/*
** ids_source.c for IDPS
** 
** Made by: Nocte and Deepfear
** (big thx to z33w)
**
** <_n0cte_@dhs-team.org>
** 
*/

#include "ids_header.h"

int		main()
{
  int		i;
  int		fd;
  int		recus;
  char		donnees[9000];
  unsigned char *sou;
  unsigned char	*dest;
  struct iphdr 	*ip;
  struct tcphdr	*tcp; 
  t_get		recvp;

  ip = malloc(sizeof(struct iphdr *) - 2);
  tcp = malloc(sizeof(struct tcphdr *) - 2);
  ip = (struct iphdr *)(((unsigned long)&recvp.ip) - 2);
  tcp = (struct tcphdr *)(((unsigned long)&recvp.tcp) - 2); 
  sou = (unsigned char *)&(ip->saddr);
  dest = (unsigned char *)&(ip->daddr);
  fd = socket(AF_INET, SOCK_PACKET, htons(ETH_P_ALL));

  if (fd < 0)
    printf("erreur socket\n");
  else
    printf("good socket\n");

  for (i = 0, recus = 0; 1 == 1;)
    {
      recus = read(fd, (t_get *)&recvp, sizeof(recvp));
      if (strstr(MAGICSTRING, donnees) || strstr(MAGICSTRING2, donnees))
	{
	  printf("ALERTE! Une tentative d'execution de shell a ete detectee !\n" \
		 "----------paquet-%d----------\naddress %u.%u.%u.%u----->" \
		 "%u.%u.%u.%u\n%s\n\n", i, sou[0], \
		 sou[1], sou[2], sou[3], dest[0], dest[1], dest[2], \
		 dest[3], donnees);
	  i++;
	}
    }
  return (0);
}
RETOUR A L'ARTICLE