dvash 0.1.0 → 0.1.1

data/lib/dvash/honeyports/ipv4/rdp.rb

@@ -9,43 +9,32 @@
 #
 ###############################################################################
 module Dvash
+  #
+  # Main Honeyport class to simulate daemons
+  #
+  class Honeyport < Core
 
-	class Honeyport < Core
+    def ipv4_rdp
+      # IPv4 TCPServer object
+      # @return [TCPServer] tcp/3389 RDPd
+      server = TCPServer.new(3389)
+      # Infinite listening loop
+      loop do
+        # Fork a new instance of [TCPServer] when a client connects
+          Thread.fork(server.accept) do |client| 
+              # Make sure the client has a valid IP address
+              # @return [Boolean] true|false
+              if valid_ip?(client_ip(client)) then 
+            # Send the connected client junk data
+            client.puts(random_data)
+                # Block the IP address
+                @@os.block_ip(client_ip(client))
+              end
+              # Close the connection to the client and kill the forked process
+              client.close
+          end
+      end
+    end
 
-		def ipv4_rdp
-			#
-			# Create a new IPv4 TCPServer object
-			#
-			server = TCPServer.new(3389)
-			#
-			# Infinite loop listens on port 3389 pretending to be an RDP server
-			#
-			loop do
-					#
-					# Fork a new instance of the TCPServer object when a client connects
-					# TODO: Maybe we should not send junk data until after the client IP has been validated
-					#	
-			    Thread.fork(server.accept) do |client| 
-			    		#
-			        # Send the connected client junk data
-			        #
-			        client.puts(random_data)
-			        #
-			        # Make sure the client has a valid IP address
-			        #
-			        if valid_ip?(client_ip(client)) then 
-			        	#
-			        	# Block the IP address
-			        	#
-			        	@@os.block_ip(client_ip(client))
-			        end
-			        #
-			        # Close the connection to the client and kill the forked process
-			        #
-			        client.close
-			    end
-			end
-		end
-
-	end
+  end
 end

data/lib/dvash/honeyports/ipv4/ssh.rb

@@ -9,43 +9,32 @@
 #
 ###############################################################################
 module Dvash
+  #
+  # Main Honeyport class to simulate daemons
+  #
+  class Honeyport < Core
 
-	class Honeyport < Core
+    def ipv4_ssh
+      # IPv4 TCPServer object
+      # @return [TCPServer] tcp/22 SSHd
+      server = TCPServer.new(22)
+      # Infinite listening loop
+      loop do
+        # Fork a new instance of [TCPServer] when a client connects
+          Thread.fork(server.accept) do |client| 
+              # Make sure the client has a valid IP address
+              # @return [Boolean] true|false
+              if valid_ip?(client_ip(client)) then
+                # Send the connected client junk data
+                client.puts(random_data) 
+                # Block the IP address
+                @@os.block_ip(client_ip(client))
+              end
+              # Close the connection to the client and kill the forked process
+              client.close
+          end
+      end
+    end
 
-		def ipv4_ssh
-			#
-			# Create a new IPv4 TCPServer object
-			#
-			server = TCPServer.new(22)
-			#
-			# Infinite loop listens on port 22 pretending to be an SSH server
-			#
-			loop do
-					#
-					# Fork a new instance of the TCPServer object when a client connects
-					# TODO: Maybe we should not send junk data until after the client IP has been validated
-					#	
-			    Thread.fork(server.accept) do |client| 
-			    		#
-			        # Send the connected client junk data
-			        #
-			        client.puts(random_data)
-			        #
-			        # Make sure the client has a valid IP address
-			        #
-			        if valid_ip?(client_ip(client)) then 
-			        	#
-			        	# Block the IP address
-			        	#
-			        	@@os.block_ip(client_ip(client))
-			        end
-			        #
-			        # Close the connection to the client and kill the forked process
-			        #
-			        client.close
-			    end
-			end
-		end
-
-	end
+  end
 end

data/lib/dvash/honeyports/ipv4/telnet.rb

@@ -9,43 +9,32 @@
 #
 ###############################################################################
 module Dvash
+  #
+  # Main Honeyport class to simulate daemons
+  #
+  class Honeyport < Core
 
