search

haka-security / haka

Haka runtime
http://haka-security.org
Mozilla Public License 2.0
445 stars 65 forks source link

attempt to call field 'disable_dissector' (a nil value) #7

Closed loveshell closed 10 years ago

loveshell commented 10 years ago

i test this http://www.haka-security.org/blog/2014/04/10/defeating-nmap-scans.html,and happend problem

error lua:       /usr/share/haka/sample//ruleset/nmap.lua:4: attempt to call field 'disable_dissector' (a nil value)
fatal core:      thread initialization error
mtalbi commented 10 years ago

This code works only on haka v0.1

Hereafter, a slightly modified version that works on haka v0.2:

raw = require('protocol/raw')
ipv4 = require('protocol/ipv4')
tcp = require('protocol/tcp')

haka.rule {
    hook = tcp.events.receive_packet,
    eval = function(pkt)
        local flags = pkt.flags.all
        -- test for null, fin and xmas nmap scans 
        if flags == 0 or flags == 0x1 or flags == 0x29 then
            -- raw packet
            local rstpkt = raw.create()
            -- ip packet
            rstpkt = ipv4.create(rstpkt)
            rstpkt.ttl = pkt.ip.ttl
            rstpkt.dst = pkt.ip.src
            rstpkt.src = pkt.ip.dst
            -- tcp packet
            rstpkt = tcp.create(rstpkt)
            rstpkt.srcport = pkt.dstport
            rstpkt.dstport = pkt.srcport
            rstpkt.flags.rst = true
            rstpkt.flags.ack = true
            rstpkt.ack_seq = pkt.seq + 1
            -- inject forged packet and
            -- drop malicious scanning packet
            rstpkt:send()
            pkt:drop()
        end
    end
}

We will update the blog post on haka-security.org as soon as possible.

mtalbi commented 10 years ago

The blog post has been updated: http://www.haka-security.org/blog/2014/04/10/defeating-nmap-scans.html.