#!/bin/bash
#
# Tarpit worms etc.
#

echo -n 'dst host' `ifconfig eth0 | grep 'inet addr:' | sed -e 's/.*addr://' | awk '{print $1}'` > /root/firewall/worms_bpf
echo -n ' and tcp dst port (
23
or 445
or 135
or 139
or 1433
or 1521
or 2967
or 2968
or 3389
or 4460
or 4899
or 5151
or 5168
or 5800
or 5900
or 5901
or 6502
or 6503
or 7212
or 8555
or 9988
or 10000
or 20000
)' >> /root/firewall/worms_bpf

if [ -x /usr/local/bin/labrea ]
then
	ps fax | grep labrea | grep /worms_bpf | awk '{print $1}' | xargs --no-run-if-empty kill -15
	sleep 1
	ps fax | grep labrea | grep /worms_bpf | awk '{print $1}' | xargs --no-run-if-empty kill -9
	sleep 1
	/bin/nice /usr/local/bin/labrea -z -x -v -P -p 32 -b -F /root/firewall/worms_bpf
fi