X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=active-response%2Fwin%2Froute-null.cmd;fp=active-response%2Fwin%2Froute-null.cmd;h=6838c7aa7b77dec4e0aaa9691015bd49ce19b313;hp=3960e31590ea1f825492cb691aada49a8c1aa718;hb=789cbc8e52da68eba3517b920ef22e000cf3c9fd;hpb=ef70704f0b31b59bb719b884d6a99cb9e3e2044a

diff --git a/active-response/win/route-null.cmd b/active-response/win/route-null.cmd
index 3960e31..6838c7a 100644
--- a/active-response/win/route-null.cmd
+++ b/active-response/win/route-null.cmd
@@ -1,31 +1,38 @@
-:: Simple script to null route an ip address.
-@ECHO OFF
-ECHO.
-
-
-:: Logging it all
-FOR /F "TOKENS=1* DELIMS= " %%A IN ('DATE/T') DO SET DATE=%%B
-FOR /F "TOKENS=1* DELIMS= " %%A IN ('TIME/T') DO SET TIME=%%A
-ECHO %DATE% %TIME% %0 %1 %2 %3 %4 %5 %6 %7 %8 %9 >> active-response/active-responses.log
-
-
-IF "%1"=="add" GOTO ADD
-IF "%1"=="delete" GOTO DEL
-:ERROR
-
-ECHO "Invalid argument. %1"
-GOTO Exit;
-
-
-:: Adding to the blocked.
-
-:ADD
-:: Extracts last ip address from ipconfig.
-FOR /F "TOKENS=2* DELIMS=:" %%A IN ('IPCONFIG ^| FIND "IP"') DO FOR %%B IN (%%A) DO SET IPADDR=%%B
-route add %3  mask 255.255.255.255 %IPADDR%
-GOTO Exit;
-
-:DEL
-route delete %3
-
-:Exit
+:: Script to null route an ip address.
+@ECHO OFF
+ECHO.
+
+:: Set some variables
+FOR /F "TOKENS=1* DELIMS= " %%A IN ('DATE/T') DO SET DAT=%%A %%B
+FOR /F "TOKENS=1-3 DELIMS=:" %%A IN ("%TIME%") DO SET TIM=%%A:%%B:%%C
+
+:: Check for required arguments
+IF /I "%1"=="" GOTO ERROR
+IF /I "%1"=="add" GOTO ADD
+IF /I "%1"=="delete" GOTO DEL
+
+:ERROR
+ECHO Invalid argument(s).
+ECHO Usage: route-null.cmd ^(ADD^|DELETE^) IPv4 Address 
+ECHO Example: route-null.cmd ADD 1.2.3.4
+EXIT /B 1
+
+
+:: Adding IP to be null-routed. IP will be routed to local machine IP
+
+:ADD
+:: Check for a valid IP
+ECHO "%2" | %WINDIR%\system32\findstr.exe /R "[0-2][0-9]*[0-9]*\.[0-2][0-9]*[0-9]*\.[0-2][0-9]*[0-9]*\.[0-2][0-9]*[0-9]*" >nul || ECHO Invalid IP && EXIT /B 2 
+:: Extracts last ip address from ipconfig and routes to this address. Windows will not allow routing to 127.0.0.1
+FOR /F "TOKENS=2* DELIMS=:" %%A IN ('%WINDIR%\system32\ipconfig.exe ^| %WINDIR%\system32\findstr.exe /R /C:"IPv*4* Address"') DO FOR %%B IN (%%A) DO SET IPADDR=%%B
+%WINDIR%\system32\route.exe ADD %2 MASK 255.255.255.255 %IPADDR%
+:: Log it
+ECHO %DAT%%TIM% %~dp0%0 %1 - %2 >> "%OSSECPATH%active-response\active-responses.log"
+GOTO EXIT
+
+:DEL
+ECHO "%2" | %WINDIR%\system32\findstr.exe /R "[0-2][0-9]*[0-9]*\.[0-2][0-9]*[0-9]*\.[0-2][0-9]*[0-9]*\.[0-2][0-9]*[0-9]*" >nul || ECHO Invalid IP && EXIT /B 2
+%WINDIR%\system32\route.exe DELETE %2
+ECHO %DAT%%TIM% %~dp0%0 %1 - %2 >> "%OSSECPATH%active-response\active-responses.log"
+
+:EXIT /B 0: