+++ /dev/null
-diff -urN portsentry-1.0.orig/portsentry.c portsentry-1.0/portsentry.c
---- portsentry-1.0.orig/portsentry.c Sun Nov 14 23:43:06 1999
-+++ portsentry-1.0/portsentry.c Sat May 19 14:23:17 2001
-@@ -326,7 +326,7 @@
- if ((ipPtr->ihl < 5) || (ipPtr->ihl > 15))
- {
- addr.s_addr = (u_int) ipPtr->saddr;
-- Log ("attackalert: Illegal IP header length detected: %d from (possible) host: %s\n",
-+ LogAttack ("attackalert: Illegal IP header length detected: %d from (possible) host: %s\n",
- ipPtr->ihl, inet_ntoa (addr));
- return (FALSE);
- }
-@@ -358,7 +358,7 @@
- if ((ipPtr->ihl < 5) || (ipPtr->ihl > 15))
- {
- addr.s_addr = (u_int) ipPtr->saddr;
-- Log ("attackalert: Illegal IP header length detected: %d from (possible) host: %s\n",
-+ LogAttack ("attackalert: Illegal IP header length detected: %d from (possible) host: %s\n",
- ipPtr->ihl, inet_ntoa (addr));
- return (FALSE);
- }
-@@ -485,7 +485,7 @@
-
- if (result == ERROR)
- {
-- Log ("attackalert: ERROR: cannot open ignore file. Blocking host anyway.\n");
-+ LogAttack ("attackalert: ERROR: cannot open ignore file. Blocking host anyway.\n");
- result = FALSE;
- }
-
-@@ -505,12 +505,12 @@
-
-
- packetType = ReportPacketType (tcp);
-- Log ("attackalert: %s from host: %s/%s to TCP port: %d",
-+ LogAttack ("attackalert: %s from host: %s/%s to TCP port: %d",
- packetType, resolvedHost, target,
- ports2[count]);
- /* Report on options present */
- if (ip.ihl > 5)
-- Log ("attackalert: Packet from host: %s/%s to TCP port: %d has IP options set (detection avoidance technique).",
-+ LogAttack ("attackalert: Packet from host: %s/%s to TCP port: %d has IP options set (detection avoidance technique).",
- resolvedHost, target, ports2[count]);
-
- /* check if this target is already blocked */
-@@ -518,7 +518,7 @@
- {
- /* toast the prick */
- if (DisposeTCP (target, ports2[count]) != TRUE)
-- Log ("attackalert: ERROR: Could not block host %s/%s !!",
-+ LogAttack ("attackalert: ERROR: Could not block host %s/%s !!",
- resolvedHost, target);
- else
- WriteBlocked (target, resolvedHost,
-@@ -526,7 +526,7 @@
- gblHistoryFile, "TCP");
- } /* end IsBlocked check */
- else
-- Log ("attackalert: Host: %s/%s is already blocked Ignoring",
-+ LogAttack ("attackalert: Host: %s/%s is already blocked Ignoring",
- resolvedHost, target);
- } /* end if(scanDetectTrigger) */
- } /* end if(never block) check */
-@@ -664,7 +664,7 @@
-
- if (result == ERROR)
- {
-- Log ("attackalert: ERROR: cannot open ignore file. Blocking host anyway.\n");
-+ LogAttack ("attackalert: ERROR: cannot open ignore file. Blocking host anyway.\n");
- result = FALSE;
- }
-
-@@ -684,11 +684,11 @@
- snprintf (resolvedHost, DNSMAXBUF, "%s", target);
-
- packetType = ReportPacketType (tcp);
-- Log ("attackalert: %s from host: %s/%s to TCP port: %d",
-+ LogAttack ("attackalert: %s from host: %s/%s to TCP port: %d",
- packetType, resolvedHost, target, incomingPort);
- /* Report on options present */
- if (ip.ihl > 5)
-- Log ("attackalert: Packet from host: %s/%s to TCP port: %d has IP options set (detection avoidance technique).",
