6 个版本 (破坏性变更)

0.7.0	2021 年 1 月 12 日
0.6.0	2020 年 12 月 13 日
0.5.0	2020 年 11 月 27 日
0.4.0	2020 年 3 月 12 日
0.2.0	2019 年 4 月 26 日

#104 in #ssh

MIT 许可证

24KB
488 行

tarssh

一个简单的 SSH tarpit，类似于 endlessh。

根据 RFC 4253

   The server MAY send other lines of data before sending the version
   string.  Each line SHOULD be terminated by a Carriage Return and Line
   Feed.  Such lines MUST NOT begin with "SSH-", and SHOULD be encoded
   in ISO-10646 UTF-8 [RFC3629] (language is not specified).  Clients
   MUST be able to process such lines.

换句话说，你可以通过不断地拖延来愚弄 SSH 客户端，使其等待极长时间才开始 SSH 握手。我的高分超过了两周。

这样做的目的是为了增加大规模 SSH 扫描的成本——即使是那些在第一次响应后立即断开连接的客户端也会稍微延迟一下，这样就为下一次攻击减少了一个免费连接。

使用方法

-% cargo install tarssh
-% tarssh --help
tarssh 0.7.0
A SSH tarpit server

USAGE:
    tarssh [FLAGS] [OPTIONS]

FLAGS:
        --disable-log-ident         Disable module name in logs (e.g. "tarssh")
        --disable-log-level         Disable log level in logs (e.g. "info")
        --disable-log-timestamps    Disable timestamps in logs
    -h, --help                      Prints help information
    -V, --version                   Prints version information
    -v, --verbose                   Verbose level (repeat for more verbosity)

OPTIONS:
        --chroot <chroot>              Chroot to this directory
    -d, --delay <delay>                Seconds between responses [default: 10]
    -g, --group <group>                Run as this group
    -l, --listen <listen>...           Listen address(es) to bind to [default: 0.0.0.0:2222]
    -c, --max-clients <max-clients>    Best-effort connection limit [default: 4096]
    -t, --timeout <timeout>            Socket write timeout [default: 30]
    -u, --user <user>                  Run as this user and their primary group

-% tarssh -v --disable-log-timestamps --disable-log-ident -l 0.0.0.0:2222 \[::]:2222
[INFO ] init, pid: 27344, version: 0.7.0
[INFO ] listen, addr: 0.0.0.0:2222
[INFO ] listen, addr: [::]:2222
[INFO ] privdrop, enabled: false
[INFO ] sandbox, enabled: true
[INFO ] start, servers: 2, max_clients: 4096, delay: 10s, timeout: 30s
[INFO ] connect, peer: 127.0.0.1:61986, clients: 1
[INFO ] connect, peer: 127.0.0.1:61988, clients: 2
load: 1.05  cmd: tarssh 27344 [kqread] 6.92r 0.00u 0.00s 0% 4512k
[INFO ] info, pid: 27344, signal: INFO, uptime: 6.92s, clients: 2, total: 2, bytes: 0
[INFO ] disconnect, peer: 127.0.0.1:61986, duration: 19.80s, bytes: 24, error: "Broken pipe (os error 32)", clients: 1
[INFO ] disconnect, peer: 127.0.0.1:61988, duration: 19.62s, bytes: 24, error: "Broken pipe (os error 32)", clients: 0
^C[INFO ] shutdown, pid: 27344, signal: INT, uptime: 25.39s, clients: 0, total: 2, bytes: 48

info 行是通过使用 BSD SIGINFO 信号生成的——对于缺少此功能的 Unix 平台，也支持 SIGHUP。

依赖项

~8–21MB
~237K SLoC