ntp ddos detection (0b0d43de) · Commits · nimrod / masscan

src/main-conf.c

+5 −6

Original line number	Diff line number	Diff line
		@@ -1223,8 +1223,9 @@ masscan_set_parameter(struct Masscan *masscan,
		masscan->script.name, value);
		exit(1);
		}
		masscan->script.name = script_lookup(value)->name;
		}

		masscan->script.name = script_lookup(value)->name;
		} else if (EQUALS("scan-delay", name) \|\| EQUALS("max-scan-delay", name)) {
		fprintf(stderr, "nmap(%s): unsupported: we do timing VASTLY differently!\n", name);
		exit(1);
		@@ -1655,10 +1656,9 @@ masscan_command_line(struct Masscan masscan, int argc, char argv[])
		break;
		case 'T':
		fprintf(stderr, "nmap(%s): connect() is too synchronous for cool kids\n", argv[i]);
		exit(1);
		break;
		case 'U':
		fprintf(stderr, "nmap(%s): UDP scan not yet supported\n", argv[i]);
		exit(1);
		break;
		case 'V':
		fprintf(stderr, "nmap(%s): unlikely this will be supported\n", argv[i]);
		exit(1);
		@@ -1669,8 +1669,7 @@ masscan_command_line(struct Masscan masscan, int argc, char argv[])
		fprintf(stderr, "nmap(%s): Xmas scan not yet supported\n", argv[i]);
		exit(1);
		case 'Y':
		fprintf(stderr, "nmap(%s): SCTP scan not yet supported\n", argv[i]);
		exit(1);
		break;
		case 'Z':
		fprintf(stderr, "nmap(%s): SCTP scan not yet supported\n", argv[i]);
		exit(1);

src/pixie-backtrace.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -2,6 +2,7 @@
		When program crashes, print backtrace with line numbers
		*/
		#include "pixie-backtrace.h"
		#include "unusedparm.h"
		#include <stdio.h>
		#include <string.h>
		#include <stdlib.h>
		@@ -173,6 +174,7 @@ static void
		handle_segfault(int sig)
		{

		UNUSEDPARM(sig);
		printf("======================================================================");
		printf(" Segmentation fault: please post this backtrace to:\n");
		printf(" https://github.com/robertdavidgraham/masscan/issues\n");

src/proto-banout.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -164,8 +164,8 @@ banout_append(struct BannerOutput *banout, unsigned proto,
		{
		struct BannerOutput *p;

		if (length == ~0)
		length = strlen(px);
		if (length == AUTO_LEN)
		length = strlen((const char*)px);

		/*
		* Get the matching record for the protocol (e.g. HTML, SSL, etc.).

src/proto-banout.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -57,6 +57,7 @@ banout_end(struct BannerOutput *banout, unsigned proto);
		*/
		void
		banout_append(struct BannerOutput banout, unsigned proto, const void px, size_t length);
		#define AUTO_LEN ((size_t)~0)

		/**
		* Append a single character to the banner.

src/proto-ntp.c

+18 −17

Original line number	Diff line number	Diff line
		@@ -12,6 +12,7 @@
		#include "proto-banner1.h"
		#include "syn-cookie.h"
		#include "templ-port.h"
		#include "unusedparm.h"



		@@ -20,6 +21,9 @@
		unsigned
		ntp_set_cookie(unsigned char *px, size_t length, uint64_t seqno)
		{
		UNUSEDPARM(px);
		UNUSEDPARM(length);
		UNUSEDPARM(seqno);
		return 0;
		}
		struct Val2String {
		@@ -104,6 +108,8 @@ ntp_modlist_parse(const unsigned char *px,
		unsigned record_count;
		unsigned record_size;

		UNUSEDPARM(request_id);

		if (offset + 4 >= length)
		return;

		@@ -117,20 +123,20 @@ ntp_modlist_parse(const unsigned char *px,
		if (errmsg == 0)
		errmsg = "Bogus Error Code";
		sprintf_s(foo, sizeof(foo), "%u", errcode);
		banout_append(banout, PROTO_NTP, "Response was NTP Error Code ", ~0);
		banout_append(banout, PROTO_NTP, foo, ~0);
		banout_append(banout, PROTO_NTP, " - \"", ~0);
		banout_append(banout, PROTO_NTP, errmsg, ~0);
		banout_append(banout, PROTO_NTP, "\"", ~0);
		banout_append(banout, PROTO_NTP, "Response was NTP Error Code ", AUTO_LEN);
		banout_append(banout, PROTO_NTP, foo, AUTO_LEN);
		banout_append(banout, PROTO_NTP, " - \"", AUTO_LEN);
		banout_append(banout, PROTO_NTP, errmsg, AUTO_LEN);
		banout_append(banout, PROTO_NTP, "\"", AUTO_LEN);
		return;
		}

		if (4 + record_count * record_size > length) {
		banout_append(banout, PROTO_NTP, "response-too-big", ~0);
		banout_append(banout, PROTO_NTP, "response-too-big", AUTO_LEN);
		return;
		}
		if (record_count * record_size > 500) {
		banout_append(banout, PROTO_NTP, "response-too-big", ~0);
		banout_append(banout, PROTO_NTP, "response-too-big", AUTO_LEN);
		return;
		}

		@@ -142,7 +148,7 @@ ntp_modlist_parse(const unsigned char *px,
		sprintf_s(msg, sizeof(msg), " response-size=%u-bytes more=%s",
		record_count * record_size, ((px[0]>>6)&1)?"true":"false");

		banout_append(banout, PROTO_NTP, msg, ~0);
		banout_append(banout, PROTO_NTP, msg, AUTO_LEN);
		}
		}

		@@ -188,7 +194,6 @@ ntp_v2_parse(const unsigned char *px,
		struct BannerOutput *banout,
		unsigned *request_id)
		{
		unsigned is_more;
		unsigned mode;

		if (length < 4)
		@@ -198,9 +203,6 @@ ntp_v2_parse(const unsigned char *px,
		if ((px[0]>>7) != 1)
		return;

		/* Extract: more bit */
		is_more = (px[0]>>6)&1;

		/* Validate: this is version 2 */
		if (((px[0]>>3)&7) != 2)
		return;
		@@ -230,7 +232,6 @@ ntp_handle_response(struct Output *out, time_t timestamp,
		)
		{
		unsigned ip_them;
		unsigned ip_me;
		unsigned request_id = 0;
		struct BannerOutput banout[1];
		unsigned offset = parsed->app_offset;
		@@ -260,8 +261,8 @@ ntp_handle_response(struct Output *out, time_t timestamp,

		ip_them = parsed->ip_src[0]<<24 \| parsed->ip_src[1]<<16
		\| parsed->ip_src[2]<< 8 \| parsed->ip_src[3]<<0;
		ip_me = parsed->ip_dst[0]<<24 \| parsed->ip_dst[1]<<16
		\| parsed->ip_dst[2]<< 8 \| parsed->ip_dst[3]<<0;
		/*ip_me = parsed->ip_dst[0]<<24 \| parsed->ip_dst[1]<<16
		\| parsed->ip_dst[2]<< 8 \| parsed->ip_dst[3]<<0;*/

		/* Validate the "syn-cookie" style information. */
		//seqno = (unsigned)syn_cookie(ip_them, port_them \| Templ_UDP, ip_me, port_me);