-+ LogAttack ("attackalert: Packet from host: %s/%s to TCP port: %d has IP options set (detection avoidance technique).",
- resolvedHost, target, incomingPort);
-
- /* check if this target is already blocked */
-@@ -696,7 +696,7 @@
- {
- /* toast the prick */
- if (DisposeTCP (target, incomingPort) != TRUE)
-- Log ("attackalert: ERROR: Could not block host %s/%s!!",
-+ LogAttack ("attackalert: ERROR: Could not block host %s/%s!!",
- resolvedHost, target);
- else
- WriteBlocked (target, resolvedHost,
-@@ -704,7 +704,7 @@
- gblHistoryFile, "TCP");
- } /* end IsBlocked check */
- else
-- Log ("attackalert: Host: %s/%s is already blocked Ignoring",
-+ LogAttack ("attackalert: Host: %s/%s is already blocked Ignoring",
- resolvedHost, target);
- } /* end if(scanDetectTrigger) */
- } /* end if(never block) check */
-@@ -825,7 +825,7 @@
-
- if (result == ERROR)
- {
-- Log ("attackalert: ERROR: cannot open ignore file. Blocking host anyway.\n");
-+ LogAttack ("attackalert: ERROR: cannot open ignore file. Blocking host anyway.\n");
- result = FALSE;
- }
-
-@@ -843,18 +843,18 @@
- else
- snprintf (resolvedHost, DNSMAXBUF, "%s", target);
-
-- Log ("attackalert: UDP scan from host: %s/%s to UDP port: %d",
-+ LogAttack ("attackalert: UDP scan from host: %s/%s to UDP port: %d",
- resolvedHost, target, ports2[count]);
- /* Report on options present */
- if (ip.ihl > 5)
-- Log ("attackalert: Packet from host: %s/%s to UDP port: %d has IP options set (detection avoidance technique).",
-+ LogAttack ("attackalert: Packet from host: %s/%s to UDP port: %d has IP options set (detection avoidance technique).",
- resolvedHost, target, incomingPort);
-
- /* check if this target is already blocked */
- if (IsBlocked (target, gblBlockedFile) == FALSE)
- {
- if (DisposeUDP (target, ports2[count]) != TRUE)
-- Log ("attackalert: ERROR: Could not block host %s/%s!!",
-+ LogAttack ("attackalert: ERROR: Could not block host %s/%s!!",
- resolvedHost, target);
- else
- WriteBlocked (target, resolvedHost, ports2[count],
-@@ -862,7 +862,7 @@
- } /* end IsBlocked check */
- else
- {
-- Log ("attackalert: Host: %s/%s is already blocked Ignoring",
-+ LogAttack ("attackalert: Host: %s/%s is already blocked Ignoring",
- resolvedHost, target);
- }
- } /* end if(scanDetectTrigger) */
-@@ -998,7 +998,7 @@
-
- if (result == ERROR)
- {
-- Log ("attackalert: ERROR: cannot open ignore file. Blocking host anyway.\n");
-+ LogAttack ("attackalert: ERROR: cannot open ignore file. Blocking host anyway.\n");
- result = FALSE;
- }
-
-@@ -1017,25 +1017,25 @@
- else
- snprintf (resolvedHost, DNSMAXBUF, "%s", target);
-
-- Log ("attackalert: UDP scan from host: %s/%s to UDP port: %d",
-+ LogAttack ("attackalert: UDP scan from host: %s/%s to UDP port: %d",
- resolvedHost, target, incomingPort);
- /* Report on options present */
- if (ip.ihl > 5)
-- Log ("attackalert: Packet from host: %s/%s to UDP port: %d has IP options set (detection avoidance technique).",
-+ LogAttack ("attackalert: Packet from host: %s/%s to UDP port: %d has IP options set (detection avoidance technique).",
- resolvedHost, target, incomingPort);
-
