diff --git a/src/layer_2/arp.rs b/src/layer_2/arp.rs index 7986028..5cfc3f2 100644 --- a/src/layer_2/arp.rs +++ b/src/layer_2/arp.rs @@ -84,6 +84,7 @@ mod tests { mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"), iface: None, ip_addresses: Some(&ips), + ignored_ip_addresses: None, log: MetaLogger::new(), }; let mut arp_req = diff --git a/src/layer_2/mod.rs b/src/layer_2/mod.rs index c298d91..a51266c 100644 --- a/src/layer_2/mod.rs +++ b/src/layer_2/mod.rs @@ -226,6 +226,7 @@ mod tests { mac: mac, iface: None, ip_addresses: Some(&ips), + ignored_ip_addresses: None, log: MetaLogger::new(), }; for proto in [EtherTypes::Ipv4, EtherTypes::Ipv6, EtherTypes::Arp] { @@ -264,6 +265,7 @@ mod tests { mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"), iface: None, ip_addresses: Some(&ips), + ignored_ip_addresses: None, log: MetaLogger::new(), }; let mut eth_req = MutableEthernetPacket::owned(vec![ diff --git a/src/layer_3/ipv4.rs b/src/layer_3/ipv4.rs index 3c2d0ca..4109a3d 100644 --- a/src/layer_3/ipv4.rs +++ b/src/layer_3/ipv4.rs @@ -53,6 +53,16 @@ pub fn repl<'a, 'b>( return None; } } + /* If masscanned is configured with ignored IP addresses, then + * check if the src. IP address of the packet is one of + * those ignored by masscanned - if so, drop the packet. + **/ + if let Some(ignored_ip_addr_list) = masscanned.ignored_ip_addresses { + if ignored_ip_addr_list.contains(&IpAddr::V4(ip_req.get_source())) { + masscanned.log.ipv4_drop(&ip_req, &client_info); + return None; + } + } /* Fill client info with transport layer procotol */ client_info.transport = Some(ip_req.get_next_level_protocol()); let mut ip_repl; @@ -193,6 +203,7 @@ mod tests { mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"), iface: None, ip_addresses: Some(&ips), + ignored_ip_addresses: None, log: MetaLogger::new(), }; for proto in [ @@ -240,6 +251,7 @@ mod tests { mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"), iface: None, ip_addresses: Some(&ips), + ignored_ip_addresses: None, log: MetaLogger::new(), }; let mut ip_req = diff --git a/src/layer_3/ipv6.rs b/src/layer_3/ipv6.rs index 42e6293..4a23b46 100644 --- a/src/layer_3/ipv6.rs +++ b/src/layer_3/ipv6.rs @@ -41,9 +41,9 @@ pub fn repl<'a, 'b>( masscanned.log.ipv6_recv(ip_req, client_info); let src = ip_req.get_source(); let mut dst = ip_req.get_destination(); - /* If masscanned is configured with IP addresses, check that - * the dest. IP address corresponds to one of those - * Otherwise, drop the packet. + /* If masscanned is configured with IP addresses, then + * check that the dest. IP address of the packet is one of + * those handled by masscanned - otherwise, drop the packet. **/ if let Some(ip_addr_list) = masscanned.ip_addresses { if !ip_addr_list.contains(&IpAddr::V6(dst)) @@ -53,6 +53,16 @@ pub fn repl<'a, 'b>( return None; } } + /* If masscanned is configured with ignored IP addresses, then + * check if the src. IP address of the packet is one of + * those ignored by masscanned - if so, drop the packet. + **/ + if let Some(ignored_ip_addr_list) = masscanned.ignored_ip_addresses { + if ignored_ip_addr_list.contains(&IpAddr::V6(src)) { + masscanned.log.ipv6_drop(ip_req, client_info); + return None; + } + } /* Fill client info with source and dest. IP address */ client_info.ip.src = Some(IpAddr::V6(ip_req.get_source())); client_info.ip.dst = Some(IpAddr::V6(ip_req.get_destination())); @@ -206,6 +216,7 @@ mod tests { mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"), iface: None, ip_addresses: Some(&ips), + ignored_ip_addresses: None, log: MetaLogger::new(), }; for proto in [ @@ -255,6 +266,7 @@ mod tests { mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"), iface: None, ip_addresses: Some(&ips), + ignored_ip_addresses: None, log: MetaLogger::new(), }; let mut ip_req = diff --git a/src/layer_4/icmpv4.rs b/src/layer_4/icmpv4.rs index 096f88a..7075cf0 100644 --- a/src/layer_4/icmpv4.rs +++ b/src/layer_4/icmpv4.rs @@ -81,6 +81,7 @@ mod tests { mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"), iface: None, ip_addresses: None, + ignored_ip_addresses: None, log: MetaLogger::new(), }; let mut icmp_req = diff --git a/src/layer_4/icmpv6.rs b/src/layer_4/icmpv6.rs index 59d48fe..c4820b8 100644 --- a/src/layer_4/icmpv6.rs +++ b/src/layer_4/icmpv6.rs @@ -173,6 +173,7 @@ mod tests { mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"), iface: None, ip_addresses: Some(&ips), + ignored_ip_addresses: None, log: MetaLogger::new(), }; /* Legitimate solicitation */ @@ -246,6 +247,7 @@ mod tests { mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"), iface: None, ip_addresses: Some(&ips), + ignored_ip_addresses: None, log: MetaLogger::new(), }; let mut icmpv6_echo_req = MutableIcmpv6Packet::owned(vec![ diff --git a/src/layer_4/tcp.rs b/src/layer_4/tcp.rs index fb0681e..ba4ff2f 100644 --- a/src/layer_4/tcp.rs +++ b/src/layer_4/tcp.rs @@ -146,6 +146,7 @@ mod tests { let masscanned = Masscanned { mac: MacAddr(0, 0, 0, 0, 0, 0), ip_addresses: None, + ignored_ip_addresses: None, synack_key: [0x06a0a1d63f305e9b, 0xd4d4bcbb7304875f], iface: None, log: MetaLogger::new(), @@ -197,6 +198,7 @@ mod tests { let masscanned = Masscanned { mac: MacAddr(0, 0, 0, 0, 0, 0), ip_addresses: None, + ignored_ip_addresses: None, synack_key: [0x06a0a1d63f305e9b, 0xd4d4bcbb7304875f], iface: None, log: MetaLogger::new(), @@ -248,6 +250,7 @@ mod tests { let masscanned = Masscanned { mac: MacAddr(0, 0, 0, 0, 0, 0), ip_addresses: None, + ignored_ip_addresses: None, synack_key: [0x06a0a1d63f305e9b, 0xd4d4bcbb7304875f], iface: None, log: MetaLogger::new(), @@ -298,6 +301,7 @@ mod tests { let masscanned = Masscanned { mac: MacAddr(0, 0, 0, 0, 0, 0), ip_addresses: None, + ignored_ip_addresses: None, synack_key: [0x06a0a1d63f305e9b, 0xd4d4bcbb7304875f], iface: None, log: MetaLogger::new(), diff --git a/src/masscanned.rs b/src/masscanned.rs index 4d3db61..592fbc2 100644 --- a/src/masscanned.rs +++ b/src/masscanned.rs @@ -57,6 +57,7 @@ pub struct Masscanned<'a> { /* iface is an Option to make tests easier */ pub iface: Option<&'a NetworkInterface>, pub ip_addresses: Option<&'a HashSet>, + pub ignored_ip_addresses: Option<&'a HashSet>, /* loggers */ pub log: MetaLogger, } @@ -133,6 +134,18 @@ fn main() { .help("Inline list of IP addresses to impersonate, comma-separated") .num_args(1), ) + .arg( + Arg::new("ignoredipfile") + .long("ignored-ip-addr-file") + .help("File with the list of IP addresses to NOT respond to") + .num_args(1), + ) + .arg( + Arg::new("ignorediplist") + .long("ignored-ip-addr") + .help("Inline list of IP addresses to NOT respond to, comma-separated") + .num_args(1), + ) .arg( Arg::new("verbosity") .short('v') @@ -217,11 +230,34 @@ fn main() { info!("binding........::"); None }; + let mut ignored_ip_list = if let Some(ref path) = args.get_one::("ignoredipfile") { + if let Ok(file) = File::open(path) { + info!("parsing ignored ip address file: {}", &path); + file.extract_ip_addresses_only(None) + } else { + HashSet::new() + } + } else { + HashSet::new() + }; + if let Some(ignored_ip_inline_list) = args.get_one::("ignorediplist") { + ignored_ip_list.extend(ignored_ip_inline_list.extract_ip_addresses_only(None)); + } + let ignored_ip_addresses = if !ignored_ip_list.is_empty() { + for ip in &ignored_ip_list { + info!