#!/usr/bin/perl
# (c) Dinko Korunic, 2004.
# /usr/local/sbin/labrea -v -z -s -d -p 10240 -h -l -b

use Socket;

$attacker_ip = ();
$attacker_port = ();
$destination_port = ();

#trojans
$trojan{'0'}="REx";
$trojan{'2'}="Death";
$trojan{'5'}="yoyo";
$trojan{'11'}="Skun";
$trojan{'16'}="Skun";
$trojan{'17'}="Skun";
$trojan{'18'}="Skun";
$trojan{'19'}="Skun";
$trojan{'20'}="Amanda";
$trojan{'21'}="ADMworm, Back Construction";
$trojan{'22'}="InCommand, Shaft, Skun";
$trojan{'23'}="ADMworm";
$trojan{'25'}="Antigen, Barok, BSE";
$trojan{'27'}="Assasin";
$trojan{'28'}="Amanda";
$trojan{'29'}="msg-icp";
$trojan{'30'}="Agent40421";
$trojan{'31'}="Agent40421";
$trojan{'33'}="dsp";
$trojan{'37'}="ADMworm";
$trojan{'38'}="RAP";
$trojan{'39'}="SubSARI";
$trojan{'41'}="DeepThroat, Foreplay";
$trojan{'44'}="Arctic";
$trojan{'49'}="TACACS, Login Host Protocol";
$trojan{'50'}="RMCP, re-mail-ck";
$trojan{'51'}="FuckLamers Backdoor";
$trojan{'52'}="MuSka52, Skun";
$trojan{'53'}="ADMworm, li0n, MscanWorm";
$trojan{'54'}="MuSka52";
$trojan{'59'}="NFILE";
$trojan{'63'}="whois++";
$trojan{'66'}="AL-Bareki";
$trojan{'69'}="BackGateKit, Nimda, Pasana";
$trojan{'70'}="ADMworm";
$trojan{'79'}="ADMworm, Firehotcker";
$trojan{'80'}="711trojan (Seven Eleven)";
$trojan{'81'}="Asylum";
$trojan{'96'}="DIXIE";
$trojan{'98'}="linuxconf";
$trojan{'101'}="Skun";
$trojan{'102'}="Delf, Skun";
$trojan{'103'}="Skun";
$trojan{'105'}="NerTe";
$trojan{'106'}="poppassd";
$trojan{'107'}="Skun";
$trojan{'109'}="ADMworm";
$trojan{'110'}="ADMworm";
$trojan{'111'}="ADMworm, MscanWorm";
$trojan{'113'}="ADMworm, Alicia, Cyn";
$trojan{'120'}="Skun";
$trojan{'121'}="AttackBot, God Message";
$trojan{'123'}="NetController";
$trojan{'124'}="SecureID";
$trojan{'129'}="PWDGEN";
$trojan{'133'}="statsrv";
$trojan{'135'}="loc-srv/epmap";
$trojan{'137'}="Chode, Nimda";
$trojan{'138'}="Chode, Nimda";
$trojan{'139'}="Chode, Fire HacKer, Msinit";
$trojan{'143'}="ADMworm";
$trojan{'144'}="NewS";
$trojan{'146'}="Infector";
$trojan{'152'}="BFTP";
$trojan{'153'}="SGMP";
$trojan{'166'}="NokNok";
$trojan{'170'}="A-trojan";
$trojan{'171'}="A-trojan";
$trojan{'175'}="vmnet";
$trojan{'180'}="SLmail admin";
$trojan{'200'}="CyberSpy";
$trojan{'201'}="OneWindows Trojan";
$trojan{'202'}="OneWindows Trojan, Skun";
$trojan{'211'}="OneWindows Trojan";
$trojan{'212'}="OneWindows Trojan";
$trojan{'218'}="MPP";
$trojan{'221'}="Snape";
$trojan{'222'}="NeuroticKat, Snape";
$trojan{'230'}="Skun";
$trojan{'231'}="Skun";
$trojan{'232'}="Skun";
$trojan{'259'}="ESRO";
$trojan{'264'}="FW1_topo";
$trojan{'285'}="Delf";
$trojan{'299'}="OneWindows Trojan";
$trojan{'311'}="Apple WebAdmin";
$trojan{'334'}="Backage";
$trojan{'335'}="Nautical";
$trojan{'350'}="MATIP type A";
$trojan{'351'}="MATIP type B";
$trojan{'363'}="RSVP tunnel";
$trojan{'366'}="ODMR (On-Demand Mail Relay)";
$trojan{'370'}="NeuroticKat";
$trojan{'387'}="AppleTalk Update-Based Routing Protocol";
$trojan{'389'}="LDAP";
$trojan{'400'}="Argentino";
$trojan{'401'}="OneWindows Trojan";
$trojan{'402'}="OneWindows Trojan";
$trojan{'407'}="Timbuktu";
$trojan{'411'}="Backage";
$trojan{'420'}="Breach";
$trojan{'434'}="Mobile IP";
$trojan{'443'}="Slapper";
$trojan{'444'}="snpp, Simple Network Paging Protocol";
$trojan{'445'}="Nimda";
$trojan{'455'}="FatalConnections";
$trojan{'458'}="QuickTime TV/Conferencing";
$trojan{'468'}="Photuris";
$trojan{'500'}="ISAKMP, pluto";
$trojan{'511'}="T0rnRootkit";
$trojan{'513'}="ADMworm";
$trojan{'514'}="ADMworm";
$trojan{'515'}="MscanWorm, Ramen";
$trojan{'521'}="RIPng";
$trojan{'522'}="ULS";
$trojan{'531'}="IRC";
$trojan{'543'}="KLogin, AppleShare over IP";
$trojan{'545'}="QuickTime";
$trojan{'548'}="AFP";
$trojan{'554'}="Real Time Streaming Protocol";
$trojan{'555'}="711trojan (Seven Eleven)";
$trojan{'563'}="NNTP over SSL";
$trojan{'564'}="Oracle";
$trojan{'575'}="VEMMI";
$trojan{'581'}="Bundle Discovery Protocol";
$trojan{'589'}="Assasin";
$trojan{'593'}="MS-RPC";
$trojan{'600'}="SweetHeart";
$trojan{'608'}="SIFT/UFT";
$trojan{'623'}="RTB666";
$trojan{'626'}="Apple ASIA";
$trojan{'631'}="IPP (Internet Printing Protocol)";
$trojan{'635'}="ADMworm";
$trojan{'636'}="sldap";
$trojan{'642'}="EMSD";
$trojan{'648'}="RRP (NSI Registry Registrar Protocol)";
$trojan{'650'}="Assasin";
$trojan{'655'}="tinc";
$trojan{'660'}="Apple MacOS Server Admin";
$trojan{'661'}="NokNok";
$trojan{'666'}="AttackFTP";
