Project

dvash

0.0
No commit activity in last 3 years
No release in over 3 years
Part honeypot, part defense system. Opens up ports and simulates services in order to look like an attractive target. Hosts that try to connect to the fake services are considered attackers and blocked from all access.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Runtime

 Project Readme

Gem Version

Dvash Defense

Part modular honeypot, part defense system, multithreaded and ready for IPv6. Opens up ports and simulates services in order to look like an attractive target. Hosts that try to connect to the fake services are considered attackers and blocked from all access. Heavily inspired by The Artillery Project by Dave Kennedy (ReL1K) with a passion for ruby and a thirst for knowledge.

How Does Dvash Work?

It's very alpha right now but here's where we are:

  1. Dvash is ready for Linux, Mac OS X and Windows 7 (or higher). It must be run with elevated privileges.
  2. Set parameters in the default configuration file according to your system and honeyports you want to use.
  3. Run dvash and watch it block hosts that attempt to connect to honeyports.

What are Honeyports?

Dvash is a defensive honeypot, each service that is emulated is called a honeyport as each can be designed to have it's own behaviors. Dvash is designed to be modular so adding a new honeyport service to emulate is a templated code base. Each built-in honeyport follows a few steps:

  1. When a honeyport thread starts it sits and listens for a connection.
  2. The thread forks the process when a client connects and accepts the connection.
  3. The peer address is then validate.
  4. A valid peer address will get 64 bytes of junk data.
  5. The IPv4 or IPv6 address is then blocked.
  • Linux - blocked using IPTables/IP6Tables.
  • Mac OS X - blocked using ipfw/ip6fw.
  • Windows - blocked by blackhole routing.
  1. Finally, the connection is closed and the forked process killed.

How to configure Dvash

The default Dvash configuration file can be found here. Copy this file to your system and set the parameters within it. Dvash will look for /etc/dvash.conf by default for the configuration file or you can manually point to any copy using the --config-file option in a terminal.

How to get Dvash

To install: gem install dvash

To run: sudo dvash --help