("ignoring.......{}", ip); + } + Some(&ignored_ip_list) + } else { + None + }; + let mut masscanned = Masscanned { synack_key: [0, 0], mac, iface: Some(&iface), ip_addresses, + ignored_ip_addresses, log: MetaLogger::new(), }; info!("interface......{}", masscanned.iface.unwrap().name); diff --git a/src/proto/dns/header.rs b/src/proto/dns/header.rs index 5a53318..d4cd4ce 100644 --- a/src/proto/dns/header.rs +++ b/src/proto/dns/header.rs @@ -293,6 +293,7 @@ mod tests { mac: MacAddr::from_str("00:00:00:00:00:00").expect("error parsing default MAC address"), iface: None, ip_addresses: None, + ignored_ip_addresses: None, log: MetaLogger::new(), }; let client_info = ClientInfo::new(); @@ -316,6 +317,7 @@ mod tests { mac: MacAddr::from_str("00:00:00:00:00:00").expect("error parsing default MAC address"), iface: None, ip_addresses: None, + ignored_ip_addresses: None, log: MetaLogger::new(), }; let client_info = ClientInfo::new(); @@ -340,6 +342,7 @@ mod tests { mac: MacAddr::from_str("00:00:00:00:00:00").expect("error parsing default MAC address"), iface: None, ip_addresses: None, + ignored_ip_addresses: None, log: MetaLogger::new(), }; let client_info = ClientInfo::new(); @@ -364,6 +367,7 @@ mod tests { mac: MacAddr::from_str("00:00:00:00:00:00").expect("error parsing default MAC address"), iface: None, ip_addresses: None, + ignored_ip_addresses: None, log: MetaLogger::new(), }; let client_info = ClientInfo::new(); diff --git a/src/proto/dns/mod.rs b/src/proto/dns/mod.rs index 0c97cd5..b51e15a 100644 --- a/src/proto/dns/mod.rs +++ b/src/proto/dns/mod.rs @@ -629,6 +629,7 @@ mod tests { mac: MacAddr::from_str("00:00:00:00:00:00").expect("error parsing default MAC address"), iface: None, ip_addresses: None, + ignored_ip_addresses: None, log: MetaLogger::new(), }; let mut client_info = ClientInfo::new(); diff --git a/src/proto/dns/query.rs b/src/proto/dns/query.rs index b5d92cf..639a21c 100644 --- a/src/proto/dns/query.rs +++ b/src/proto/dns/query.rs @@ -239,6 +239,7 @@ mod tests { mac: MacAddr::from_str("00:00:00:00:00:00").expect("error parsing default MAC address"), iface: None, ip_addresses: None, + ignored_ip_addresses: None, log: MetaLogger::new(), }; let ip_src = IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)); @@ -306,6 +307,7 @@ mod tests { mac: MacAddr::from_str("00:00:00:00:00:00").expect("error parsing default MAC address"), iface: None, ip_addresses: None, + ignored_ip_addresses: None, log: MetaLogger::new(), }; let client_info = ClientInfo::new(); diff --git a/src/proto/mod.rs b/src/proto/mod.rs index 819540b..aed6d5a 100644 --- a/src/proto/mod.rs +++ b/src/proto/mod.rs @@ -216,6 +216,7 @@ mod tests { mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"), iface: None, ip_addresses: Some(&ips), + ignored_ip_addresses: None, log: MetaLogger::new(), }; /***** TEST STUN - MAGIC *****/ @@ -276,6 +277,7 @@ mod tests { mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"), iface: None, ip_addresses: Some(&ips), + ignored_ip_addresses: None, log: MetaLogger::new(), }; /***** TEST SSH *****/ @@ -317,6 +319,7 @@ mod tests { mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"), iface: None, ip_addresses: Some(&ips), + ignored_ip_addresses: None, log: MetaLogger::new(), }; /***** TEST GHOST *****/ @@ -350,6 +353,7 @@ mod tests { mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"), iface: