From: Chris Porter Date: Sun, 7 Jun 2009 15:57:48 +0000 (+0100) Subject: PROXYSCAN: Add DIRECT_IRC scan type. X-Git-Url: https://jfr.im/git/irc/quakenet/newserv.git/commitdiff_plain/c7be40f844dc291512058f8226a7e5eea1a183d5 PROXYSCAN: Add DIRECT_IRC scan type. --- diff --git a/proxyscan/proxyscan.c b/proxyscan/proxyscan.c index 03b74e06..cfc46c6f 100644 --- a/proxyscan/proxyscan.c +++ b/proxyscan/proxyscan.c @@ -279,6 +279,10 @@ void _init(void) { proxyscan_addscantype(STYPE_HTTP, 63809); proxyscan_addscantype(STYPE_HTTP, 63000); proxyscan_addscantype(STYPE_SOCKS4, 29992); + proxyscan_addscantype(STYPE_DIRECT_IRC, 6667); + proxyscan_addscantype(STYPE_DIRECT_IRC, 6668); + proxyscan_addscantype(STYPE_DIRECT_IRC, 6669); + proxyscan_addscantype(STYPE_DIRECT_IRC, 6670); /* Schedule saves */ schedulerecurring(time(NULL)+3600,0,3600,&dumpcachehosts,NULL); @@ -693,6 +697,16 @@ void handlescansock(int fd, short events) { case STYPE_DIRECT: /* Do nothing */ break; + + case STYPE_DIRECT_IRC: + sprintf(buf,"PRIVMSG\r\n"); + if ((write(fd,buf,strlen(buf)))bytesread+=res; sp->totalbytesread+=res; - for (i=0;ibytesread - MAGICSTRINGLENGTH;i++) { - if (!strncmp(sp->readbuf+i, MAGICSTRING, MAGICSTRINGLENGTH)) { - /* Found the magic string */ - /* If the offset is 0, this means it was the first thing we got from the socket, - * so it's an actual IRCD (sheesh). Note that when the buffer is full and moved, - * the thing moved to offset 0 would previously have been tested as offset - * PSCAN_READBUFSIZE/2. - * - * Skip this checking for STYPE_DIRECT scans, which are used to detect trojans setting - * up portforwards (which will therefore show up as ircds, we rely on the port being - * strange enough to avoid false positives */ - if (i==0 && (sp->type != STYPE_DIRECT)) { - killsock(sp, SOUTCOME_CLOSED); + + { + char *magicstring; + int magicstringlength; + + if(sp->type != STYPE_DIRECT_IRC) { + magicstring = MAGICSTRING; + magicstringlength = MAGICSTRINGLENGTH; + } else { + magicstring = MAGICIRCSTRING; + magicstringlength = MAGICIRCSTRINGLENGTH; + } + + for (i=0;ibytesread - magicstringlength;i++) { + if (!strncmp(sp->readbuf+i, magicstring, magicstringlength)) { + /* Found the magic string */ + /* If the offset is 0, this means it was the first thing we got from the socket, + * so it's an actual IRCD (sheesh). Note that when the buffer is full and moved, + * the thing moved to offset 0 would previously have been tested as offset + * PSCAN_READBUFSIZE/2. + * + * Skip this checking for STYPE_DIRECT scans, which are used to detect trojans setting + * up portforwards (which will therefore show up as ircds, we rely on the port being + * strange enough to avoid false positives */ + if (i==0 && (sp->type != STYPE_DIRECT)) { + killsock(sp, SOUTCOME_CLOSED); + return; + } + + killsock(sp, SOUTCOME_OPEN); return; } - - killsock(sp, SOUTCOME_OPEN); - return; } } diff --git a/proxyscan/proxyscan.h b/proxyscan/proxyscan.h index 2b7441fa..110ba302 100644 --- a/proxyscan/proxyscan.h +++ b/proxyscan/proxyscan.h @@ -5,10 +5,14 @@ #include "../nick/nick.h" #include "../lib/splitline.h" #include +#include #define MAGICSTRING "NOTICE AUTH :*** Looking up your hostname\r\n" #define MAGICSTRINGLENGTH 42 +#define MAGICIRCSTRING ".quakenet.org 451 * :Register first.\r\n" +#define MAGICIRCSTRINGLENGTH 38 + #define PSCAN_MAXSCANS 50 #define PSCAN_READBUFSIZE (MAGICSTRINGLENGTH * 2) @@ -21,7 +25,8 @@ #define STYPE_HTTP 2 #define STYPE_WINGATE 3 #define STYPE_CISCO 4 -#define STYPE_DIRECT 5 +#define STYPE_DIRECT 5 /* not sure what this is so I'm leaving it alone */ +#define STYPE_DIRECT_IRC 6 #define SOUTCOME_INPROGRESS 0 #define SOUTCOME_OPEN 1 diff --git a/proxyscan/proxyscandb.c b/proxyscan/proxyscandb.c index f7912357..a6924c7d 100644 --- a/proxyscan/proxyscandb.c +++ b/proxyscan/proxyscandb.c @@ -99,6 +99,10 @@ const char *scantostr(int type) { case STYPE_DIRECT: reason="forward"; break; + + case STYPE_DIRECT_IRC: + reason="forward (irc)"; + break; } return reason;