Version 2 of Detecting Port Scans in Tcl

Updated 2004-07-27 17:15:08


 # the next line restarts using -*-Tcl-*-sh \
 exec tclsh "$0" ${1+"$@"}

 # records all attempts to connect to the ports listed
 # in the portlist.
 # log lines consist of a timestamp, the port number
 # that was connected to, and client peer info.
 # original version by: [email protected] 

 set portlist [ list 6667 8080 31337 ]

 proc cfg { cid addr port } {
     fileevent $cid writable "handle $cid"
     fconfigure $cid -blocking  off

 proc handle { cid } {
     set peerinfo [ fconfigure $cid -peername ]
     set port     [ fconfigure $cid -sockname ]
     close $cid
     set port [ lindex $port 2 ]
     set time [ clock seconds ]
     set time [ clock format $time -format "%m/%d/%y-%r %Z" ]
     puts stdout "$time $port $peerinfo"

 foreach port $portlist {
    socket -server cfg $port
 vwait enter-mainloop