None, ip_addresses: Some(&ips), + ignored_ip_addresses: None, log: MetaLogger::new(), }; /***** TEST COMPLETE REQUEST *****/ @@ -371,6 +375,7 @@ mod tests { mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"), iface: None, ip_addresses: None, + ignored_ip_addresses: None, log: MetaLogger::new(), }; let mut client_info = ClientInfo::new(); diff --git a/src/proto/smb.rs b/src/proto/smb.rs index 2356eb8..26e49ee 100644 --- a/src/proto/smb.rs +++ b/src/proto/smb.rs @@ -1200,6 +1200,7 @@ mod tests { mac: MacAddr::from_str("00:00:00:00:00:00").expect("error parsing default MAC address"), iface: None, ip_addresses: None, + ignored_ip_addresses: None, log: MetaLogger::new(), }; let client_info = ClientInfo::new(); @@ -1268,6 +1269,7 @@ mod tests { mac: MacAddr::from_str("00:00:00:00:00:00").expect("error parsing default MAC address"), iface: None, ip_addresses: None, + ignored_ip_addresses: None, log: MetaLogger::new(), }; let client_info = ClientInfo::new(); @@ -1331,6 +1333,7 @@ mod tests { mac: MacAddr::from_str("00:00:00:00:00:00").expect("error parsing default MAC address"), iface: None, ip_addresses: None, + ignored_ip_addresses: None, log: MetaLogger::new(), }; let client_info = ClientInfo::new(); @@ -1392,6 +1395,7 @@ mod tests { mac: MacAddr::from_str("00:00:00:00:00:00").expect("error parsing default MAC address"), iface: None, ip_addresses: None, + ignored_ip_addresses: None, log: MetaLogger::new(), }; let client_info = ClientInfo::new(); diff --git a/src/proto/stun.rs b/src/proto/stun.rs index 9edef5c..80780e6 100644 --- a/src/proto/stun.rs +++ b/src/proto/stun.rs @@ -443,6 +443,7 @@ mod tests { mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"), iface: None, ip_addresses: Some(&ips), + ignored_ip_addresses: None, log: MetaLogger::new(), }; let payload_resp = if let Some(r) = repl(payload, &masscanned, &mut client_info, None) { @@ -503,6 +504,7 @@ mod tests { mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"), iface: None, ip_addresses: Some(&ips), + ignored_ip_addresses: None, log: MetaLogger::new(), }; client_info.ip.src = Some(IpAddr::V6(test_ip_addr)); @@ -555,6 +557,7 @@ mod tests { mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"), iface: None, ip_addresses: Some(&ips), + ignored_ip_addresses: None, log: MetaLogger::new(), }; client_info.ip.src = Some(IpAddr::V4(test_ip_addr)); @@ -605,6 +608,7 @@ mod tests { mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"), iface: None, ip_addresses: Some(&ips), + ignored_ip_addresses: None, log: MetaLogger::new(), }; client_info.ip.src = Some(IpAddr::V4(test_ip_addr)); diff --git a/src/proto/tcb.rs b/src/proto/tcb.rs index f092eb8..bf41175 100644 --- a/src/proto/tcb.rs +++ b/src/proto/tcb.rs @@ -112,6 +112,7 @@ mod tests { mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"), iface: None, ip_addresses: Some(&ips), + ignored_ip_addresses: None, log: MetaLogger::new(), }; let cookie = synackcookie::generate(&client_info, &masscanned.synack_key).unwrap(); @@ -166,6 +167,7 @@ mod tests { mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"), iface: None, ip_addresses: Some(&ips), + ignored_ip_addresses: None, log: MetaLogger::new(), }; let cookie = synackcookie::generate(&client_info, &masscanned.synack_key).unwrap(); @@ -226,6 +228,7 @@ mod tests { mac: MacAddr::from_str("00:11:22:33:44:55").expect("error parsing MAC address"), iface: None, ip_addresses: Some(&ips), + ignored_ip_addresses: None, log: MetaLogger::new(), }; let cookie = synackcookie::generate(&client_info, &masscanned.synack_key).unwrap();