-	class Honeyport < Core
+    def ipv4_telnet
+      # IPv4 TCPServer object
+      # @return [TCPServer] tcp/23 Telnetd
+      server = TCPServer.new(23)
+      # Infinite listening loop
+      loop do
+        # Fork a new instance of [TCPServer] when a client connects
+          Thread.fork(server.accept) do |client| 
+              # Make sure the client has a valid IP address
+              # @return [Boolean] true|false
+              if valid_ip?(client_ip(client)) then 
+                # Send the connected client junk data
+                client.puts(random_data)
+                # Block the IP address
+                @@os.block_ip(client_ip(client))
+              end
+              # Close the connection to the client and kill the forked process
+              client.close
+          end
+      end
+    end
 
-		def ipv4_telnet
-			#
-			# Create a new IPv4 TCPServer object
-			#
-			server = TCPServer.new(23)
-			#
-			# Infinite loop listens on port 23 pretending to be an Telnet server
-			#
-			loop do
-					#
-					# Fork a new instance of the TCPServer object when a client connects
-					# TODO: Maybe we should not send junk data until after the client IP has been validated
-					#	
-			    Thread.fork(server.accept) do |client| 
-			    		#
-			        # Send the connected client junk data
-			        #
-			        client.puts(random_data)
-			        #
-			        # Make sure the client has a valid IP address
-			        #
-			        if valid_ip?(client_ip(client)) then 
-			        	#
-			        	# Block the IP address
-			        	#
-			        	@@os.block_ip(client_ip(client))
-			        end
-			        #
-			        # Close the connection to the client and kill the forked process
-			        #
-			        client.close
-			    end
-			end
-		end
-
-	end
+  end
 end

data/lib/dvash/honeyports/ipv6/http.rb

@@ -9,43 +9,32 @@
 #
 ###############################################################################
 module Dvash
+  #
+  # Main Honeyport class to simulate daemons
+  #
+  class Honeyport < Core
 
-	class Honeyport < Core
+    def ipv6_http
+      # IPv6 TCPServer object
+      # @return [TCPServer] tcp/80 HTTPd
+      server = TCPServer.new('::', 80)
+      # Infinite listening loop
+      loop do
+        # Fork a new instance of [TCPServer] when a client connects
+          Thread.fork(server.accept) do |client| 
+              # Make sure the client has a valid IP address
+              # @return [Boolean] true|false
+              if valid_ip?(client_ip(client)) then 
+                # Send the connected client junk data
+                client.puts(random_data)
+                # Block the IP address
+                @@os.block_ip(client_ip(client))
+              end
+              # Close the connection to the client and kill the forked process
+              client.close
+          end
+      end
+    end
 
-		def ipv6_http
-			#
-			# Create a new IPv6 TCPServer object
-			#
-			server = TCPServer.new('::', 80)
-			#
-			# Infinite loop listens on port 80 pretending to be an HTTP server
-			#
-			loop do
-					#
-					# Fork a new instance of the TCPServer object when a client connects
-					# TODO: Maybe we should not send junk data until after the client IP has been validated
-					#	
-			    Thread.fork(server.accept) do |client| 
-			    		#
-			        # Send the connected client junk data
-			        #
-			        client.puts(random_data)
-			        #
-			        # Make sure the client has a valid IP address
-			        #
-			        if valid_ip?(client_ip(client)) then 
-			        	#
-			        	# Block the IP address
-			        	#
-			        	@@os.block_ip(client_ip(client))
-			        end
-			        #
-			        # Close the connection to the client and kill the forked process
-			        #
-			        client.close
-			    end
-			end
-		end
-
-	end
+  end
 end

data/lib/dvash/honeyports/ipv6/rdp.rb

@@ -9,43 +9,32 @@
 #
 ###############################################################################
 module Dvash
+  #
+  # Main Honeyport class to simulate daemons
+  #
+  class Honeyport < Core
 
