diff --git a/prometheus/main.go b/prometheus/main.go index 520b1c9..17444e7 100644 --- a/prometheus/main.go +++ b/prometheus/main.go @@ -31,6 +31,7 @@ type metrics struct { mqttConnectVersions *prometheus.CounterVec mqttSubscribeTopics *prometheus.CounterVec mqttCredentials *prometheus.CounterVec + telnetInput *prometheus.CounterVec mqttPublishTopics *prometheus.CounterVec mqttConacks prometheus.Counter mqttUnsubscribe prometheus.Counter @@ -88,6 +89,10 @@ func NewMetrics() *metrics { Name: "mqtt_pit_credentials", Help: "MQTT credentials used", }, []string{"username", "password"}), + telnetInput: prometheus.NewCounterVec(prometheus.CounterOpts{ + Name: "telnet_pit_input", + Help: "Attacker input captured from Telnet sessions", + }, []string{"ip"}), mqttPublishTopics: prometheus.NewCounterVec(prometheus.CounterOpts{ Name: "mqtt_pit_publish_topics", Help: "MQTT PUBLISH topic and QoS", @@ -105,10 +110,10 @@ func NewMetrics() *metrics { Help: "Total PUBREC requests for MQTT", }), } - prometheus.MustRegister(m.totalConnects, m.totalTrappedTime, m.activeClients, m.clients, + prometheus.MustRegister(m.totalConnects, m.totalTrappedTime, m.activeClients, m.clients, m.upnpOtherHttpRequests, m.upnpMSearchRequests, m.upnpNonMSearchRequests, m.mqttConacks, m.mqttUnsubscribe, m.mqttPubrec, - m.mqttMalformedConnect, m.mqttConnectVersions, m.mqttSubscribeTopics, m.mqttCredentials, m.mqttPublishTopics,) + m.mqttMalformedConnect, m.mqttConnectVersions, m.mqttSubscribeTopics, m.mqttCredentials, m.telnetInput, m.mqttPublishTopics,) return m } @@ -199,7 +204,7 @@ func handleMetric(line string, metrics *metrics) { if len(fields) >= 4 { url = fields[3] } - + metrics.upnpOtherHttpRequests.WithLabelValues(method, url).Inc() case "M-SEARCH": ip := fields[2] @@ -229,7 +234,7 @@ func handleMetric(line string, metrics *metrics) { if len(fields) >= 4 { password = fields[3] } - + metrics.mqttCredentials.WithLabelValues(username, password).Inc() case "PUBLISH": @@ -243,6 +248,12 @@ func handleMetric(line string, metrics *metrics) { metrics.mqttUnsubscribe.Inc(); case "PUBREC": metrics.mqttPubrec.Inc(); + case "action": + if len(fields) < 4 { + return + } + ip := fields[2] + metrics.telnetInput.WithLabelValues(ip).Inc(); } } @@ -304,7 +315,7 @@ func geoLookup(ipStr string) string { Country struct { ISOCode string `maxminddb:"iso_code"` } `maxminddb:"country"` - } + } err := db.Lookup(ip).Decode(&record) if err != nil { log.Panic(err) @@ -312,4 +323,4 @@ func geoLookup(ipStr string) string { fmt.Print(record.Country.ISOCode) return record.Country.ISOCode -} \ No newline at end of file +} diff --git a/servers/telnet_pit.c b/servers/telnet_pit.c index ebd2013..daed2de 100644 --- a/servers/telnet_pit.c +++ b/servers/telnet_pit.c @@ -122,11 +122,41 @@ int main(int argc, char *argv[]) { c->base.sendNext = now + delay; c->base.timeConnected += delay; statsTelnet.totalWastedTime += delay; + char buf[65]; + ssize_t r=read(c->fd, buf, sizeof(buf)-1); + if(r<0){ + //do nothing + }else if(r==0){ + char msg[256]; + snprintf(msg, sizeof(msg), "%s disconnect %s %lld\n", + SERVER_ID, c->base.ipaddr, c->base.timeConnected); + printf("%s", msg); + sendMetric(msg); + close(c->fd); + free(c); + continue; + }else{ + //terminate null + buf[r]='\0'; + for(int i=0;i126) buf[i]='.'; + if(buf[i]=='\t') buf[i]=' '; + } + + //send metric + char msg[256]; + snprintf(msg, sizeof(msg), "%s action %s %s\n", + SERVER_ID, c->base.ipaddr, buf); + printf("%s", msg); + + sendMetric(msg); + } queue_append(&clientQueueTelnet, (struct baseClient *)c); } - } else { + }else{ timeout = clientQueueTelnet.head->sendNext - now; break; + } }