$trojan{'667'}="NokNok, SniperNet";
$trojan{'668'}="Unicorn";
$trojan{'669'}="DPtrojan, SniperNet";
$trojan{'674'}="ACAP";
$trojan{'680'}="RTB666";
$trojan{'687'}="AppleShare IP Registry";
$trojan{'692'}="GayOL";
$trojan{'700'}="REx";
$trojan{'705'}="AgentX for SNMP";
$trojan{'777'}="Undetected";
$trojan{'798'}="Oracle";
$trojan{'808'}="WinHole";
$trojan{'831'}="NeuroticKat";
$trojan{'901'}="Net-Devil, Pest";
$trojan{'902'}="Net-Devil, Pest";
$trojan{'903'}="Net-Devil";
$trojan{'911'}="DarkShadow, Dark Shadow";
$trojan{'956'}="CratPro";
$trojan{'991'}="Snape";
$trojan{'992'}="Snape";
$trojan{'993'}="s-imap";
$trojan{'995'}="s-pop";
$trojan{'999'}="DeepThroat, Foreplay";
$trojan{'1000'}="DerSpäher / Der Spaeher";
$trojan{'1001'}="DerSpäher / Der Spaeher";
$trojan{'1005'}="Pest, Theef";
$trojan{'1008'}="AutoSpY, li0n";
$trojan{'1010'}="DolyTrojan";
$trojan{'1011'}="DolyTrojan";
$trojan{'1012'}="DolyTrojan";
$trojan{'1015'}="DolyTrojan";
$trojan{'1016'}="DolyTrojan";
$trojan{'1020'}="Vampire";
$trojan{'1024'}="Latinus, Lithium, NetSpy";
$trojan{'1025'}="AcidkoR, BDDT";
$trojan{'1026'}="BDDT, Dark IRC";
$trojan{'1027'}="Clandestine";
$trojan{'1028'}="DataSpyNetwork X, Dosh";
$trojan{'1029'}="Clandestine, KWM, Litmus";
$trojan{'1030'}="Gibbon, KWM";
$trojan{'1031'}="KWM, Little Witch, Xanadu";
$trojan{'1032'}="Akosch4, Dosh, KWM";
$trojan{'1033'}="Dosh, KWM, Little Witch";
$trojan{'1034'}="KWM";
$trojan{'1035'}="Dosh, KWM, RemoteNC";
$trojan{'1036'}="KWM";
$trojan{'1037'}="Arctic, Dosh, KWM, MoSucker";
$trojan{'1039'}="Dosh";
$trojan{'1041'}="Dosh, RemoteNC";
$trojan{'1042'}="BLAtrojan";
$trojan{'1043'}="Dosh";
$trojan{'1044'}="Ptakks";
$trojan{'1047'}="RemoteNC";
$trojan{'1049'}="Delf, The Hobbit Daemon";
$trojan{'1052'}="FireHacKer, Slapper";
$trojan{'1053'}="TheThief";
$trojan{'1054'}="AckCmd, RemoteNC";
$trojan{'1062'}="Veracity";
$trojan{'1080'}="SubSeven2.2, WinHole";
$trojan{'1081'}="WinHole";
$trojan{'1082'}="WinHole";
$trojan{'1083'}="WinHole";
$trojan{'1085'}="WebObjects";
$trojan{'1092'}="HvlRAT";
$trojan{'1093'}="proofd";
$trojan{'1094'}="rootd";
$trojan{'1095'}="BloodFest Evolution";
$trojan{'1097'}="BloodFest Evolution";
$trojan{'1098'}="BloodFest Evolution";
$trojan{'1099'}="BloodFest Evolution";
$trojan{'1108'}="ratio-adp";
$trojan{'1111'}="Daodan, Ultors Trojan";
$trojan{'1115'}="Lurker, Protoss";
$trojan{'1116'}="Lurker";
$trojan{'1122'}="Last2000, Singularity";
$trojan{'1133'}="SweetHeart";
$trojan{'1150'}="Orion";
$trojan{'1151'}="Orion";
$trojan{'1160'}="BlackRat";
$trojan{'1166'}="CrazzyNet";
$trojan{'1167'}="CrazzyNet";
$trojan{'1170'}="PsyberStream Server, Voice";
$trojan{'1180'}="Unin68";
$trojan{'1182'}="Sobig.a (BigBoss) virus";
$trojan{'1183'}="Cyn, SweetHeart";
$trojan{'1207'}="SoftWAR";
$trojan{'1208'}="Infector";
$trojan{'1212'}="Kaos";
$trojan{'1214'}="Kazaa";
$trojan{'1215'}="Force";
$trojan{'1218'}="Force";
$trojan{'1219'}="Force";
$trojan{'1221'}="FuckLamers Backdoor";
$trojan{'1222'}="FuckLamers Backdoor";
$trojan{'1227'}="DNS2Go";
$trojan{'1234'}="KiLo, Ultors Trojan";
$trojan{'1243'}="BackDoor-G, SubSeven, Tiles";
$trojan{'1245'}="VooDooDoll";
$trojan{'1255'}="Scarab";
$trojan{'1256'}="ProjectnEXT, RexxRave";
$trojan{'1257'}="Frenzy - Frenzy2000";
$trojan{'1272'}="TheMatrix";
$trojan{'1313'}="NETrojan";
$trojan{'1314'}="Daodan";
$trojan{'1338'}="Millennium Worm";
$trojan{'1349'}="BOdll";
$trojan{'1352'}="Lotus Notes";
$trojan{'1369'}="SubSeven2.2";
$trojan{'1381'}="Apple Network License Manager";
$trojan{'1386'}="Dagger";
$trojan{'1415'}="Last2000, Singularity";
$trojan{'1417'}="Timbuktu";
$trojan{'1418'}="Timbuktu";
$trojan{'1419'}="Timbuktu";
$trojan{'1433'}="VoyagerAlpha Force";
$trojan{'1434'}="Microsoft SQL Monitor";
$trojan{'1441'}="RemoteStorm";
$trojan{'1492'}="FTP99CMP";
$trojan{'1494'}="Citrix ICA Protocol";
$trojan{'1502'}="T.120";
$trojan{'1503'}="T.120";
$trojan{'1521'}="Oracle SQL";
$trojan{'1524'}="Trinoo";
$trojan{'1525'}="prospero";
$trojan{'1526'}="prospero";
$trojan{'1527'}="tlisrv";
$trojan{'1533'}="LiveTutor";
$trojan{'1560'}="BigGluck, Duddie";
$trojan{'1600'}="DirectConnection";
$trojan{'1601'}="DirectConnection";
$trojan{'1602'}="DirectConnection";
$trojan{'1604'}="Citrix ICA, MS Terminal Server";
$trojan{'1645'}="RADIUS Authentication";
$trojan{'1646'}="RADIUS Accounting";
$trojan{'1680'}="Carbon Copy";
$trojan{'1701'}="L2TP/LSF";
$trojan{'1703'}="Exploiter";
