--- a/conpot/protocols/ipmi/ipmi_server.py +++ b/conpot/protocols/ipmi/ipmi_server.py @@ -92,11 +92,25 @@ csum &= 0xFF return csum + def _add_event(self, address, event_data): + session = conpot_core.get_session( + "ipmi", + address[0], + address[1], + self.sock.getsockname()[0], + self.port, + ) + session.add_event(event_data) + def handle(self, data, address): # make sure self.session exists if not address[0] in self.sessions.keys() or not hasattr(self, "session"): # new session for new source logger.info("New IPMI traffic from %s", address) + self._add_event( + address, + {"type": "NEW_CONNECTION", "request": data, "response": None}, + ) self.session = FakeSession(address[0], "", "", address[1]) self.session.server = self self.uuid = uuid.uuid4() @@ -165,10 +179,10 @@ (clientaddr, clientlun) = struct.unpack("BB", data[17:19]) level &= 0b1111 self.send_auth_cap( - myaddr, mylun, clientaddr, clientlun, session.sockaddr + myaddr, mylun, clientaddr, clientlun, session.sockaddr, data ) - def send_auth_cap(self, myaddr, mylun, clientaddr, clientlun, sockaddr): + def send_auth_cap(self, myaddr, mylun, clientaddr, clientlun, sockaddr, request=None): header = b"\x06\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10" headerdata = (clientaddr, clientlun | (7 << 2)) @@ -181,11 +195,19 @@ header += chr_py3(self._checksum(*bodydata)) self.session.stage += 1 logger.info("Connection established with %s", sockaddr) + self._add_event( + sockaddr, + {"type": "GET_CHANNEL_AUTH_CAPABILITIES", "request": request, "response": header}, + ) self.session.send_data(header, sockaddr) def close_server_session(self): logger.info("IPMI Session closed %s", self.session.sockaddr[0]) # cleanup session + self._add_event( + self.session.sockaddr, + {"type": "CONNECTION_LOST", "request": None, "response": None}, + ) del self.sessions[self.session.sockaddr[0]] del self.session