- /* check if this target is already blocked */
- if (IsBlocked (target, gblBlockedFile) == FALSE)
- {
- if (DisposeUDP (target, incomingPort) != TRUE)
-- Log ("attackalert: ERROR: Could not block host %s/%s!!",
-+ LogAttack ("attackalert: ERROR: Could not block host %s/%s!!",
- resolvedHost, target);
- else
- WriteBlocked (target, resolvedHost, incomingPort,
- gblBlockedFile, gblHistoryFile, "UDP");
- } /* end IsBlocked check */
- else
-- Log ("attackalert: Host: %s/%s is already blocked Ignoring",
-+ LogAttack ("attackalert: Host: %s/%s is already blocked Ignoring",
- resolvedHost, target);
- } /* end if(scanDetectTrigger) */
- } /* end if(never block) check */
-@@ -1173,7 +1173,7 @@
- &length);
- if (incomingSockfd < 0)
- {
-- Log ("attackalert: Possible stealth scan from unknown host to TCP port: %d (accept failed)",
-+ LogAttack ("attackalert: Possible stealth scan from unknown host to TCP port: %d (accept failed)",
- ports[count]);
- break;
- }
-@@ -1186,7 +1186,7 @@
-
- if (result == ERROR)
- {
-- Log ("attackalert: ERROR: cannot open ignore file. Blocking host anyway.\n");
-+ LogAttack ("attackalert: ERROR: cannot open ignore file. Blocking host anyway.\n");
- result = FALSE;
- }
-
-@@ -1211,14 +1211,14 @@
- else
- snprintf (resolvedHost, DNSMAXBUF, "%s", target);
-
-- Log ("attackalert: Connect from host: %s/%s to TCP port: %d",
-+ LogAttack ("attackalert: Connect from host: %s/%s to TCP port: %d",
- resolvedHost, target, ports[count]);
-
- /* check if this target is already blocked */
- if (IsBlocked (target, gblBlockedFile) == FALSE)
- {
- if (DisposeTCP (target, ports[count]) != TRUE)
-- Log ("attackalert: ERROR: Could not block host %s !!",
-+ LogAttack ("attackalert: ERROR: Could not block host %s !!",
- target);
- else
- WriteBlocked (target, resolvedHost,
-@@ -1226,7 +1226,7 @@
- gblHistoryFile, "TCP");
- }
- else
-- Log ("attackalert: Host: %s is already blocked. Ignoring",
-+ LogAttack ("attackalert: Host: %s is already blocked. Ignoring",
- target);
- }
- }
-@@ -1380,7 +1380,7 @@
- result = NeverBlock (target, gblIgnoreFile);
- if (result == ERROR)
- {
-- Log ("attackalert: ERROR: cannot open ignore file. Blocking host anyway.\n");
-+ LogAttack ("attackalert: ERROR: cannot open ignore file. Blocking host anyway.\n");
- result = FALSE;
- }
- if (result == FALSE)
-@@ -1410,7 +1410,7 @@
- if (IsBlocked (target, gblBlockedFile) == FALSE)
- {
- if (DisposeUDP (target, ports[count]) != TRUE)
-- Log ("attackalert: ERROR: Could not block host %s !!",
-+ LogAttack ("attackalert: ERROR: Could not block host %s !!",
- target);
- else
- WriteBlocked (target, resolvedHost,
-@@ -1418,7 +1418,7 @@
- gblHistoryFile, "UDP");
- }
- else
-- Log ("attackalert: Host: %s is already blocked. Ignoring",
-+ LogAttack ("attackalert: Host: %s is already blocked. Ignoring",
- target);
- }
- }
-@@ -1469,7 +1469,7 @@
- status = FALSE;
- }
- else
-- Log ("attackalert: Ignoring TCP response per configuration file setting.");
-+ LogAttack ("attackalert: Ignoring TCP response per configuration file setting.");
-
- return (status);
- }
-@@ -1508,7 +1508,7 @@
- status = FALSE;
- }
- else