$trojan{'1711'}="yoyo";
$trojan{'1717'}="Convoy";
$trojan{'1718'}="Gatekeeper Discovery";
$trojan{'1719'}="Gatekeeper RAS";
$trojan{'1720'}="H.323/Q.931";
$trojan{'1723'}="PPTP control port";
$trojan{'1731'}="Audio Call Control";
$trojan{'1745'}="Qhosts aka (aolfix.exe) trojan";
$trojan{'1755'}="Windows Media .asf";
$trojan{'1758'}="TFTP multicast";
$trojan{'1772'}="NetControle";
$trojan{'1777'}="Scarab";
$trojan{'1812'}="RADIUS server";
$trojan{'1813'}="RADIUS accounting";
$trojan{'1818'}="ETFTP";
$trojan{'1826'}="Glacier";
$trojan{'1833'}="TCC";
$trojan{'1834'}="TCC";
$trojan{'1835'}="TCC";
$trojan{'1836'}="TCC";
$trojan{'1837'}="TCC";
$trojan{'1900'}="MS UPnP";
$trojan{'1905'}="DeltaRemote Access";
$trojan{'1911'}="Arctic";
$trojan{'1966'}="FakeFTP";
$trojan{'1967'}="ForYour Eyes Only";
$trojan{'1973'}="DLSw DCAP/DRAP";
$trojan{'1981'}="Bowl, Shockrave";
$trojan{'1983'}="Q-taz";
$trojan{'1984'}="Intruzzo, Q-taz";
$trojan{'1985'}="BlackDiver, Q-taz";
$trojan{'1986'}="Akosch4";
$trojan{'1991'}="PitFall";
$trojan{'1998'}="cisco X.25 service";
$trojan{'1999'}="BackDoor, SubSeven";
$trojan{'2000'}="A-trojan";
$trojan{'2001'}="DerSpäher / Der Spaeher";
$trojan{'2002'}="Duddie";
$trojan{'2003'}="TransScout";
$trojan{'2004'}="Duddie";
$trojan{'2005'}="Duddie";
$trojan{'2023'}="RipperPro";
$trojan{'2049'}="NFS";
$trojan{'2060'}="Protoss";
$trojan{'2064'}="distributed.net";
$trojan{'2065'}="DLSw";
$trojan{'2066'}="DLSw";
$trojan{'2080'}="WinHole";
$trojan{'2101'}="SweetHeart";
$trojan{'2106'}="MZAP";
$trojan{'2115'}="Bugs";
$trojan{'2140'}="TheInvasor";
$trojan{'2149'}="DeepThroat";
$trojan{'2150'}="R0xr4t";
$trojan{'2156'}="Oracle";
$trojan{'2222'}="SweetHeart, Way";
$trojan{'2281'}="Nautical";
$trojan{'2283'}="HvlRAT";
$trojan{'2300'}="Storm";
$trojan{'2301'}="Compaq Insight Management Web Agents";
$trojan{'2311'}="Studio54";
$trojan{'2327'}="Netscape Conference";
$trojan{'2330'}="IRCContact";
$trojan{'2331'}="IRCContact";
$trojan{'2332'}="IRCContact, Silent Spy";
$trojan{'2333'}="IRCContact";
$trojan{'2334'}="IRCContact, Power";
$trojan{'2335'}="IRCContact";
$trojan{'2336'}="IRCContact";
$trojan{'2337'}="IRCContact";
$trojan{'2338'}="IRCContact";
$trojan{'2339'}="IRCContact, Voice Spy";
$trojan{'2343'}="Asylum";
$trojan{'2345'}="DolyTrojan";
$trojan{'2407'}="yoyo";
$trojan{'2418'}="Intruzzo";
$trojan{'2427'}="MGCP gateway";
$trojan{'2504'}="WLBS";
$trojan{'2535'}="MADCAP";
$trojan{'2543'}="sip";
$trojan{'2555'}="li0n, T0rn Rootkit";
$trojan{'2565'}="Strikertrojan";
$trojan{'2583'}="WinCrash";
$trojan{'2589'}="Dagger";
$trojan{'2592'}="netrek";
$trojan{'2600'}="DigitalRootBeer";
$trojan{'2628'}="DICT";
$trojan{'2702'}="BlackDiver";
$trojan{'2727'}="MGCP call agent";
$trojan{'2772'}="SubSeven";
$trojan{'2773'}="SubSeven, SubSeven 2.1 Gold";
$trojan{'2774'}="SubSeven, SubSeven 2.1 Gold";
$trojan{'2800'}="Theef";
$trojan{'2929'}="Konik";
$trojan{'2983'}="Breach";
$trojan{'2998'}="ISS Real Secure Console Service Port";
$trojan{'3000'}="InetSpy, Remote Shut, Theef";
$trojan{'3006'}="Clandestine";
$trojan{'3024'}="WinCrash";
$trojan{'3031'}="MicroSpy";
$trojan{'3119'}="DeltaRemote Access";
$trojan{'3127'}="MyDoom_A";
$trojan{'3128'}="MyDoom, RingZero";
$trojan{'3129'}="MastersParadise";
$trojan{'3130'}="ICP";
$trojan{'3131'}="SubSARI";
$trojan{'3150'}="DeepThroat, The Invasor";
$trojan{'3215'}="XHX";
$trojan{'3264'}="ccmail";
$trojan{'3283'}="Apple NetAssitant";
$trojan{'3288'}="COPS";
$trojan{'3292'}="Xposure";
$trojan{'3295'}="Xposure";
$trojan{'3305'}="ODETTE";
$trojan{'3306'}="mySQL";
$trojan{'3333'}="Daodan";
$trojan{'3389'}="RDP Protocol (Terminal Server)";
$trojan{'3410'}="OptixPro";
$trojan{'3417'}="Xposure";
$trojan{'3418'}="Xposure";
$trojan{'3456'}="Fear, Force, Terror trojan";
$trojan{'3459'}="Eclipse2000, Sanctuary";
$trojan{'3505'}="AutoSpY";
$trojan{'3521'}="netrek";
$trojan{'3700'}="Portalof Doom";
$trojan{'3721'}="Whirlpool";
$trojan{'3723'}="Mantis";
$trojan{'3777'}="PsychWard";
$trojan{'3791'}="TotalSolar Eclypse";
$trojan{'3800'}="TotalSolar Eclypse";
$trojan{'3801'}="TotalSolar Eclypse";
$trojan{'3945'}="DeltaRemote Access";
$trojan{'3996'}="RemoteAnything";
$trojan{'3997'}="RemoteAnything";
$trojan{'3999'}="RemoteAnything";
$trojan{'4000'}="RemoteAnything, SkyDance";
$trojan{'4092'}="WinCrash";
$trojan{'4128'}="RedShad";
$trojan{'4201'}="Wartrojan";
$trojan{'4210'}="Netkey";
$trojan{'4211'}="Netkey";
$trojan{'4225'}="SilentSpy";
$trojan{'4242'}="VirtualHacking Machine - VHM";
$trojan{'4315'}="Power";
$trojan{'4321'}="BoBo";
$trojan{'4333'}="mSQL";
$trojan{'4414'}="AL-Bareki";
$trojan{'4442'}="Oracle";
$trojan{'4444'}="CrackDown, Oracle, Prosiak";
$trojan{'4445'}="Oracle";
$trojan{'4447'}="Oracle";
$trojan{'4449'}="Oracle";
$trojan{'4451'}="Oracle";
$trojan{'4480'}="proxy-plus";
$trojan{'4488'}="EventHorizon";
$trojan{'4489'}="Brown Orifice??";
$trojan{'4567'}="FileNail";
$trojan{'4653'}="Cero";
$trojan{'4666'}="Mneah";
$trojan{'4700'}="Theef";
$trojan{'4827'}="HTCP";
$trojan{'4836'}="Power";
$trojan{'4899'}="Radmin, JDeveloperPro";
$trojan{'5000'}="BackDoor Setup, Bubbel";
$trojan{'5001'}="BackDoor Setup";
$trojan{'5002'}="Shaft";
$trojan{'5004'}="RTP";
$trojan{'5005'}="Aladino";
$trojan{'5010'}="Yahoo! Messenger";
$trojan{'5011'}="PeanutBrittle";
$trojan{'5025'}="WMRemote KeyLogger";
$trojan{'5031'}="NetMetropolitan";
$trojan{'5032'}="NetMetropolitan";
$trojan{'5050'}="R0xr4t";
$trojan{'5060'}="SIP";
$trojan{'5135'}="Bmail";
$trojan{'5150'}="Pizza";
$trojan{'5151'}="OptixLite";
$trojan{'5152'}="Laphex";
$trojan{'5155'}="Oracle";
$trojan{'5190'}="AIM";
$trojan{'5191'}="Aol Instant Messenger";
$trojan{'5192'}="Aol Instant Messenger";
$trojan{'5193'}="Aol Instant Messenger";
$trojan{'5221'}="NOSecure";
$trojan{'5250'}="Pizza";
$trojan{'5321'}="Firehotcker";
$trojan{'5333'}="Backage";
$trojan{'5350'}="Pizza";
$trojan{'5377'}="Iani";
$trojan{'5400'}="BackConstruction";
$trojan{'5401'}="BackConstruction";
$trojan{'5402'}="BackConstruction";
$trojan{'5418'}="DarkSky";
$trojan{'5419'}="DarkSky";
$trojan{'5423'}="Apple VirtualUser";
$trojan{'5430'}="NetAdvance";
$trojan{'5433'}="postgreSQL, Stunnel";
$trojan{'5450'}="Pizza";
$trojan{'5490'}="LNVALARM Access";
$trojan{'5500'}="securid";
$trojan{'5501'}="securidprop";
$trojan{'5503'}="RemoteShell";
$trojan{'5534'}="TheFlu";
$trojan{'5550'}="Pizza";
$trojan{'5555'}="Daodan, NoXcape";
$trojan{'5556'}="BOFacil";
$trojan{'5557'}="BOFacil";
$trojan{'5569'}="Robo-Hack";
$trojan{'5631'}="PCAnywhere data";
$trojan{'5632'}="PCAnywhere";
$trojan{'5650'}="Pizza";
$trojan{'5669'}="SpArTa";
$trojan{'5679'}="Nautical";
$trojan{'5695'}="Assasin";
$trojan{'5696'}="Assasin";
$trojan{'5697'}="Assasin";
$trojan{'5742'}="WinCrash";
$trojan{'5800'}="VNC";
$trojan{'5801'}="VNC";
$trojan{'5802'}="Y3KRAT";
$trojan{'5873'}="SubSeven2.2";
$trojan{'5880'}="Y3KRAT";
$trojan{'5882'}="Y3KRAT";
$trojan{'5888'}="Y3KRAT";
$trojan{'5889'}="Y3KRAT";
$trojan{'5900'}="VNC";
$trojan{'5901'}="VNC";
$trojan{'5933'}="NOSecure";
$trojan{'6000'}="Aladino, NetBus, The Thing";
$trojan{'6006'}="BadBlood";
$trojan{'6112'}="BattleNet, CDE";
$trojan{'6129'}="Dameware";
$trojan{'6267'}="DarkSky";
$trojan{'6346'}="Gnutella";
$trojan{'6400'}="TheThing";
$trojan{'6502'}="Netscape Conference";
$trojan{'6521'}="Oracle";
$trojan{'6526'}="Glacier";
$trojan{'6556'}="AutoSpY";
$trojan{'6588'}="AnalogX Proxy Server";
$trojan{'6660'}="IRC Chat";
$trojan{'6661'}="Weia-Meia";
$trojan{'6662'}="IRC Chat";
$trojan{'6663'}="IRC Chat";
$trojan{'6664'}="IRC Chat";
$trojan{'6665'}="IRC Chat";
$trojan{'6666'}="AL-Bareki, KiLo, SpArTa";
$trojan{'6667'}="Acropolis, BlackRat";
$trojan{'6668'}="IRC Chat";
$trojan{'6669'}="HostControl, Vampire";
$trojan{'6670'}="BackWebServer, Deep Throat";
$trojan{'6697'}="Force";
$trojan{'6699'}="napster";
$trojan{'6711'}="BackDoor-G, Duddie, KiLo";
$trojan{'6712'}="Funnytrojan, KiLo, Spadeace";
$trojan{'6713'}="KiLo, SubSeven";
$trojan{'6714'}="KiLo";
$trojan{'6715'}="KiLo";
$trojan{'6718'}="KiLo";
$trojan{'6723'}="Mstream";
$trojan{'6766'}="KiLo";
$trojan{'6767'}="KiLo, Pasana, UandMe";
$trojan{'6771'}="DeepThroat, Foreplay";
$trojan{'6776'}="2000Cracks, BackDoor-G";
$trojan{'6891'}="Force";
$trojan{'6912'}="ShitHeep";
$trojan{'6969'}="2000Cracks, BlitzNet";
$trojan{'6970'}="GateCrasher";
$trojan{'7000'}="Aladino, Gunsan";
$trojan{'7001'}="Freak88, Freak2k";
$trojan{'7007'}="SilentSpy";
$trojan{'7020'}="BasicHell";
$trojan{'7030'}="BasicHell";
$trojan{'7070'}="RealServer/QuickTime";
$trojan{'7119'}="Massaker";
$trojan{'7215'}="SubSeven, SubSeven 2.1 Gold";
$trojan{'7274'}="AutoSpY";
$trojan{'7290'}="NOSecure";
$trojan{'7291'}="NOSecure";
$trojan{'7300'}="NetSpy";
$trojan{'7301'}="NetSpy";
$trojan{'7306'}="NetSpy";
$trojan{'7307'}="NetSpy";
$trojan{'7308'}="NetSpy, X Spy";
$trojan{'7312'}="Yajing";
$trojan{'7410'}="PhoenixII";
$trojan{'7424'}="HostControl";
$trojan{'7441'}="LNVALARM Access";
$trojan{'7597'}="Qaz";
$trojan{'7626'}="Glacier";
$trojan{'7648'}="XHX";
$trojan{'7649'}="CU-SeeMe";
$trojan{'7673'}="Neoturk";
$trojan{'7676'}="Neoturk";
$trojan{'7677'}="Neoturk";
$trojan{'7718'}="Glacier";
$trojan{'7722'}="KiLo";
$trojan{'7777'}="GodMessage";
$trojan{'7778'}="Unreal";
$trojan{'7788'}="Last2000, Last 2000";
$trojan{'7789'}="BackDoor Setup";
$trojan{'7800'}="Paltalk";
$trojan{'7826'}="Oblivion";
$trojan{'7850'}="Paltalk";
$trojan{'7878'}="Paltalk";
$trojan{'7879'}="Paltalk";
$trojan{'7979'}="VagrNocker";
$trojan{'8000'}="Shoutcast WWW Server Hack";
$trojan{'8001'}="VCOM Tunnel";
$trojan{'8002'}="Teradata ORDMBS";
$trojan{'8004'}="IExchange https proxy";
$trojan{'8005'}="IExchange https proxy";
$trojan{'8010'}="WinGate 2.1";
$trojan{'8011'}="Way";
$trojan{'8012'}="Ptakks";
$trojan{'8080'}="ReverseWWW Tunnel Backdoor";
$trojan{'8081'}="Tomcat 4 proxy";
$trojan{'8090'}="Aphex'sRemote Packet Sniffer";
$trojan{'8097'}="KryptonicGhost Command Pro";
$trojan{'8100'}="Backstreets";
$trojan{'8110'}="DLP";
$trojan{'8111'}="DLP";
$trojan{'8127'}="9_119, Chonker";
$trojan{'8130'}="9_119, Chonker, DLP";
$trojan{'8131'}="DLP";
$trojan{'8180'}="Aplore/Aphex/Bloodhound worm";
$trojan{'8181'}="HTTP";
$trojan{'8301'}="DLP";
$trojan{'8302'}="DLP";
$trojan{'8311'}="SweetHeart";
$trojan{'8322'}="DLP";
$trojan{'8329'}="DLP";
$trojan{'8383'}="IMail WWW";
$trojan{'8489'}="KiLo";
$trojan{'8685'}="Unin68";
$trojan{'8732'}="KryptonicGhost Command Pro";
$trojan{'8734'}="AutoSpY";
$trojan{'8787'}="BackOrifice 2000";
$trojan{'8811'}="Fear";
$trojan{'8812'}="FraggleRockLite";
$trojan{'8821'}="Alicia";
$trojan{'8848'}="Whirlpool";
$trojan{'8864'}="Whirlpool";
$trojan{'8875'}="napster";
$trojan{'8888'}="DarkIRC";
$trojan{'9000'}="Netministrator";
$trojan{'9090'}="Aphex'sRemote Packet Sniffer";
$trojan{'9100'}="Backdoor.Cabro";
$trojan{'9117'}="Massaker";
$trojan{'9148'}="Nautical";
$trojan{'9273'}="trojan Wingate 3.0";
$trojan{'9274'}="trojan Wingate 3.0";
$trojan{'9275'}="trojan Wingate 3.0";
$trojan{'9276'}="trojan Wingate 3.0";
$trojan{'9277'}="trojan Wingate 3.0";
$trojan{'9278'}="trojan Wingate 3.0";
$trojan{'9301'}="DLP";
$trojan{'9329'}="DLP";
$trojan{'9400'}="InCommand";
$trojan{'9401'}="InCommand";
$trojan{'9536'}="Lula";
$trojan{'9561'}="CratPro";
$trojan{'9563'}="CratPro";
$trojan{'9666'}="RabbIT2";
$trojan{'9870'}="RemoteComputer Control Center";
$trojan{'9872'}="Portalof Doom";
$trojan{'9873'}="Portalof Doom";
$trojan{'9874'}="Portalof Doom";
$trojan{'9875'}="Portalof Doom";
$trojan{'9876'}="Rux";
$trojan{'9877'}="SmallBig Brother";
$trojan{'9878'}="SmallBig Brother";
$trojan{'9879'}="SmallBig Brother";
$trojan{'9919'}="KryptonicGhost Command Pro";
$trojan{'9999'}="BlitzNet, Oracle, Spadeace";
$trojan{'10000'}="Oracle, TCP Door, XHX";
$trojan{'10001'}="DTr, Lula";
$trojan{'10002'}="Lula";
$trojan{'10003'}="Lula";
$trojan{'10008'}="li0n";
$trojan{'10012'}="Amanda";
$trojan{'10013'}="Amanda";
$trojan{'10067'}="Portalof Doom";
$trojan{'10080'}="alternate www, MyDoom";
$trojan{'10084'}="Syphillis";
$trojan{'10085'}="Syphillis";
$trojan{'10086'}="Syphillis";
$trojan{'10100'}="ControlTotal, GiFt trojan";
$trojan{'10167'}="Portalof Doom";
$trojan{'10168'}="Lovgates remote control";
$trojan{'10520'}="AcidShivers";
$trojan{'10528'}="HostControl";
$trojan{'10607'}="Coma";
$trojan{'10887'}="BDDT";
$trojan{'10889'}="BDDT";
$trojan{'11000'}="DataRape";
$trojan{'11011'}="Amanda";
$trojan{'11050'}="HostControl";
$trojan{'11051'}="HostControl";
$trojan{'11111'}="Breach";
$trojan{'11223'}="Progenictrojan";
$trojan{'11225'}="Cyn";
$trojan{'11371'}="PGP 5 Keyserver";
$trojan{'11660'}="Backstreets";
$trojan{'11718'}="KryptonicGhost Command Pro";
$trojan{'11831'}="DarkFace, DataRape, Latinus";
$trojan{'11977'}="CoolRemote Control";
$trojan{'11978'}="CoolRemote Control";
$trojan{'11980'}="CoolRemote Control";
$trojan{'12000'}="ReverseTrojan";
$trojan{'12310'}="PreCursor";
$trojan{'12321'}="Protoss";
$trojan{'12345'}="Ashley, BlueIce 2000, Mypic";
$trojan{'12346'}="NetBus";
$trojan{'12348'}="BioNet";
$trojan{'12349'}="BioNet, The Saint";
$trojan{'12361'}="Whack-a-mole";
$trojan{'12362'}="Whack-a-mole";
$trojan{'12363'}="Whack-a-mole";
$trojan{'12623'}="ButtMan";
$trojan{'12624'}="ButtMan, Power";
$trojan{'12631'}="WhackJob";
$trojan{'12684'}="Power";
$trojan{'12754'}="Mstream";
$trojan{'12904'}="Rocks";
$trojan{'13000'}="SennaSpy Trojan Generator";
$trojan{'13013'}="PsychWard";
$trojan{'13014'}="PsychWard";
$trojan{'13028'}="Backstreets";
$trojan{'13079'}="KryptonicGhost Command Pro";
$trojan{'13223'}="PowWow";
$trojan{'13224'}="PowWow";
$trojan{'13370'}="SpArTa";
$trojan{'13371'}="OptixPro";
$trojan{'13500'}="Theef";
$trojan{'13753'}="AnalFTP";
$trojan{'14194'}="CyberSpy";
$trojan{'14237'}="Palm";
$trojan{'14238'}="Palm";
$trojan{'14285'}="Laocoon";
$trojan{'14286'}="Laocoon";
$trojan{'14287'}="Laocoon";
$trojan{'14500'}="PCInvader";
$trojan{'14501'}="PCInvader";
$trojan{'14502'}="PCInvader";
$trojan{'14503'}="PCInvader";
$trojan{'15000'}="InRoute to the Hell, R0xr4t";
$trojan{'15092'}="HostControl";
$trojan{'15104'}="Mstream";
$trojan{'15206'}="KiLo";
$trojan{'15207'}="KiLo";
$trojan{'15382'}="SubZero";
$trojan{'15432'}="Cyn";
$trojan{'15485'}="KiLo";
$trojan{'15486'}="KiLo";
$trojan{'15500'}="InRoute to the Hell";
$trojan{'15512'}="Iani";
$trojan{'15551'}="InRoute to the Hell";
$trojan{'15695'}="KryptonicGhost Command Pro";
$trojan{'15852'}="KryptonicGhost Command Pro";
$trojan{'16057'}="MoonPie";
$trojan{'16484'}="MoSucker";
$trojan{'16514'}="KiLo";
$trojan{'16515'}="KiLo";
$trojan{'16523'}="Backstreets";
$trojan{'16660'}="Stacheldraht";
$trojan{'16712'}="KiLo";
$trojan{'16761'}="KryptonicGhost Command Pro";
$trojan{'16959'}="SubSeven";
$trojan{'17166'}="Mosaic";
$trojan{'17300'}="Milkit trojan";
$trojan{'17449'}="KidTerror";
$trojan{'17499'}="CrazzyNet";
$trojan{'17500'}="CrazzyNet";
$trojan{'17569'}="Infector";
$trojan{'17593'}="AudioDoor";
$trojan{'17777'}="Nephron";
$trojan{'18888'}="LiquidAudio";
$trojan{'19191'}="BlueFire";
$trojan{'19216'}="BackGateKit";
$trojan{'20000'}="Millenium, PSYcho Files";
$trojan{'20001'}="Insect, Millenium";
$trojan{'20002'}="AcidkoR, PSYcho Files";
$trojan{'20005'}="MoSucker";
$trojan{'20023'}="VPKiller";
$trojan{'20034'}="NetBus2.0 Pro";
$trojan{'20168'}="Lovgates remote control";
$trojan{'20331'}="BLAtrojan";
$trojan{'20432'}="Shaft";
$trojan{'21157'}="Activision";
$trojan{'21212'}="Sensive";
$trojan{'21544'}="GirlFriend, Kid Terror";
$trojan{'21554'}="Exploiter, FreddyK";
$trojan{'21579'}="Breach";
$trojan{'21957'}="Latinus";
$trojan{'22115'}="Cyn";
$trojan{'22222'}="DonaldDick, G.R.O.B.";
$trojan{'22223'}="RUXThe TIc.K";
$trojan{'22456'}="Clandestine";
$trojan{'22554'}="Schwindler";
$trojan{'22783'}="Intruzzo";
$trojan{'22784'}="Intruzzo";
$trojan{'22785'}="Intruzzo";
$trojan{'23000'}="Stormworm";
$trojan{'23001'}="Stormworm";
$trojan{'23005'}="NetTrash, Oxon";
$trojan{'23006'}="NetTrash, Oxon";
$trojan{'23023'}="Logged";
$trojan{'23032'}="Amanda";
$trojan{'23213'}="PowWow";
$trojan{'23214'}="PowWow";
$trojan{'23321'}="Konik";
$trojan{'23432'}="Asylum";
$trojan{'23456'}="Clandestine, Evil FTP";
$trojan{'23476'}="DonaldDick";
$trojan{'23477'}="DonaldDick";
$trojan{'23777'}="InetSpy";
$trojan{'24000'}="Infector";
$trojan{'24289'}="Latinus";
$trojan{'25002'}="MOTD";
$trojan{'25123'}="Goy'ZTroJan";
$trojan{'25555'}="FreddyK";
$trojan{'25685'}="MoonPie";
$trojan{'25686'}="DarkFace, MoonPie";
$trojan{'25799'}="FreddyK";
$trojan{'25867'}="Ring0 trojan";
$trojan{'25885'}="MOTD";
$trojan{'25982'}="DarkFace, MoonPie";
$trojan{'26000'}="Quake";
$trojan{'26681'}="VoiceSpy";
$trojan{'27001'}="QuakeWorld";
$trojan{'27010'}="Half-Life";
$trojan{'27015'}="Half-Life";
$trojan{'27160'}="MoonPie";
$trojan{'27184'}="Alvgustrojan 2000";
$trojan{'27373'}="Charge";
$trojan{'27374'}="BadBlood, Fake SubSeven";
$trojan{'27379'}="OptixLite";
$trojan{'27573'}="SubSeven";
$trojan{'27665'}="Trinoo";
$trojan{'27960'}="QuakeIII";
$trojan{'28218'}="Oracle";
$trojan{'28431'}="Hack´a´Tack";
$trojan{'28678'}="Exploiter";
$trojan{'29104'}="NETrojan, NetTrojan";
$trojan{'29292'}="BackGateKit";
$trojan{'29559'}="AntiLamerBackDoor, DarkFace";
$trojan{'29589'}="KiLo";
$trojan{'29891'}="TheUnexplained";
$trojan{'29999'}="AntiLamerBackDoor";
$trojan{'30000'}="DataRape, Infector";
$trojan{'30001'}="Err0r32";
$trojan{'30005'}="Litmus";
$trojan{'30029'}="AOL Admin";
$trojan{'30100'}="NetSphere";
$trojan{'30101'}="NetSphere";
$trojan{'30102'}="NetSphere";
$trojan{'30103'}="NetSphere";
$trojan{'30133'}="NetSphere";
$trojan{'30303'}="Socketsdes Troie";
$trojan{'30331'}="MuSka52";
$trojan{'30464'}="Slapper";
