Git Product home page Git Product logo

iptrap's Introduction

Build Status

IPtrap 2

A fast, stateless TCP sinkhole, implemented in Rust. Performs TCP handshakes on all ports and logs the initial payload.

See A sinkhole that never clogs for an introduction.

Dependencies:

  • libpcap-dev
  • libzmq3-dev or libzmq4-dev
  • rust-nightly

Compilation:

git submodule update --init --recursive
cargo build --release

Usage

IPTrap implements its own TCP/IP stack, and the network interface it is listening on shouldn't have any IP address configured for the kernel.

However, IPTrap doesn't respond to ARP requests: a tool such as fakearpd can be used for that purpose.

iptrap <device> <local ip address> <uid> <gid>

Starts the sinkhole. Although it requires root privileges in order to directly open the network interface, it also requires a non-root uid to drop its privileges as soon as possible.

IPTrap listens to all TCP ports, with the exception of port 22.

The sinkhole logs are available as JSON data on a ZeroMQ PUB socket on port 9922.

iptrap's People

Contributors

jedisct1 avatar lehouatais avatar pythonesque avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

pythonesque shpedoikal cloudxtreme kkirsche sergrous maxsaxedesignsecurity frohoff r00tguard emtee40 shanawarkhan dynamc lehouatais jonrog itsintern doytsujin ethicalsecurity-agency

iptrap's Issues

Iptrap2 on Amazon aws

Hi!

I am having trouble setting up iptrap2 on amazon ec2 instance. I am not sure if it is even possible (this is not my area of expertise). Is it possible?

After compiling and running the executable i am getting this error:

./target/release/iptrap eth1 172.32.1.9 1000 1000

thread 'main' panicked at 'called Result::unwrap() on an Err value: ": SIOCETHTOOL(ETHTOOL_GET_TS_INFO) ioctl failed: No such device"', /checkout/src/libcore/result.rs:906:4

eth1 is a secondary network interface with public ip. I tried running iptrap with both eth1 not configured in /etc/network/interfaces and configured.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.