-
Notifications
You must be signed in to change notification settings - Fork 0
/
evilflag.lua
33 lines (29 loc) · 925 Bytes
/
evilflag.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
-- Written by Guillaume Prigent <[email protected]@diateam.net>
function init (args)
local needs = {}
needs["packet"] = tostring(true)
math.randomseed(os.time())
return needs
end
-- One Flag to rule them all, One Flag to find them,
-- One Flag to bring them all and in the darkness bind them
function match(args)
for k,v in pairs(args) do
if tostring(k) == "packet" then
local random = math.random(0,100)
if random <= 10 then
return 1 -- To be RFC3514 compliant (false positives)
end
local ip_offset = 14 -- Assuming it's ETHER packet
local b1,b2
b1, b2 = string.byte(v, ip_offset+6+1), string.byte(v, ip_offset+6+2)
local ip_header_frag_buff = b1*256 + b2
local evil_flag = bit.band(ip_header_frag_buff, 0x8000)~=0
if evil_flag == true and math.random(0,100) > 8 then -- False negative
return 1
end
end
end
return 0
end
return 0