$trojan{'30700'}="Mantis";
$trojan{'30947'}="Intruse";
$trojan{'31320'}="LittleWitch";
$trojan{'31335'}="Trinoo";
$trojan{'31336'}="ButtFunnel";
$trojan{'31337'}="ADMworm, Back Fire";
$trojan{'31338'}="BackOrifice, Butt Funnel";
$trojan{'31339'}="LittleWitch, NetSpy (DK)";
$trojan{'31340'}="LittleWitch";
$trojan{'31382'}="Lithium";
$trojan{'31415'}="Lithium";
$trojan{'31416'}="Lithium";
$trojan{'31557'}="Xanadu";
$trojan{'31745'}="BuschTrommel";
$trojan{'31785'}="Hack´a´Tack";
$trojan{'31787'}="Hack´a´Tack";
$trojan{'31788'}="Hack´a´Tack";
$trojan{'31789'}="Hack´a´Tack";
$trojan{'31790'}="Hack´a´Tack";
$trojan{'31791'}="Hack´a´Tack";
$trojan{'31792'}="Hack´a´Tack";
$trojan{'31887'}="BDDT";
$trojan{'32000'}="BDDT";
$trojan{'32001'}="DonaldDick";
$trojan{'32100'}="PeanutBrittle, Project nEXT";
$trojan{'32418'}="AcidBattery";
$trojan{'32773'}="rpc.ttdbserverd";
$trojan{'32776'}="rpc.spray";
$trojan{'32777'}="rpc.walld";
$trojan{'32779'}="rpc.cmsd";
$trojan{'32791'}="Acropolis, Rocks";
$trojan{'33270'}="Trinity";
$trojan{'33333'}="Prosiak";
$trojan{'33545'}="G.R.O.B.";
$trojan{'33567'}="li0n, T0rn Rootkit";
$trojan{'33568'}="li0n, T0rn Rootkit";
$trojan{'33577'}="Sonof PsychWard";
$trojan{'33777'}="Sonof PsychWard";
$trojan{'33911'}="Spirit2000, Spirit 2001";
$trojan{'34312'}="Delf";
$trojan{'34313'}="Delf";
$trojan{'34324'}="BigGluck";
$trojan{'34343'}="Osiris";
$trojan{'34444'}="DonaldDick";
$trojan{'34816'}="Dirt, Backdoor.SubSari15 trojan";
$trojan{'35000'}="Infector";
$trojan{'35600'}="SubSARI";
$trojan{'36794'}="Bugbear";
$trojan{'37237'}="Mantis";
$trojan{'37651'}="Charge";
$trojan{'38036'}="timestep";
$trojan{'38741'}="CyberSpy";
$trojan{'38742'}="CyberSpy";
$trojan{'40071'}="Ducktoy";
$trojan{'40193'}="Novell";
$trojan{'40308'}="SubSARI";
$trojan{'40412'}="TheSpy";
$trojan{'40421'}="Agent40421";
$trojan{'40422'}="MastersParadise";
$trojan{'40423'}="MastersParadise";
$trojan{'40425'}="MastersParadise";
$trojan{'40426'}="MastersParadise";
$trojan{'41337'}="Storm";
$trojan{'41524'}="arcserve discovery";
$trojan{'41666'}="RemoteBoot Tool";
$trojan{'43981'}="NewareIP";
$trojan{'44014'}="Iani";
$trojan{'44444'}="Prosiak";
$trojan{'44575'}="Exploiter";
$trojan{'44767'}="SchoolBus";
$trojan{'45000'}="Cisco NetRanger postofficed";
$trojan{'45092'}="BackGateKit";
$trojan{'45295'}="Firebird DB trojan";
$trojan{'45454'}="Osiris";
$trojan{'45632'}="LittleWitch";
$trojan{'45673'}="Acropolis, Rocks";
$trojan{'46666'}="Taskman";
$trojan{'47017'}="T0rnRootkit";
$trojan{'47698'}="KiLo";
$trojan{'47785'}="KiLo";
$trojan{'47891'}="AntiLamerBackDoor";
$trojan{'48004'}="FraggleRock";
$trojan{'48006'}="FraggleRock";
$trojan{'48512'}="Arctic";
$trojan{'49000'}="FraggleRock";
$trojan{'49683'}="Fenster";
$trojan{'50000'}="SubSARI";
$trojan{'50021'}="OptixPro";
$trojan{'50130'}="Enterprise";
$trojan{'50505'}="Socketsdes Troie";
$trojan{'50551'}="R0xr4t";
$trojan{'50552'}="R0xr4t";
$trojan{'50766'}="Schwindler";
$trojan{'50829'}="KiLo";
$trojan{'51234'}="Cyn";
$trojan{'51966'}="Cafeini";
$trojan{'52365'}="Way";
$trojan{'53001'}="RemoteWindows Shutdown - RWS";
$trojan{'54283'}="SubSeven, SubSeven 2.1 Gold";
$trojan{'54320'}="BackOrifice 2000";
$trojan{'54321'}="BackOrifice 2000";
$trojan{'55165'}="FileManager trojan";
$trojan{'55555'}="ShadowPhyre";
$trojan{'55665'}="Latinus, Pinochet";
$trojan{'55666'}="Latinus, Pinochet";
$trojan{'56565'}="Osiris";
$trojan{'57163'}="BlackRat";
$trojan{'57341'}="NetRaider";
$trojan{'57785'}="G.R.O.B.";
$trojan{'58134'}="Charge";
$trojan{'58339'}="ButtFunnel";
$trojan{'59211'}="Ducktoy";
$trojan{'60000'}="DeepThroat, Foreplay";
$trojan{'60001'}="Trinity";
$trojan{'60008'}="li0n, T0rn Rootkit";
$trojan{'60068'}="TheThing";
$trojan{'60411'}="Connection";
$trojan{'60551'}="R0xr4t";
$trojan{'60552'}="R0xr4t";
$trojan{'60666'}="BasicHell";
$trojan{'61115'}="Protoss";
$trojan{'61337'}="Nota";
$trojan{'61348'}="Bunker-Hill";
$trojan{'61440'}="Orion";
$trojan{'61603'}="Bunker-Hill";
$trojan{'61746'}="KiLo";
$trojan{'61747'}="KiLo";
$trojan{'61979'}="CoolRemote Control";
$trojan{'62011'}="Ducktoy";
$trojan{'63485'}="Bunker-Hill";
$trojan{'64101'}="Taskman";
$trojan{'65000'}="Devil, Sockets des Troie";
$trojan{'65289'}="yoyo";
$trojan{'65421'}="Alicia";
$trojan{'65422'}="Alicia";
$trojan{'65432'}="TheTraitor (= th3tr41t0r)";
$trojan{'65530'}="WindowsMite";
$trojan{'65535'}="RC1trojan";

