-
Notifications
You must be signed in to change notification settings - Fork 243
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The IP of the connection isn't logged if exited before receiving ClientInfoPDU #122
Comments
The IP in the ClientInfo PDU is the local IP address and is different from the IP address of the connection. The IP address of the connection should be logged in the first log statement. Isn’t it the case? Maybe it’s just a debug statement, but I know we used to log that information. |
Thanks for the correction, I guess I didn't pay attention to that part. Looks like it isn't, even in DEBUG. Here is a short connection to demonstrate.
|
Weird. Maybe it has been lost in some commit. We should definitely log this
information.
…On Wed., Jun. 19, 2019, 10:39 Maxime Carbonneau, ***@***.***> wrote:
Thanks for the correction, I guess I didn't pay attention to that part.
Looks like it isn't, even in DEBUG. Here is a short connection to
demonstrate.
[2019-06-17 15:01:42,233] - INFO - Anna900855 - pyrdp.mitm.connections.tcp - New client connected
[2019-06-17 15:01:42,236] - INFO - Anna900855 - pyrdp.mitm.connections.x224 - No cookie for this connection
[2019-06-17 15:01:42,236] - DEBUG - Anna900855 - pyrdp.mitm.connections.client.x224 - Received X224ConnectionRequestPDU{'payload': b'\x01\x00\x08\x00\x00\x00\x00\x00', 'header': <X224PDUType.X224_TPDU_CONNECTION_REQUEST: 14>, 'credit': 0, 'destination': 0, 'source': 0, 'options': 0}
[2019-06-17 15:01:42,280] - INFO - Anna900855 - pyrdp.mitm.connections.tcp - Server connected
[2019-06-17 15:01:42,281] - INFO - Anna900855 - pyrdp.mitm.connections.tcp - Attacker connected
[2019-06-17 15:01:42,324] - DEBUG - Anna900855 - pyrdp.mitm.connections.server.x224 - Received X224ConnectionConfirmPDU{'payload': b'\x02\t\x08\x00\x00\x00\x00\x00', 'header': <X224PDUType.X224_TPDU_CONNECTION_CONFIRM: 13>, 'credit': 0, 'destination': 4660, 'source': 0, 'options': 0}
[2019-06-17 15:01:42,451] - INFO - Anna900855 - pyrdp.mitm.connections.tcp - Client connection closed. Connection was closed cleanly.
[2019-06-17 15:01:42,452] - INFO - Anna900855 - pyrdp.mitm.connections.tcp - Client connection time: 0.21841096878051758 secs
[2019-06-17 15:01:42,452] - INFO - Anna900855 - pyrdp.mitm.connections.tcp - Attacker connection closed. Connection was closed cleanly.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#122?email_source=notifications&email_token=ADPMNL6QUSXFH4OLU6VXL5TP3JAJXA5CNFSM4HZKFOVKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODYCCWRA#issuecomment-503589700>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADPMNL3IUGRUO3IRRO7YOETP3JAJXANCNFSM4HZKFOVA>
.
|
Currently, most of the incoming connections are scanners. Scanners won't send a ClientInfoPDU since it's later in the protocol.
With our current logging, we have no way of identifying WHO connected to pyrdp. This would be really useful to correlate data. Should this be added in #117, or appended to
New Client connected
?Ex:
New client connected from 127.0.0.1
The text was updated successfully, but these errors were encountered: