- 论坛徽章:
- 0
|
帮我看看这个程序
# 如果FTP命令是MDTM
if (uc($ftp->;{$cmd}) eq "MDTM" {
# 用正则表达式匹配引发溢出的参数串,这里体现了正则
# 表达式的强大,用此匹配可以从原理上检测到畸形参数串
if ($ftp->;{$para} =~ m/\d{14}[+|-]\S{5,}\s+\S{1,}/) {
LogAlert ($src_ip,$src_port,$dest_ip,$dst_port,"Serv-U < v5.0.0.4 MDTM command long timezone string overflow attack!" ;
}
}
}
}
}
# 记录攻击告警
sub LogAlert {
my ($src_ip,$src_port,$dest_ip,$dst_port,$message) = @_;
my $nowtime = localtime;
printf ATTACKLOG ("%s\t%s:%s ->; %s:%s\t%s\n",$nowtime,$src_ip,$src_port,$dest_ip,$dst_port,$message);
printf ("%s\t%s:%s ->; %s:%s\t%s\n",$nowtime,$src_ip,$src_port,$dest_ip,$dst_port,$message);
}
# 记录监控信息
sub LogMonitor {
my ($src_ip,$src_port,$dest_ip,$dst_port,$message) = @_;
my $nowtime = localtime;
printf MONITORLOG ("%s\t%s:%s ->; %s:%s\t%s\n",$nowtime,$src_ip,$src_port,$dest_ip,$dst_port,$message);
printf ("%s\t%s:%s ->; %s:%s\t%s\n",$nowtime,$src_ip,$src_port,$dest_ip,$dst_port,$message);
}
# INT信号处理例程
sub HandleINT {
CleanUp ();
exit (0);
}
# TERM信号处理例程
sub HandleTERM {
CleanUp ();
exit (0);
}
# 清理,主要工作是关闭文件句柄
sub CleanUp {
close (ATTACKLOG); close (MONITORLOG); |
|