,test.waktu,test.ID,test.Src_Port,test.Des_Port) == 0))
    		{
    
    			newList = InsertData
    (newList,test.Src_IP,test.Des_IP,test.MAC_SRC,test.MAC_DES,test.waktu,
    			test.ID,test.Src_Port,test.Des_Port);
    		}
    	}
    }
    
    fclose(filein);
    
    //PrintList(newList);
    
    
    return newList;
    
    }
    
    int compSublArr(Sublist *SubCheck, const int ArrCheck[], int SizeArr,time_t *wktAwal, time_t *wktAkhir)
    /*Mengembalikan nilai 0 bila ketukan tidak sesuai dan 1 bila sesuai*/
    {
    	int count = 0;
    	int hasil = 1;
    	Sublist pointer = (*SubCheck);
    	
    	if (panjangSublist(pointer) < SizeArr)
    	{
    		// sublist tidak cukup panjang
    		//printf("Sublist tidak cukup panjang\n");
    		(*SubCheck) = NULL;
    		return 0;
    }
    
    else
    {
    	while ((hasil == 1) && (count < SizeArr))
    	{
    		
    		if (pointer == NULL)
    			hasil = 0;
    		else
    		{
    			if (count == 1)
    				*wktAwal = (*pointer).Waktu;
    			if (count == (SizeArr-1))
    				*wktAkhir = (*pointer).Waktu;
    
    			//printf("%d == %d\n",(*pointer).Des_Port,ArrCheck[count]);
    			if((*pointer).Des_Port == ArrCheck[count])
    			{
    
    				count++;
    				pointer = (*pointer).next;
    			}
    			else
    				hasil = 0;
    		}
    	}
    
    	if (hasil == 1)
    		(*SubCheck) = pointer;
    	//printf("hasil CompSubArr = %d\n\n",hasil);
    	return hasil;
    	}
    }
    
    int checkSeq(Sublist *seqList, time_t *waktu_Akhir)
    /*mengembalikan nilai -1 apabila sequence tidak sesuai dan nilai port bila sesuai untuk IP dan MAC
    tertentu*/
    {
    
    	time_t waktuAwal,waktuAkhir, awal, akhir;
    	Sublist FirstSeq = (*seqList);
    	Sublist tempFirstSeq;
    	
    	while (FirstSeq != NULL)
    	{
    
    		//printf("Before SearchDesPort\n");
    		FirstSeq = SearchDesPort(FirstSeq,610);
    		//printf("After SearchDesPort\n");
    
    	if (FirstSeq != NULL)
    	{
    		if (compSublArr(&FirstSeq, Header_Seq, 3, &waktuAwal, &waktuAkhir) == 1)
    
    		{
    			//printf("Header cocok\n");
    			awal = waktuAwal;
    			tempFirstSeq = FirstSeq;
    			if (compSublArr(&FirstSeq, SSH_Seq, 5, &waktuAwal,&waktuAkhir) == 1)
    		{
    
    			//printf("SSH cocok\n");
    			if (compSublArr(&FirstSeq, Footer_Seq, 3, &waktuAwal,&waktuAkhir) == 1)
    			{
    
    			//printf("Footer cocok\n");
    			akhir = waktuAkhir;
    			if(difftime(akhir,awal) <= maxTime)
    			{
    				(*seqList) = FirstSeq;
    				(*waktu_Akhir) = akhir;
    				return 22;
    			}
    		}
    	}					
    	else if (compSublArr(&tempFirstSeq, ftp_Seq, 5, &waktuAwal,&waktuAkhir) == 1)
    	
    	{
    		//printf("ftp cocok\n");
    		if (compSublArr(&tempFirstSeq, Footer_Seq, 3,&waktuAwal, &waktuAkhir) == 1)	
    
    		{
    			//printf("Footer cocok\n");
    			akhir = waktuAkhir;
    			if(difftime(akhir,awal) <= maxTime)
    		{
    