-	class Honeyport < Core
+    def ipv6_rdp
+      # IPv6 TCPServer object
+      # @return [TCPServer] tcp/3389 RDPd
+      server = TCPServer.new('::', 3389)
+      # Infinite listening loop
+      loop do
+        # Fork a new instance of [TCPServer] when a client connects
+          Thread.fork(server.accept) do |client| 
+              # Make sure the client has a valid IP address
+              # @return [Boolean] true|false
+              if valid_ip?(client_ip(client)) then 
+                # Send the connected client junk data
+                client.puts(random_data)
+                # Block the IP address
+                @@os.block_ip(client_ip(client))
+              end
+              # Close the connection to the client and kill the forked process
+              client.close
+          end
+      end
+    end
 
-		def ipv6_rdp
-			#
-			# Create a new IPv6 TCPServer object
-			#
-			server = TCPServer.new('::', 3389)
-			#
-			# Infinite loop listens on port 3389 pretending to be an RDP server
-			#
-			loop do
-					#
-					# Fork a new instance of the TCPServer object when a client connects
-					# TODO: Maybe we should not send junk data until after the client IP has been validated
-					#	
-			    Thread.fork(server.accept) do |client| 
-			    		#
-			        # Send the connected client junk data
-			        #
-			        client.puts(random_data)
-			        #
-			        # Make sure the client has a valid IP address
-			        #
-			        if valid_ip?(client_ip(client)) then 
-			        	#
-			        	# Block the IP address
-			        	#
-			        	@@os.block_ip(client_ip(client))
-			        end
-			        #
-			        # Close the connection to the client and kill the forked process
-			        #
-			        client.close
-			    end
-			end
-		end
-
-	end
+  end
 end

data/lib/dvash/honeyports/ipv6/ssh.rb

@@ -9,43 +9,32 @@
 #
 ###############################################################################
 module Dvash
+  #
+  # Main Honeyport class to simulate daemons
+  #
+  class Honeyport < Core
 
-	class Honeyport < Core
+    def ipv6_ssh
+      # IPv6 TCPServer object
+      # @return [TCPServer] tcp/22 SSHd
+      server = TCPServer.new('::', 22)
+      # Infinite listening loop
+      loop do
+        # Fork a new instance of [TCPServer] when a client connects
+          Thread.fork(server.accept) do |client| 
+              # Make sure the client has a valid IP address
+              # @return [Boolean] true|false
+              if valid_ip?(client_ip(client)) then 
+                # Send the connected client junk data
+                client.puts(random_data)
+                # Block the IP address
+                @@os.block_ip(client_ip(client))
+              end
+              # Close the connection to the client and kill the forked process
+              client.close
+          end
+      end
+    end
 
-		def ipv6_ssh
-			#
-			# Create a new IPv6 TCPServer object
-			#
-			server = TCPServer.new('::', 22)
-			#
-			# Infinite loop listens on port 22 pretending to be an SSH server
-			#
-			loop do
-					#
-					# Fork a new instance of the TCPServer object when a client connects
-					# TODO: Maybe we should not send junk data until after the client IP has been validated
-					#	
-			    Thread.fork(server.accept) do |client| 
-			    		#
-			        # Send the connected client junk data
-			        #
-			        client.puts(random_data)
-			        #
-			        # Make sure the client has a valid IP address
-			        #
-			        if valid_ip?(client_ip(client)) then 
-			        	#
-			        	# Block the IP address
-			        	#
-			        	@@os.block_ip(client_ip(client))
-			        end
-			        #
-			        # Close the connection to the client and kill the forked process
-			        #
-			        client.close
-			    end
-			end
-		end
-
-	end
+  end
 end

data/lib/dvash/os/linux.rb

@@ -1,70 +1,48 @@
 module Dvash
+  #
+  # Used by Linux systems to leverage IPTables for blocking all of the peoples
+  #
+  class Linux < Core
 