#code

sub ipaddr
{
  $arg = shift;
  ($oct1, $oct2, $oct3, $oct4) = split(/\./, $arg, 4);
  $result = sprintf("%03d%03d%03d%03d", $oct1, $oct2, $oct3, $oct4);
  return $result;
}

sub printattack
{
  foreach $hash (@_)
  {
    foreach(sort { $a <=> $b } keys %$hash)
    {
      $oct1 = $_;
      $hash2 = $hash->{$_};
      foreach(sort { $a <=> $b } keys %$hash2)
      {
        $oct2 = $_;
        $hash3 = $hash2->{$_};
        foreach(sort { $a <=> $b } keys %$hash3)
        {
          $oct3 = $_;
          $hash4 = $hash3->{$_};
          foreach(sort { $a <=> $b } keys %$hash4)
          {
            $oct4 = $_;
            $hash5 = $hash4->{$_};
       
            $addr = "$oct1.$oct2.$oct3.$oct4"; 
            print "$addr";
            $iaddr = inet_aton($addr);
            ($name = gethostbyaddr($iaddr, AF_INET)) && print " [$name]";
            print ": ";

            $localtotal = 0;
            foreach(sort {$a <=> $b} keys %$hash5)
            {
              $localcount = $hash5->{$_};
              $localtotal += $localcount;
              print "$_($localcount) ";
            }
            print "\| $localtotal\n";
          }
        }
      }
    }
    print "\n";
  }
}

sub printport
{
  foreach $hash (@_)
  {
    foreach(sort {$a <=> $b} keys %$hash)
    {
       print "$_ = $hash->{$_}";
       exists($trojan{$_}) && print " -> $trojan{$_}";
       print "\n";
    }
    print "\n";
  }
}

while (<>)
{
  chop();

  if (/.*Initial Connect - tarpitting: (\d+)\.(\d+)\.(\d+)\.(\d+) (\d+) -> (.+) (\d+)/)
  {
    $attacker{$1}{$2}{$3}{$4}{$7}++;
    $attacker_port{$5}++;
    $destination_port{$7}++;
    $total++;
  }
}

print "START\n";

$now_string = localtime;
print "Timestamp: $now_string\n\n";

print "Legend:\nIPaddr [reverse DNS]: port(events) ... | total events\n\n";

print "Analyzed attackers:\n";
printattack(\%attacker);

print "Victim destination ports:\n";
printport(\%destination_port);

print "Total events: $total\n";

print "\n(c) 2003. Dinko Korunic 'kreator'\n\n";

print "END\n";