make lan server test only a few ports, add run time test grace period in service detection attack prevetion mechanism

master
Kevin 2020-06-19 01:08:39 -05:00
parent 5751468e8a
commit 7205189d62
2 changed files with 5 additions and 2 deletions

View File

@ -3,6 +3,7 @@
LAN transport server thread
"""
import ipaddress
import time
from threading import Thread
from gevent.pywsgi import WSGIServer
@ -36,6 +37,7 @@ from utils.bettersleep import better_sleep
along with this program. If not, see <https://www.gnu.org/licenses/>.
"""
ports = range(1337, 1340)
_start_time = time.time()
class LANServer:
def __init__(self, shared_state):
@ -50,7 +52,8 @@ class LANServer:
@app.before_request
def dns_rebinding_prevention():
if request.remote_addr in lan_ips or ipaddress.ip_address(request.remote_addr).is_loopback:
abort(403)
if time.time() - _start_time < 600:
abort(403)
if request.host != f'{self.host}:{self.port}':
logger.warn('Potential DNS rebinding attack on LAN server:')
logger.warn(f'Hostname {request.host} was used instead of {self.host}:{self.port}')

View File

@ -10,7 +10,7 @@ import logger
def test_lan_server(testmanager):
start_time = get_epoch()
for i in range(1024, 65536):
for i in range(1337, 1340):
try:
if requests.get(f"http://{best_ip}:{i}/ping").text == 'onionr!':
bl = insert('test data')