17.17. Program: backsniff
This program logs attempts to connect to ports. It uses the Sys::Syslog module (it in turn wants the
syslog.ph
library, which may or may not come with your system) to log the connection attempt as level LOG_NOTICE and facility LOG_DAEMON. It uses It produces entries in the system log file like this:
Install it in the inetd.conf file with a line like this:
The program is shown in Example 17.7 . Example 17.7: backsniff#!/usr/bin/perl -w # backsniff - log attempts to connect to particular ports use Sys::Syslog; use Socket; # identify my port and address $sockname = getsockname(STDIN) or die "Couldn't identify myself: $!\n"; ($port, $iaddr) = sockaddr_in($sockname); $my_address = inet_ntoa($iaddr); # get a name for the service $service = (getservbyport ($port, "tcp"))[0] || $port; # now identify remote address $sockname = getpeername(STDIN) or die "Couldn't identify other end: $!\n"; ($port, $iaddr) = sockaddr_in($sockname); $ex_address = inet_ntoa($iaddr); # and log the information openlog("sniffer", "ndelay", "daemon"); syslog("notice", "Connection from %s to %s:%s\n", $ex_address, $my_address, $service); closelog(); exit; |
|