"SfR Fresh" - the SfR Freeware/Shareware Archive 
Member "wormscan-1.6.1-src/net/websoup/wormscan/AttackSource.java" of archive wormscan-1.6.1-src.tar.gz:
As a special service "SfR Fresh" has tried to format the requested source page into HTML format using source code syntax highlighting with prefixed line numbers.
Alternatively you can here view or download the uninterpreted source code file.
That can be also achieved for any archive member file by clicking within an archive contents listing on the first character of the file(path) respectively on the according byte size field.
1 package net.websoup.wormscan;
2
3 /*
4 * This file is part of WormScan.
5 *
6 * WormScan is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version 2
9 * of the License, or (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19 */
20
21 import java.net.InetAddress;
22 import java.io.Serializable;
23 import java.util.StringTokenizer;
24
25 import net.websoup.wormscan.Attack;
26 import net.websoup.wormscan.Program;
27
28 import org.apache.oro.text.perl.Perl5Util;
29
30 /**
31 * Store everything we know about an attacking machine.
32 * We will also use the Serialization mechanism for caching.
33 * Copyright: Copyright (c) 2001-2004 Andriy Rozeluk <arozeluk@websoup.net>
34 * @author Andriy Rozeluk
35 * @version 1.6.1
36 */
37 public class AttackSource implements Serializable {
38 private static Perl5Util util;
39
40 static {
41 util = new Perl5Util();
42 }
43
44 /* in case of updates to this class, don't screw up the DNS cache */
45 static final long serialVersionUID = -2973424726146112036L;
46
47 /* count number of attacks by this host. Don't store in cache */
48 private transient int attackCount = 0;
49
50 /* all resolved hostnames for this ip */
51 private String[] hostnames;
52
53 /* reversed hostnames for sorting purposes */
54 private String[] hostnamesRev;
55
56 /* ip address in String format */
57 private String ip;
58
59 /* ip address as long */
60 private long ipAddress = 0;
61
62 /* earliest attack by this ip. Don't store in cache */
63 private transient Attack firstAttack = null;
64
65 /* latest attack by this ip. Don't store in cache */
66 private transient Attack lastAttack = null;
67
68 public AttackSource(String ip) {
69 this.ip = ip;
70 attackCount = 0;
71 convertIP();
72 }
73
74 /**
75 * Reverses a host name. For example,
76 * www.websoup.net becomes
77 * com.websoup.www
78 */
79 private String reverseHostname( String input ){
80 if ( input.indexOf( "." ) < 0 ){
81 return input;
82 }
83
84 StringTokenizer st = new StringTokenizer( input, "." );
85 String[] tokens = new String[ st.countTokens() ];
86 for ( int i = 0; i < tokens.length; i++ ){
87 tokens[i] = st.nextToken();
88 }
89
90 StringBuffer sb = new StringBuffer();
91 for ( int i = tokens.length - 1; i >= 0; i-- ){
92 sb.append( tokens[i] );
93 if ( i > 0 ){
94 sb.append( "." );
95 }
96 }
97 return sb.toString().toLowerCase();
98 }
99
100 /**
101 * Does this String consist of just digits + "."
102 */
103 private static boolean verifyIPCharacters( String input ){
104 return util.match( "/^[0-9]{1,3}[.]{1,1}[0-9]{1,3}[.]{1,1}[0-9]{1,3}[.]{1,1}[0-9]{1,3}$/", input );
105 }
106
107 /**
108 * Convert an IP address to its 32-bit int version
109 */
110 public void convertIP(){
111 if ( !verifyIPCharacters( ip ) ){
112 if ( Program.OUTPUT_LEVEL > 3 )
113 System.err.println( "Failed to parse IP address correctly (perhaps it's a hostname): " + ip );
114 this.ipAddress = -1;
115 return;
116 }
117
118 StringTokenizer st = new StringTokenizer( ip, "." );
119 long ipAddress = 0;
120 try {
121 long token = Long.parseLong( st.nextToken() );
122 if ( token < 0 || token > 255 ){
123 throw new Exception( "Invalid IP address" );
124 }
125 ipAddress = ( token << 24 );
126
127 token = Long.parseLong( st.nextToken() );
128 if ( token < 0 || token > 255 ){
129 throw new Exception( "Invalid IP address" );
130 }
131 ipAddress += ( token << 16 );
132
133 token = Long.parseLong( st.nextToken() );
134 if ( token < 0 || token > 255 ){
135 throw new Exception( "Invalid IP address" );
136 }
137 ipAddress += ( token << 8 );
138
139 token = Long.parseLong( st.nextToken() );
140 if ( token < 0 || token > 255 ){
141 throw new Exception( "Invalid IP address" );
142 }
143 ipAddress += token;
144 this.ipAddress = ipAddress;
145 if ( Program.OUTPUT_LEVEL > 3 )
146 System.err.println( "IP address converted to long: " + ipAddress );
147 }
148 catch ( Exception e ){
149 if ( Program.OUTPUT_LEVEL > 1 )
150 System.err.println( "Failed to parse IP address correctly (perhaps it's a hostname): " + ip );
151 this.ipAddress = -1;
152 }
153 }
154
155 /**
156 * Is this attack the last attack from this host?
