#!/bin/bash
#
# Tarpit worms etc.
#

echo -n 'dst host' `ifconfig eth0 | grep 'inet addr:' | sed -e 's/.*addr://' | awk '{print $1}'` > /root/firewall/worms_bpf
echo -n ' and tcp dst port (
23
or 42
or 79
or 130
or 135
or 139
or 179
or 222
or 445
or 513
or 1025
or 1080
or 1433
or 1521
or 1533
or 2967
or 2968
or 3306
or 3389
or 4028
or 4460
or 4899
or 5000
or 5151
or 5168
or 5631
or 5800
or 5900
or 5901
or 5902
or 6000
or 6502
or 6503
or 6666
or 7212
or 8005
or 8008
or 8009
or 8080
or 8081
or 8082
or 8443
or 8520
or 8555
or 8800
or 8909
or 9090
or 9415
or 9988
or 10000
or 12174
or 20000
or 20222
or 27977
or 32764
)' >> /root/firewall/worms_bpf

if [ -x /usr/local/bin/labrea ]
then
	ps fax | grep labrea | grep /worms_bpf | awk '{print $1}' | xargs --no-run-if-empty kill -15
	sleep 1
	ps fax | grep labrea | grep /worms_bpf | awk '{print $1}' | xargs --no-run-if-empty kill -9
	sleep 1
	/bin/nice /usr/local/bin/labrea -z -x -v -P -p 32 -b -F /root/firewall/worms_bpf
fi