commit 6989e9f4112fc8dcf7f1b6785c44ed2c27f19abf
parent 3f593e275e330ea4c9eccca61fe399707066e096
Author: Naveen Narayanan <zerous@nocebo.space>
Date: Fri, 29 Oct 2021 16:12:32 +0200
Handle preauth attacks
Diffstat:
6 files changed, 24 insertions(+), 5 deletions(-)
diff --git a/attack.c b/attack.c
@@ -8,14 +8,18 @@
#include "attack.h"
extern char *attack_pattern[];
+extern int pauth[];
int
-isattack(char *constat)
+isattack(char *constat, char *preauth)
{
for (char **p = attack_pattern; *p; ++p)
- if (strstr(constat, *p))
+ if (strstr(constat, *p)) {
+ if (pauth[p - attack_pattern]
+ && !strstr(preauth, "[preauth]"))
+ return 0;
return 1;
-
+ }
return 0;
}
diff --git a/attack.h b/attack.h
@@ -24,7 +24,7 @@ struct attacker {
int blacklist(struct attacker *);
int whitelist(struct attacker *);
-int isattack(char *);
+int isattack(char *, char *);
int isexpire(struct attacker *);
int islogin(char *);
diff --git a/config.h b/config.h
@@ -8,5 +8,15 @@ char *attack_pattern[] = {
"Failed password for",
"Disconnected from authenticating user",
"Unable to negotiate with",
+ "Received disconnect from",
NULL,
};
+
+int pauth[] = {
+ 0,
+ 0,
+ 0,
+ 0,
+ 1,
+ 0,
+};
diff --git a/main.c b/main.c
@@ -286,7 +286,7 @@ main(int argc, char **argv)
a = NULL;
found = 0;
- if (isattack(statmsg)) {
+ if (isattack(statmsg, preauth)) {
SLIST_FOREACH(a, &head, attackers)
if (!strcmp(a->ip, ip)) {
++found;
diff --git a/parser.c b/parser.c
@@ -18,6 +18,7 @@ extern int ignore;
char ip[16];
char statmsg[BUFSZ];
+char preauth[BUFSZ];
static char token[MAXTOKENLEN];
static char *lp, *tp;
time_t attack;
@@ -283,6 +284,9 @@ portnum()
static int
misc()
{
+ if (word())
+ strcpy(preauth, tp);
+
return 1;
}
diff --git a/parser.h b/parser.h
@@ -3,6 +3,7 @@
extern char ip[];
extern char statmsg[];
+extern char preauth[];
extern time_t attack;
int parse(char *, time_t);
