#!/usr/bin/env python # -*- coding: utf-8 -*- # # routeradvert-scan.py: Scan for rogue IPv6 router advertisements. # # Copyright © 2010 Anders Kaseorg # # Permission is hereby granted, free of charge, to any person # obtaining a copy of this software and associated documentation files # (the “Software”), to deal in the Software without restriction, # including without limitation the rights to use, copy, modify, merge, # publish, distribute, sublicense, and/or sell copies of the Software, # and to permit persons to whom the Software is furnished to do so, # subject to the following conditions: # # The above copyright notice and this permission notice shall be # included in all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS # BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN # ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. import BeautifulSoup import errno import math import mechanize import os import re import signal import socket import subprocess import sys import time import urllib # configuration interface = 'eth1' timeout = 120 zclass = 'rcc-auto' zinstance = '6to4' zsig = '%s on %s' % (sys.argv[0], socket.gethostname()) cert_file = os.path.join(os.path.dirname(__file__), 'sipbcert.pem') # end configuration mac_re = re.compile(r'^(?:[0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$') seen_macs = {} def msg(m): os.spawnlp(os.P_WAIT, 'zwrite', 'zwrite', '-q', '-d', '-c', zclass, '-i', zinstance, '-s', zsig, '-O', 'auto', '-m', m) br = mechanize.Browser() br.add_client_certificate("https://nic.mit.edu", cert_file, cert_file) def get_owner(mac): for lookup in ('host', 'less'): try: data = urllib.urlencode({ 'action': 'Lookup Host', 'lookup': lookup, 'mac': mac }) br.open('https://nic.mit.edu/bin/dynareg', data) soup = BeautifulSoup.BeautifulSoup(br.response().read()) for tag in soup.findAll('td'): if tag.string == 'owner:': return tag.nextSibling.string or \ tag.nextSibling.contents[0]['value'] except: pass return None def show_mac(mac, (t, owner)): return '%s (%s)' % (mac, 'unknown owner' if owner is None else owner) def show_macs(): return ', '.join(show_mac(mac, v) for mac, v in seen_macs.iteritems()) def check_gone(): now = time.time() next = None for (mac, (t, owner)) in seen_macs.items(): if t < now: del seen_macs[mac] msg('Gone 6to4 router: %s\nCurrent 6to4 routers: %s' % (show_mac(mac, (t, owner)), show_macs())) elif next is None or next > t: next = t if next is None: signal.alarm(0) else: signal.alarm(int(math.ceil(next - now))) signal.signal(signal.SIGALRM, lambda signum, frame: check_gone()) p = subprocess.Popen(['tcpdump', '-elnp', '-i', interface, 'icmp6 and (ip6[40] = 134)'], stdout=subprocess.PIPE) while True: check_gone() while True: try: line = p.stdout.readline() except IOError, (e, s): if e == errno.EINTR: continue break signal.alarm(0) if line == '': break words = line.split() if len(words) >= 2 and mac_re.match(words[1]): mac = words[1] t = time.time() + timeout if mac in seen_macs: seen_macs[mac][0] = t else: seen_macs[mac] = [t, get_owner(mac)] msg('New 6to4 router: %s\n%s\nCurrent 6to4 routers: %s' % (show_mac(mac, seen_macs[mac]), line.rstrip('\n'), show_macs())) else: print >>sys.stderr, 'Unrecognized line: ', line.rstrip('\n')