The Official Unofficial Zorp project
 
Overview| Examples| Bugs| FAQ | White papers | Download | Help wanted | SourceForge Project page | Filltable utility  
 
 
SourceForge.net: SF.net Project News: Zorp unofficial
  • zorp 2.0.9-6 has been released
  • iptables-utils zorp-unoff version has been released
  • New whitepaper, even more FAQs
  • Zorp whitepapers released, new FAQs
  • New tproxy versions
  • New Zorp version: get the DN
  • The best bughunter
  • Bughunting contest extended
  • Valentine day bughunting contest!
  • Site updates: FAQ, design
    		•
    SourceForge.net: Project File Releases: Zorp unofficial
  • zorp 2.0.9-6 released (Mon, 01 Nov 2004 21:49:58 GMT)
  • zorp 2.0.9-6 released (Mon, 01 Nov 2004 21:40:56 GMT)
  • iptables-utils 1.21-1 released (Mon, 01 Nov 2004 21:19:42 GMT)
  • zorp 2.0.9-1 released (Sat, 12 Jun 2004 00:00:00 GMT)
  • zorplibll 2.0.26.24-1 released (Sat, 12 Jun 2004 00:00:00 GMT)
  • zorp zorp_2.0.8-1 released (Thu, 11 Dec 2003 00:00:00 GMT)
  • zorp zorp_2.0.7-2 released (Wed, 03 Dec 2003 00:00:00 GMT)
  • zorp zorp_2.0.7-1 released (Tue, 11 Nov 2003 00:00:00 GMT)
  • zorplibll zorplibll_2.0.26.23-1 released (Mon, 10 Nov 2003 00:00:00 GMT)
    		•
    		download
    
#
#
# This is an example policy which denies ssh password scans:
# if a IP has opened 3 sessions which is shorter than 1 minute
# three times in the last 10 minute, the connection will be denied
#
#

import time
short_sessions = {}

class MySSHPlugProxy(PlugProxy):
        def config(self):
                global short_sessions

                PlugProxy.config(self)
                ip = self.session.client_address.ip_s
                now = time.time()
                try:
                        (last_attempt, count) = short_sessions[ip]
                except KeyError:
                        last_attempt = now
                        count = 0
                if now > last_attempt + 600:
                        # last attempt more than 10 minutes ago, it is allowed again
                        last_attempt = now
                        count = 0
                count = count + 1
                if count > 3 and now < last_attempt + 180:
                        # more than 3 attempts in the last 3 minutes
                        raise DACException, "Connections over limit"
                short_sessions[ip] = (now, count)
                self.started_time = now

        def shutDown(self):
                global short_sessions

                PlugProxy.shutDown(self)
                now = time.time()
                if now - self.started_time > 60:
                        # this was a session longer than 60 seconds, it was not a 
                        # real short session
                        ip = self.session.client_address.ip_s
                        (last_attempt, count) = short_sessions[ip]
                        short_sessions[ip] = (last_attempt, count - 1)