我正在尝试为SOAP数据包创建防火墙,我使用NetfilterQueue来拦截数据包,我只验证包含实际SOAP请求的数据包,但是NetfilterQueue函数pckt.drop()没有警告请求被拒绝的客户端,在这种情况下客户端不断重新发送数据包,我尝试发送HTTP 403错误,但它没有影响该过程,就像客户端没有收到它一样所有,可能是我做错了什么,如果有人可以帮助我,我会非常感激,这是我的python脚本:
from scapy.all import *
from netfilterqueue import NetfilterQueue
from scapy.layers import inet
def isSOAP(pkt):
message=str(IP(pkt.get_payload())[TCP].payload)
if(len(message)>0 and message.find("xml")>-1 and message.find("soap")>-1):
return True
else:
return False
def check_signatures(pkt):
if (isSOAP(pkt)):
message=str(IP(pkt.get_payload())[TCP].payload)
if is_attack(message):
print "detected as attack"
log_attack(pkt)
pkt.drop()
send_403(IP(pkt))
else:
print "normal message"
log_normal(message,IP(pkt.get_payload()).src)
pkt.accept()
else:
pkt.accept()
def send_403(pkt):
AckNr=pkt[TCP].seq+len(pkt[TCP].payload)
seqNr=pkt[TCP].ack
port=pkt.sport
html1="HTTP/1.1 403 OK\x0d\x0aDate: Wed, 29 Sep 2010 20:19:05 GMT\x0d\x0aServer: Testserver\x0d\x0aConnection: Keep-Alive\x0d\x0aContent-Type: text/html; charset=UTF-8\x0d\x0aContent-Length: 291\x0d\x0a\x0d\x0a<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0//EN\"><html><head><title>Testserver</title></head><body bgcolor=\"black\" text=\"white\" link=\"blue\" vlink=\"purple\" alink=\"red\"><p><font face=\"Courier\" color=\"blue\">-Welcome to test server-------------------------------</font></p></body></html>"
ip=IP(src=pkt.dst, dst=pkt.src)
TCP_SYNACK=TCP(sport=80, dport=port, flags="A", seq=seqNr, ack=AckNr)
ANSWER=sr1(ip/TCP_SYNACK)
data1=TCP(sport=80, dport=port, flags="PA", seq=seqNr, ack=AckNr, options=[('MSS', 1460)])
ackdata1=sr1(ip/data1/html1)
SeqNr=ackdata1.ack
Bye=TCP(sport=80, dport=port, flags="RA", seq=SeqNr, ack=AckNr, options=[('MSS', 1460)])
send(ip/Bye)
nfqueue = NetfilterQueue()
nfqueue.bind(1, check_signatures)
try:
nfqueue.run()
except KeyboardInterrupt:
print