-- Log ("attackalert: Ignoring UDP response per configuration file setting.");
-+ LogAttack ("attackalert: Ignoring UDP response per configuration file setting.");
-
- return (status);
- }
-diff -urN portsentry-1.0.orig/portsentry_config.h portsentry-1.0/portsentry_config.h
---- portsentry-1.0.orig/portsentry_config.h Tue Mar 7 20:45:13 2000
-+++ portsentry-1.0/portsentry_config.h Sat May 19 14:23:17 2001
-@@ -40,7 +40,7 @@
- /* any of the facilities from syslog.h to send messages to (LOCAL0, etc) */
- #define SYSLOG_FACILITY LOG_DAEMON
- #define SYSLOG_LEVEL LOG_NOTICE
--
-+#define SYSLOG_LEVEL_ATTACK LOG_ALERT
-
- /* the maximum number of hosts to keep in a "previous connect" state engine*/
- #define MAXSTATE 50
-diff -urN portsentry-1.0.orig/portsentry_io.c portsentry-1.0/portsentry_io.c
---- portsentry-1.0.orig/portsentry_io.c Sun Nov 14 23:43:06 1999
-+++ portsentry-1.0/portsentry_io.c Sat May 19 14:30:09 2001
-@@ -34,22 +34,34 @@
-
- /* Main logging function to surrogate syslog */
- void
--Log (char *logentry, ...)
-+DoLog (int priority, char *logentry, va_list argsPtr)
- {
- char logbuffer[MAXBUF];
-
-- va_list argsPtr;
-- va_start (argsPtr, logentry);
--
- vsnprintf (logbuffer, MAXBUF, logentry, argsPtr);
-
-- va_end(argsPtr);
--
- openlog ("portsentry", LOG_PID, SYSLOG_FACILITY);
-- syslog (SYSLOG_LEVEL, "%s", logbuffer);
-+ syslog (priority, "%s", logbuffer);
- closelog ();
- }
-
-+void
-+Log (char *logentry, ...)
-+{
-+ va_list argsPtr;
-+ va_start (argsPtr, logentry);
-+ DoLog (SYSLOG_LEVEL, logentry, argsPtr);
-+ va_end(argsPtr);
-+}
-+
-+void
-+LogAttack (char *logentry, ...)
-+{
-+ va_list argsPtr;
-+ va_start (argsPtr, logentry);
-+ DoLog (SYSLOG_LEVEL_ATTACK, logentry, argsPtr);
-+ va_end(argsPtr);
-+}
-
- void
- Exit (int status)
-@@ -460,7 +472,7 @@
- }
- else
- {
-- Log ("attackalert: Host %s has been blocked via dropped route using command: \"%s\"", target,
-+ LogAttack ("attackalert: Host %s has been blocked via dropped route using command: \"%s\"", target,
- commandStringFinal);
- return (TRUE);
- }
-@@ -508,7 +520,7 @@
- else
- {
- /* report success */
-- Log ("attackalert: External command run for host: %s using command: \"%s\"", target,
-+ LogAttack ("attackalert: External command run for host: %s using command: \"%s\"", target,
- commandStringFinal);
- return (TRUE);
- }
-@@ -568,7 +580,7 @@
- {
- fprintf (output, "%s\n", commandStringFinal);
- fclose (output);
-- Log ("attackalert: Host %s has been blocked via wrappers with string: \"%s\"", target, commandStringFinal);
-+ LogAttack ("attackalert: Host %s has been blocked via wrappers with string: \"%s\"", target, commandStringFinal);
- return (TRUE);
- }
- }
-diff -urN portsentry-1.0.orig/portsentry_io.h portsentry-1.0/portsentry_io.h
---- portsentry-1.0.orig/portsentry_io.h Sun Nov 14 23:43:06 1999
-+++ portsentry-1.0/portsentry_io.h Sat May 19 14:23:17 2001
-@@ -31,6 +31,7 @@
- /* prototypes */
- int WriteBlocked (char *, char *, int, char *, char *, char *);
- void Log (char *,...);
-+void LogAttack (char *,...);
- void Exit (int);
- void Start (void);
- int DaemonSeed (void);