dmoran has asked for the wisdom of the Perl Monks concerning the following question:

Has anyone ever messed with writing a port scan detector? I was trying to use PortSentry on an SGI. Didn't work (go figure). I've written quite a few network type scripts but never one that watches more than one port/socket at a time. So I decided to try writing my own. Here's the compact version of what I have so far: 
#!/usr/perl/bin/perl

use IO::Socket;
use IO::Select;

sub AddSocket {
  my $port = $_[0];

  $sock = new IO::Socket::INET(Listen => 1, LocalPort => $port);

  $sock;
}

$one = "6666";
$two = "6667";

$s = IO::Select->new();
$s->add(AddSocket($one));
$s->add(AddSocket($two));

while (@ready = $s->can_read) {
  # Not sure what's next
}

[download]

Once I start the program, sw shows both ports being listened to. As a first step, I just want to figure out which port(s) got a connection and print that info to the screen. My problem is, after I connect to either port, how do I select between the list of listened-to ports? I've tried the 'select' statement a couple different times but with no luck.

Anyone have any ideas?

Thanks.

Darrin Moran

Replies are listed 'Best First'.
Re: Compact port scan detector
by AgentM (Curate) on Oct 20, 2000 at 02:29 UTC
    You definitely want to use blocking I/O (since that's the point of the program) and you want to set the correct bits in your select statement. Straight from the horse's mouth: All filehandles passwd to IO::Select "must be references to file glob handles." That done, you need to block as you do, but to determine which is ready, you simply check the array for a file handle glob. What is returned in the array is ready for reading, so you should read from it (if your interested in what arrived) with the IO::Socket recv function. Of course, you are also missing error handling in your loop which you should be checking with $selobj->has_error. Also a minor issue, but you should probably ignore SIGURG. Not a big deal but M*crosoft made the mistake in their famous OS which was quite humiliating.
    AgentM Systems nor Nasca Enterprises nor Bone::Easy nor Macperl is responsible for the comments made by AgentM. Remember, you can build any logical system with NOR.
[reply]
Re: Compact port scan detector
by Anonymous Monk on Oct 20, 2000 at 20:10 UTC
    Thanks to AgentM!!! Your "stepping thru the process" made the difference. I got the script behaving how I want it now. Once I fine tune it, I'll post it. Again, thanks!


    BTW, this was my first time using this site. It rocks!!!

    Darrin Moran
[reply]

Back to Seekers of Perl Wisdom