From a3132e5a3dba46a667b74a462eca445803660c95 Mon Sep 17 00:00:00 2001 From: Michel Oosterhof Date: Tue, 12 Apr 2016 15:58:32 +0400 Subject: [PATCH] rewrite ipv6 style addresses in case they are really ipv4 --- cowrie/ssh/transport.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/cowrie/ssh/transport.py b/cowrie/ssh/transport.py index 2fa44ab..7a785d7 100644 --- a/cowrie/ssh/transport.py +++ b/cowrie/ssh/transport.py @@ -5,6 +5,7 @@ This module contains ... """ +import re import time import uuid import zlib @@ -170,9 +171,15 @@ class HoneyPotTransport(transport.SSHServerTransport, TimeoutMixin): """ self.transportId = uuid.uuid4().hex[:8] + src_ip = self.transport.getPeer().host + ipv4rex = re.compile( '^::ffff:(\d+\.\d+\.\d+\.\d+)$') + ipv4_search = ipv4rex.search(src_ip) + if ipv4_search != None: + src_ip = ipv4_search.group(1) + log.msg(eventid='cowrie.session.connect', format='New connection: %(src_ip)s:%(src_port)s (%(dst_ip)s:%(dst_port)s) [session: %(session)s]', - src_ip=self.transport.getPeer().host, src_port=self.transport.getPeer().port, + src_ip=src_ip, src_port=self.transport.getPeer().port, dst_ip=self.transport.getHost().host, dst_port=self.transport.getHost().port, session=self.transportId, sessionno=self.transport.sessionno)