Chinaunix首页 | 论坛 | 博客
  • 博客访问: 5359575
  • 博文数量: 1144
  • 博客积分: 11974
  • 博客等级: 上将
  • 技术积分: 12312
  • 用 户 组: 普通用户
  • 注册时间: 2005-04-13 20:06
文章存档

2017年(2)

2016年(14)

2015年(10)

2014年(28)

2013年(23)

2012年(29)

2011年(53)

2010年(86)

2009年(83)

2008年(43)

2007年(153)

2006年(575)

2005年(45)

分类: LINUX

2009-12-09 11:53:15

#!/usr/local/bin/perl
#
# Hunnypot: Copyright 2004 Jeremy Kister
# Released under Perl's Artistic License.
# Function: serve records out of the honey pot in a RBL DNS server
# Author: Jeremy Kister (hunnypot-devel @t jeremykister.com) 
#

use strict;
use DBI;
use Net::DNS::Nameserver; # blocking

my $servername = 'rbl.example.net';
my $dbun = 'dbun';
my $dbpw = 'dbpw';
my $driver = 'mysql';
my $dsn = "DBI:${driver}:";
my $dbserver = 'mysql.example.net';
my $dbname = 'dbname';

if($driver =~ /Sybase/){
   $dsn .= "server=$dbserver";
}else{
   $dsn .= "host=${dbserver};database=${dbname}";
}

chdir('/') || die "cannot chdir /: $!\n";
my $old = ($^T - 172800);
my $dbh = DBI->connect($dsn, $dbun, $dbpw, {RaiseError => 1});

my $ns = Net::DNS::Nameserver->new(
     LocalAddr    => '127.0.0.1',
     LocalPort    => 53,
     ReplyHandler => \&reply_handler,
     Verbose      => 0,
 ) || die "couldn't create nameserver object\n";
 
$ns->main_loop;

sub reply_handler {
	my ($qname, $qclass, $qtype, $peerhost) = @_;
	return unless($qtype eq 'A' || $qtype eq 'TXT' || $qtype eq 'ANY');
	my ($rdata, @ans, @auth, @add);
	my $rcode = 'REFUSED';

	if($qname =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.${servername}.?$/){
		my $ip = "$4.$3.$2.$1";
		my $sql = 'SELECT times FROM hunnypot WHERE timestamp > ' . $old;
		$sql .= ' AND ip = ' . $dbh->quote($ip);
		my $sth = $dbh->prepare($sql);
		$sth->execute;
		my $count=0;
		while(my $row = $sth->fetchrow_hashref){
			my $times = $row->{times};
			$count += $times;
		}
		if($count > 3){
			#dns reply here
			$rcode = 'NOERROR';
			if($count > 255){
				$rdata = "127.0.0.255";
			}else{
				$rdata = "127.0.0.$count";
			}
			my $ttl = '43200';
			if($qtype eq 'A' || $qtype eq 'ANY'){
				push @ans, Net::DNS::RR->new("$qname $ttl IN A ${rdata}");
			}
			if($qtype eq 'TXT' || $qtype eq 'ANY'){
				my $txt = "\"See {ip}\"";
				push @ans, Net::DNS::RR->new("$qname $ttl IN TXT ${txt}");
			}
			push @auth, Net::DNS::RR->new("${servername} $ttl IN NS ${servername}");
	
		}else{
			$rcode = 'NXDOMAIN';
		}
	}
	return($rcode, \@ans, \@auth, \@add, { aa => 1 });
}

阅读(492) | 评论(0) | 转发(0) |
0

上一篇:hunnypot.pl

下一篇:makerule.pl

给主人留下些什么吧!~~