void handle_udp(struct Output *out, time_t timestamp, const unsigned char *px, unsigned length, struct PreprocessedInfo *parsed, uint64_t entropy) { unsigned ip_them; unsigned port_them = parsed->port_src; unsigned status = 0; ip_them = parsed->ip_src[0]<<24 | parsed->ip_src[1]<<16 | parsed->ip_src[2]<< 8 | parsed->ip_src[3]<<0; switch (port_them) { case 53: /* DNS - Domain Name System (amplifier) */ status = handle_dns(out, timestamp, px, length, parsed, entropy); break; case 123: /* NTP - Network Time Protocol (amplifier) */ status = ntp_handle_response(out, timestamp, px, length, parsed, entropy); break; case 137: /* NetBIOS (amplifier) */ status = handle_nbtstat(out, timestamp, px, length, parsed, entropy); break; case 161: /* SNMP - Simple Network Managment Protocol (amplifier) */ status = handle_snmp(out, timestamp, px, length, parsed, entropy); break; case 11211: /* memcached (amplifier) */ px += parsed->app_offset; length = parsed->app_length; status = memcached_udp_parse(out, timestamp, px, length, parsed, entropy); break; case 16464: case 16465: case 16470: case 16471: status = handle_zeroaccess(out, timestamp, px, length, parsed, entropy); break; default: px += parsed->app_offset; length = parsed->app_length; status = default_udp_parse(out, timestamp, px, length, parsed, entropy); break; } if (status == 0) output_report_status( out, timestamp, PortStatus_Open, ip_them, 17, /* ip proto = udp */ port_them, 0, 0, parsed->mac_src); }
void handle_udp(struct Output *out, time_t timestamp, const unsigned char *px, unsigned length, struct PreprocessedInfo *parsed) { unsigned ip_them; unsigned port_them = parsed->port_src; unsigned status = 0; ip_them = parsed->ip_src[0]<<24 | parsed->ip_src[1]<<16 | parsed->ip_src[2]<< 8 | parsed->ip_src[3]<<0; switch (port_them) { case 53: status = handle_dns(out, timestamp, px, length, parsed); break; case 123: status = ntp_handle_response(out, timestamp, px, length, parsed); break; case 137: status = handle_nbtstat(out, timestamp, px, length, parsed); break; case 161: status = handle_snmp(out, timestamp, px, length, parsed); break; case 16464: case 16465: case 16470: case 16471: status = handle_zeroaccess(out, timestamp, px, length, parsed); break; } if (status == 0) output_report_status( out, timestamp, PortStatus_Open, ip_them, 17, /* ip proto = udp */ port_them, 0, 0); }