honeydany/app/services/rdp.go

package services

import (
    "encoding/binary"
    "net"
    "strconv"
    "time"
)

func NewRDPHandler(log LoggerFunc) Handler {
    return func(conn net.Conn) {
        defer conn.Close()
        remote := conn.RemoteAddr().String()
        conn.SetDeadline(time.Now().Add(30 * time.Second))
        buf := make([]byte, 2048)
        n, err := conn.Read(buf)
        if err != nil { return }
        det := map[string]string{"event":"protocol_attempt","bytes_received":strconv.Itoa(n)}
        if n >= 4 {
            // TPKT Header: 0x03 0x00 length(2)
            if buf[0] == 0x03 && buf[1] == 0x00 {
                tpktLen := int(binary.BigEndian.Uint16(buf[2:4]))
                det["tpkt_len"] = strconv.Itoa(tpktLen)
                if n >= 7 {
                    // Basic X.224 header follows; first byte of X.224 should be length
                    det["x224_len"] = strconv.Itoa(int(buf[4]))
                    det["x224_type"] = strconv.Itoa(int(buf[5])) // likely 0xE0 for CR TPDU
                }
            }
        }
        log(Record{Timestamp: Now(), RemoteAddr: remoteIP(remote), RemotePort: remotePort(remote), Service: "rdp", Details: det})
        // Send short failure/abort PDU to conclude early but cleanly
        _, _ = conn.Write([]byte{0x03,0x00,0x00,0x0b,0x02,0xf0,0x80,0x04,0x01,0x00,0x01})
    }
}