search

jathanism / thrasher-logdrop

Thrasher log parser that will interact with iptables as it detects activity
4 stars 0 forks source link

Thrasher distribution. #2

Open errzey opened 14 years ago

errzey commented 14 years ago

The trasher service currently does not have the ability to distribute held-down addresses to other thrasher instances. Since this is a complex subject it is much better suited to an external script in which does this.

This feature must allow for grouping of thrasher instances, for example:

Group A thrashd1:port thrashd2:port

Group B thrashd3:port thrashd4:port thrashd5:port

If a hold-down occurs on thrashd1, it would only distribute this address to thrashd2. Likewise if thrashd5 issues a hold-down, it should send a request to both thrashd4 and thrashd3.

The packet structure for an INJECTION is as follows:

[1 BYTE, value 2] [4 BYTE, network byte order IP ADDRESS]

jathanism commented 14 years ago 
# network byte order
import netaddr
import socket
ip = netaddr.IPAddress('84.52.184.224')
# equivalent to: struct.unpack('L',socket.inet_aton(ip))[0]
nbo = socket.htonl(ip.value)
# => 3770168404L