    			(*seqList) = tempFirstSeq;
    			(*waktu_Akhir) = akhir;
    
    					return 21;
    				}
    			}
    			FirstSeq = tempFirstSeq;
    
    		}
    	}
    	if (FirstSeq != NULL)
    		FirstSeq = (*FirstSeq).next;
    
    	}
    }
    	(*seqList) = FirstSeq;
    	return -1;
    }
    
    void PortAction(int Action,char *IP_Act,char *MAC_Act,int Port_Act)
    {
    
    	if(Action == 1)
    	{
    
    		if (Port_Act == 22)
    		{
    			char *openPrt22[12]={" \0","-I\0", "INPUT\0","-s\0",IP_Act,
    				"-p\0", "tcp\0","--dport\0", "22\0", "-j\0", "ACCEPT\0",NULL};
    			execCmd("iptables",openPrt22);
    		}
    
    		else if (Port_Act == 21)
    		{
    			char *openPrt21[12]={" \0","-I\0", "INPUT\0","-s\0",IP_Act,
    				"-p\0", "tcp\0","--dport\0", "21\0", "-j\0", "ACCEPT\0",NULL};
    			execCmd("iptables",openPrt21);
    		}
    	}
    	else
    	{
    	if (Port_Act == 22)
    	{
    		char *openPrt22[12]={" \0","-D\0", "INPUT\0","-s\0",IP_Act,
    		"-p\0", "tcp\0","--dport\0", "22\0", "-j\0", "ACCEPT\0",
    		NULL};
    		execCmd("iptables",openPrt22);
    	}
    
    	else if (Port_Act == 21)
    	{
    		char *openPrt21[12]={" \0","-D\0", "INPUT\0","-s\0",IP_Act,
    			"-p\0", "tcp\0","--dport\0", "21\0", "-j\0", "ACCEPT\0",
    			NULL};
    		execCmd("iptables",openPrt21);
    		}
    	}
    }
    
    void traceSurf(List logList)
    {
    	List point = logList;
    	Sublist pointChild;
    	int hasil;
    	time_t sekarang, waktuAkhir;
    
    	while (point != NULL)
    	{
    		pointChild = (*point).child;
    		while (pointChild != NULL)
    		{
    			hasil = checkSeq(&pointChild,&waktuAkhir);
    			//printf("hasil = %d\n",hasil);
    			if (hasil > 0)
    			{
    			Apprlist srcRes;
    			if ((srcRes = SearchApprlist(LogApproved,(*point).Src_IP,(*point).Src_MAC,hasil)) == NULL)
    			{
    				printf("Buka port %d untuk IP %s \n", hasil,(*point).Src_IP);
    				
    				PortAction(1,(*point).Src_IP,(*point).Src_MAC,hasil);
    				if (LogApproved != NULL)
    
    				InsertLastApprlist(LogApproved,createElmtApprlist(waktuAkhir,(*point).Src_IP,(*point).Src_MAC,hasil));
    
    			else	
    				LogApproved = createElmtApprlist(waktuAkhir,(*point).Src_IP,(*point).Src_MAC,hasil);
    			}
    			else
    			{
    			//printf("waktuAkhir = %s",ctime(&waktuAkhir));
    			//printf("waktuApprove = %s",ctime(&((*srcRes).Waktu)));
    
    			//printf("Selisih = %f\n",difftime(waktuAkhir,(*srcRes).Waktu));
    			if (difftime(waktuAkhir,(*srcRes).Waktu)>0.0)
    			{
    				if ((*srcRes).Stat == 1)
    				{
    				
    				// Port sudah dibuka, sekarang ditutup
    				printf("Tutup port %d untuk IP %s \n",
    				hasil,(*point).Src_IP);
    
    				(*srcRes).Stat = 0;
    				(*srcRes).Waktu = waktuAkhir;
    				PortAction(0,(*point).Src_IP,(*point).Src_MAC,hasil);
    				}
    				else
    				{
    					// Port sudah ditutup, sekarang dibuka kembali
    					
    					printf("Buka kembali port %d untuk IP %s \n",hasil,(*point).Src_IP);
    				(*srcRes).Stat = 1;
    				(*srcRes).Waktu = waktuAkhir;
    				PortAction(1,(*point).Src_IP,(*point).Src_MAC,hasil);
    
