rm -f *.da
config.o: config.h log.h
-dnsbl.o: dnsbl.h extern.h irc.h log.h
+dnsbl.o: dnsbl.h extern.h irc.h log.h opercmd.h scan.h
irc.o: config.h dnsbl.h extern.h irc.h log.h opercmd.h scan.h
log.o: extern.h log.h
main.o: extern.h irc.h log.h opercmd.h scan.h stats.h
char *CONF_DNSBL_ZONE = 0;
char *CONF_DNSBL_FROM = 0;
char *CONF_DNSBL_TO = 0;
+char *CONF_SENDMAIL = 0;
int CONF_SCANPORT = 0;
int CONF_PORT = 0;
{"DNSBL_ZONE", TYPE_STRING, &CONF_DNSBL_ZONE },
{"DNSBL_FROM", TYPE_STRING, &CONF_DNSBL_FROM },
{"DNSBL_TO", TYPE_STRING, &CONF_DNSBL_TO },
+ {"SENDMAIL", TYPE_STRING, &CONF_SENDMAIL },
};
#include <time.h>
#include <errno.h>
+#include "irc.h"
+#include "opercmd.h"
+#include "scan.h"
#include "dnsbl.h"
#include "extern.h"
-#include "irc.h"
#include "log.h"
extern unsigned int STAT_DNSBL_MATCHES;
STAT_DNSBL_MATCHES++;
return(1);
}
+
+/* send an email to report this open proxy */
+void dnsbl_report(struct scan_struct *ss)
+{
+ log("Would be emailing now");
+}
#ifndef DNSBL_H
#define DNSBL_H
+
int dnsbl_check(const char *addr, const char *irc_nick,
const char *irc_user, char *irc_addr);
+ void dnsbl_report(struct scan_struct *ss);
#endif
extern char *CONF_DNSBL_ZONE;
extern char *CONF_DNSBL_FROM;
extern char *CONF_DNSBL_TO;
+ extern char *CONF_SENDMAIL;
extern int CONF_PORT;
extern int CONF_SCANPORT;
#include "irc.h"
#include "log.h"
#include "config.h"
-#include "dnsbl.h"
#include "opercmd.h"
#include "scan.h"
+#include "dnsbl.h"
#include "stats.h"
#include "extern.h"
#include "options.h"
if(!strcmp(token[7], "connecting:"))
{
+ char conn_notice[513];
STAT_NUM_CONNECTS++;
+ /* take a copy of the original connect notice now in case
+ * we need it for evidence later */
+ snprintf(conn_notice, sizeof(conn_notice),
+ "%s %s %s %s %s %s %s %s %s %s %s", token[0],
+ token[1], token[2], token[3], token[4], token[5],
+ token[6], token[7], token[8], token[9], token[10]);
+
+ /* make sure it is null terminated */
+ conn_notice[512] = '\0';
+
/* Token 11 is the IP of the remote host
* enclosed in [ ]. We need to remove it from
* [ ] and pass it to the scanner. */
if(CONF_DNSBL_ZONE && dnsbl_check(addr, irc_nick,
irc_user, irc_addr))
return;
- scan_connect(addr, irc_addr, irc_nick, irc_user, 0);
+ scan_connect(addr, irc_addr, irc_nick, irc_user, 0, conn_notice);
}
}
#include <sys/time.h>
#include "config.h"
-#include "dnsbl.h"
#include "irc.h"
#include "log.h"
#include "opercmd.h"
#include "scan.h"
#include "stats.h"
+#include "dnsbl.h"
#include "extern.h"
* with the connecting IP, where we will begin
* to establish the proxy testing */
-void scan_connect(char *addr, char *irc_addr, char *irc_nick, char *irc_user, int verbose)
+void scan_connect(char *addr, char *irc_addr, char *irc_nick,
+ char *irc_user, int verbose, char *conn_notice)
{
int i;
newconn->irc_user = strdup(irc_user);
newconn->verbose = verbose;
+ if(conn_notice)
+ newconn->conn_notice = strdup(conn_notice);
+
newconn->protocol = &(SCAN_PROTOCOLS[i]); /* Give struct a link to information about the protocol
it will be handling. */
free(newconn->irc_addr);
free(newconn->irc_user);
free(newconn->irc_nick);
+ if(newconn->conn_notice)
+ free(newconn->conn_notice);
free(newconn);
continue;
}
{
irc_kline(ss->irc_addr);
+ if(CONF_DNSBL_FROM && CONF_DNSBL_TO &&
+ CONF_SENDMAIL)
+ {
+ dnsbl_report(ss);
+ }
+
log("SCAN -> %s: %s!%s@%s (%d)", ss->protocol->type , ss->irc_nick, ss->irc_user,
ss->irc_addr, ss->protocol->port);
free(ss->irc_addr);
free(ss->irc_nick);
free(ss->irc_user);
+ if(ss->conn_notice)
+ free(ss->conn_notice);
free(ss);
}
else
free(ss->irc_addr);
free(ss->irc_nick);
free(ss->irc_user);
+ if(ss->conn_notice)
+ free(ss->conn_notice);
free(ss);
}
break;
if(CONF_DNSBL_ZONE)
dnsbl_check(ip, "*", "*", c->param);
- scan_connect(ip, c->param, "*", "*", 1); /* Scan using verbose */
+ scan_connect(ip, c->param, "*", "*", 1, NULL); /* Scan using verbose */
}
char *irc_addr; /* Hostname of user on IRC (for kline) */
char *irc_nick; /* Nickname of user on IRC (for logging) */
char *irc_user; /* Username of user on IRC (for logging) */
+ char *conn_notice; /* original server notice for this connect, used
+ * for evidence */
int fd; /* File descriptor of socket */
struct sockaddr_in sockaddr; /* holds information about remote host for socket() */
time_t create_time; /* Creation time, for timeout */
};
void do_scan_init();
- void scan_connect(char *addr, char *irc_addr, char *irc_nick, char *irc_user, int verbose);
+ void scan_connect(char *addr, char *irc_addr, char *irc_nick,
+ char *irc_user, int verbose, char *conn_notice);
void scan_add(scan_struct *newcon);
void scan_del(scan_struct *ss);
void scan_cycle();