Limit total number of concurrent connections. Configurable with

connection_limit (default 50). Also fix logging downloads. git-svn-id: https://kippo.googlecode.com/svn/trunk@229 951d7100-d841-11de-b865-b3884708a8e2
2013-01-08 21:40:19 +00:00 · 2013-01-08 21:40:19 +00:00 · 9378c6ba22
parent d0ed22736d
commit 9378c6ba22
4 changed files with 38 additions and 5 deletions
--- a/kippo.cfg.dist
+++ b/kippo.cfg.dist
@ -20,6 +20,11 @@ ssh_port = 2222
 # (default: sales)
 hostname = sales

+# Maximum number of concurrent connections to the honeypot
+#
+# (default: 50)
+#connection_limit = 50
+
 # Directory where to save log files in.
 #
 # (default: log)
--- a/kippo.tac
+++ b/kippo.tac
@ -33,6 +33,8 @@ factory.portal.registerChecker(honeypot.HoneypotPasswordChecker())
 factory.publicKeys = {'ssh-rsa': keys.Key.fromString(data=pubKeyString)}
 factory.privateKeys = {'ssh-rsa': keys.Key.fromString(data=privKeyString)}

+wrapper = honeypot.HoneypotLimitConnections(factory)
+
 cfg = config()
 if cfg.has_option('honeypot', 'ssh_addr'):
    ssh_addr = cfg.get('honeypot', 'ssh_addr')
@ -42,7 +44,7 @@ else:
 application = service.Application('honeypot')
 for i in ssh_addr.split():
    service = internet.TCPServer(
-        int(cfg.get('honeypot', 'ssh_port')), factory,
+        int(cfg.get('honeypot', 'ssh_port')), wrapper,
        interface=i)
    service.setServiceParent(application)

--- a/kippo/core/dblog.py
+++ b/kippo/core/dblog.py
@ -11,7 +11,8 @@ class DBLogger(object):
        self.re_connected = re.compile(
            '^New connection: ([0-9.]+):([0-9]+) \(([0-9.]+):([0-9]+)\) ' + \
            '\[session: ([0-9]+)\]$')
-        self.re_sessionlog = re.compile('.*HoneyPotTransport,([0-9]+),[0-9.]+$')
+        self.re_sessionlog = re.compile(
+            '.* on [a-zA-Z0-9]+,([0-9]+),[0-9.]+$')

        # :dispatch: means the message has been delivered directly via
        # logDispatch, instead of relying on the twisted logging, which breaks
@ -29,7 +30,7 @@ class DBLogger(object):
                self.handleCommand),
            ('^:dispatch: Command not found: (?P<input>.*)$',
                self.handleUnknownCommand),
-            ('^:dispatch: Downloading URL \((?P<url>.*)\) to (?P<outfile>.*)$',
+            ('^:dispatch: Saving URL \((?P<url>.*)\) to (?P<outfile>.*)$',
                self.handleFileDownload),
            ('^INPUT \((?P<realm>[a-zA-Z0-9]+)\): (?P<input>.*)$',
                self.handleInput),
--- a/kippo/core/honeypot.py
+++ b/kippo/core/honeypot.py
@ -6,9 +6,9 @@ from twisted.conch import avatar, recvline, interfaces as conchinterfaces
 from twisted.conch.ssh import factory, userauth, connection, keys, session, common, transport
 from twisted.conch.insults import insults
 from twisted.application import service, internet
-from twisted.protocols.policies import TrafficLoggingFactory
 from twisted.internet import reactor, protocol, defer
 from twisted.python import failure, log
+from twisted.protocols.policies import WrappingFactory
 from zope.interface import implements
 from copy import deepcopy, copy
 import sys, os, random, pickle, time, stat, shlex, anydbm
@ -499,7 +499,7 @@ class HoneyPotRealm:
            raise Exception, "No supported interfaces found."

 class HoneyPotTransport(transport.SSHServerTransport):
-    
+
    hadVersion = False

    def connectionMade(self):
@ -643,13 +643,38 @@ class HoneyPotSSHFactory(factory.SSHFactory):

        t.ourVersionString = 'SSH-2.0-OpenSSH_5.1p1 Debian-5'
        t.supportedPublicKeys = self.privateKeys.keys()
+
        if not self.primes:
            ske = t.supportedKeyExchanges[:]
            ske.remove('diffie-hellman-group-exchange-sha1')
            t.supportedKeyExchanges = ske
+
        t.factory = self
        return t

+class HoneypotLimitConnections(WrappingFactory):
+
+    connectionCount = 0
+    connectionLimit = 50
+
+    def startFactory(self):
+        cfg = config()
+        if cfg.has_option('honeypot', 'connection_limit'):
+            self.connectionLimit = int(cfg.get(
+                'honeypot', 'connection_limit'))
+
+    def buildProtocol(self, addr):
+        if self.connectionLimit is None or \
+                self.connectionCount < self.connectionLimit:
+            self.connectionCount += 1
+            return WrappingFactory.buildProtocol(self, addr)
+        else:
+            print 'Connection limit reached (%s:%s)' % (addr.host, addr.port)
+            return None
+
+    def unregisterProtocol(self, p):
+        self.connectionCount -= 1
+
 class HoneypotPasswordChecker:
    implements(checkers.ICredentialsChecker)