    					}
    				}
    			}
    		}
    	}
    	point = (*point).next;
    	}
    }
    
    
    int main()
    {
    	time_t now;
    	
    	List logList = NULL;
    	execCmd("iptables",flush);
    	execCmd("iptables",init1);
    	execCmd("iptables",init2);
    	execCmd("iptables",init3);
    	execCmd("iptables",init4);
    	execCmd("iptables",init5);
    	execCmd("iptables",init5);
    	execCmd("iptables",drop);
    	//printf("After execCmd\n");
    	for (;;)
    	{
    		time(&now);
    		logList = readLog();
    		PrintList(logList);
    		//printf("Before trace\n");
    		traceSurf(logList);
    		printf("LogApproved\n----------------------------------------\n");
    		PrintApprlist(LogApproved);
    		//printf("Before destroy\n");
    		DestroyList (logList);
    		//printf("After destroy\n");
    		logList = NULL;
    		printf("%s----------------------------------------\n1 cycle of ReadLog\n",ctime(&now));
    		sleep(1);
    	}
    	return 0;
    }

    /tmp/cc714v8D.o: In function `readLog':
    daemon.c.text+0x1a0): undefined reference to `SearchData'
    daemon.c.text+0x1f3): undefined reference to `InsertData'
    /tmp/cc714v8D.o: In function `compSublArr':
    daemon.c.text+0x249): undefined reference to `panjangSublist'
    /tmp/cc714v8D.o: In function `main':
    daemon.c.text+0x9b5): undefined reference to `PrintList'
    daemon.c.text+0x9e6): undefined reference to `DestroyList'
    collect2: ld returned 1 exit status

    help me? Please

  2. #2
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  3. #3
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,656
    Why does it look like "Here's some code I downloaded off the net, please make it work for me"?
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  4. #4
    Registered User jeffcobb's Avatar
    Join Date
    Dec 2009
    Location
    Henderson, NV
    Posts
    875
    Quote Originally Posted by Salem View Post
    Why does it look like "Here's some code I downloaded off the net, please make it work for me"?
    ...prolly because it is...
    C/C++ Environment: GNU CC/Emacs
    Make system: CMake
    Debuggers: Valgrind/GDB

  5. #5
    Registered User jeffcobb's Avatar
    Join Date
    Dec 2009
    Location
    Henderson, NV
    Posts
    875
    Also, what language is this? I don't mean C, I mean the text....
    C/C++ Environment: GNU CC/Emacs
    Make system: CMake
    Debuggers: Valgrind/GDB

  6. #6
    Registered User
    Join Date
    Sep 2004
    Location
    California
    Posts
    3,268
    Indonesian I think.
    bit∙hub [bit-huhb] n. A source and destination for information.

  7. #7
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Quote Originally Posted by bithub View Post
    Indonesian I think.
    Bagaimana Bertanya Dengan Cerdas

    http://bulsara.host.sk/index.php?p=2005
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Comodo Firewall Vulnerability (Port 0)
    By Mario F. in forum Tech Board
    Replies: 0
    Last Post: 11-11-2009, 08:56 AM
  2. FTP program
    By jakemott in forum Linux Programming
    Replies: 14
    Last Post: 10-06-2008, 01:58 PM
  3. brace-enclosed error
    By jdc18 in forum C++ Programming
    Replies: 53
    Last Post: 05-03-2007, 05:49 PM
  4. Segmentation Fault - Trying to access parallel port
    By tvsinesperanto in forum C Programming
    Replies: 3
    Last Post: 05-24-2006, 03:28 AM
  5. DOS, Serial, and Touch Screen
    By jon_nc17 in forum A Brief History of Cprogramming.com
    Replies: 0
    Last Post: 01-08-2003, 04:59 PM