157 */
158 public boolean isLastAttack( Attack check ){
159 return check.equals( lastAttack );
160 }
161
162 /**
163 * Is this attack the first attack from this host?
164 */
165 public boolean isFirstAttack( Attack check ){
166 return check.equals( firstAttack );
167 }
168
169 /**
170 * Returns the last attack from this host
171 */
172 public Attack getLastAttack(){
173 return lastAttack;
174 }
175
176 /**
177 * Returns the first attack from this host
178 */
179 public Attack getFirstAttack(){
180 return firstAttack;
181 }
182
183 /**
184 * Save firstAttack or lastAttack information, if applicable
185 */
186 public void checkAttackDates( Attack check ){
187 if ( lastAttack == null || check.getDateOfAttack().after( lastAttack.getDateOfAttack() ) )
188 lastAttack = check;
189 if ( firstAttack == null || check.getDateOfAttack().after( firstAttack.getDateOfAttack() ) )
190 firstAttack = check;
191 }
192
193 /**
194 * Just what it says. Find out what the hostnames are.
195 */
196 public void resolveHostnames(){
197 InetAddress[] source = null;
198 try {
199 source = InetAddress.getAllByName(ip);
200 }
201 catch ( java.net.UnknownHostException e ){
202 //what do you expect me to do?
203 }
204 if ( source != null && source.length > 0 ){
205 hostnames = new String[ source.length ];
206 for ( int i = 0; i < source.length; i++ ){
207 if ( ipAddress <= 0 ){
208 ip = source[i].getHostAddress();
209 convertIP();
210 }
211 hostnames[i] = source[i].getHostName();
212 }
213 if ( Program.OUTPUT_LEVEL > 3 ){
214 if (hostnames.length > 0){
215 System.out.println( ip + " resolved to " + hostnames[0] );
216 }
217 else {
218 System.out.println( "Could not resolve hostname for " + ip );
219 hostnames = new String[1];
220 hostnames[0] = ip;
221 }
222 }
223 }
224 else {
225 hostnames = new String[1];
226 hostnames[0] = ip;
227 }
228 }
229
230 /**
231 * Returns all resolved hostnames for this host
232 */
233 public String[] getAttackHostnames(){
234 return hostnames;
235 }
236
237 /**
238 * Returns all resolved hostnames (reversed domains) for sorting
239 */
240 public String[] getReversedHostnames(){
241 if (hostnamesRev == null){
242 if ( hostnames == null ){
243 return null;
244 }
245 hostnamesRev = new String[ hostnames.length ];
246 for( int i = 0; i < hostnames.length; i++ ){
247 hostnamesRev[i] = reverseHostname( hostnames[i] );
248 }
249 }
250 return hostnamesRev;
251 }
252
253 public boolean isHostnameUnresolved(){
254 if ( hostnames == null || hostnames.length < 1 ){
255 return true;
256 }
257 return hostnames[0].equals(ip);
258 }
259
260 public boolean isHostnameOnly(){
261 return (isHostnameUnresolved() && ipAddress <= 0);
262 }
263
264 /**
265 * Returns 32-bit int version of IP address
266 */
267 public long getIntegerIP(){
268 return ipAddress;
269 }
270
271 /**
272 * Returns String version of IP address
273 */
274 public String getAttackIP(){
275 return ip;
276 }
277
278 /**
279 * Increment attack counter for this host
280 */
281 public void addAttack(){
282 attackCount++;
283 }
284
285 /**
286 * Return attack count for this host
287 */
288 public int getAttackCount(){
289 return attackCount;
290 }
291
292 /**
293 * Reset attack count for this host
294 */
295 public void resetAttackCount(){
296 attackCount = 0;
297 }
298 }