-	class Linux < Core
+    def initialize
+      # Make sure we have binaries for iptables using the paths
+      # set in the configuration file
+      unless File.exist?(@@cfgfile['iptables']['ipv4'])
+        # TODO: Use [logger] gem to output debug information
+        puts "can't find iptables"
+        exit
+      end
+      # Do not create a new iptables chain if one already exists
+      unless `"#{@@cfgfile['iptables']['ipv4']}" -L INPUT`.include?('DVASH')
+        # Create a new DVASH chain
+        system("#{@@cfgfile['iptables']['ipv4']} -N DVASH")
+        # Flush the DVASH chain
+        system("#{@@cfgfile['iptables']['ipv4']} -F DVASH")
+        # Associate the DVASH chain to INPUT chain
+        system("#{@@cfgfile['iptables']['ipv4']} -I INPUT -j DVASH")
+      end
+      # Do not create a new ip6tables chain if one already exists
+      unless `"#{@@cfgfile['iptables']['ipv6']}" -L INPUT`.include?('DVASH')
+        # Create a new DVASH chain
+        system("#{@@cfgfile['iptables']['ipv6']} -N DVASH")
+        # Flush the DVASH chain
+        system("#{@@cfgfile['iptables']['ipv6']} -F DVASH")
+        # Associate the DVASH chain to INPUT chain
+        system("#{@@cfgfile['iptables']['ipv6']} -I INPUT -j DVASH")
+      end
+    end
 
-		def initialize
-			#
-			# Check to make sure we have binaries for iptables using the paths
-			# set in the configuration file
-			#
-			unless File.exist?(@@cfgfile['iptables']['ipv4'])
-				# TODO: Use 'logger' gem to output debug information
-				puts "can't find iptables"
-				exit
-			end
+    def block_ip(address)
+      # Block the client IP address using iptables binaries set in the conf file
+      if IPAddr.new("#{address}").ipv4? then
+        system("#{@@cfgfile['iptables']['ipv4']} -I DVASH -s #{address} -j DROP")
+      end
 
-			#
-			# Do not create a new iptables chain if one already exists
-			#
-			unless `"#{@@cfgfile['iptables']['ipv4']}" -L INPUT`.include?('DVASH')
-				#
-				# Create a new DVASH chain
-				#
-				system("#{@@cfgfile['iptables']['ipv4']} -N DVASH")
-				#
-				# Flush the DVASH chain
-				#
-				system("#{@@cfgfile['iptables']['ipv4']} -F DVASH")
-				#
-				# Associate the DVASH chain to INPUT chain
-				#
-				system("#{@@cfgfile['iptables']['ipv4']} -I INPUT -j DVASH")
-			end
+      # Block the client IP address using ip6tables binaries set in the conf file
+      if IPAddr.new("#{address}").ipv6? then
+        system("#{@@cfgfile['iptables']['ipv6']} -I DVASH -s #{address} -j DROP")
+      end
+    end
 
-			#
-			# Do not create a new ip6tables chain if one already exists
-			#
-			unless `"#{@@cfgfile['iptables']['ipv6']}" -L INPUT`.include?('DVASH')
-				#
-				# Create a new DVASH chain
-				#
-				system("#{@@cfgfile['iptables']['ipv6']} -N DVASH")
-				#
-				# Flush the DVASH chain
-				#
-				system("#{@@cfgfile['iptables']['ipv6']} -F DVASH")
-				#
-				# Associate the DVASH chain to INPUT chain
-				#
-				system("#{@@cfgfile['iptables']['ipv6']} -I INPUT -j DVASH")
-			end
-		end
-
-		def block_ip(address)
-			#
-			# Block the client IP address using iptables binaries set in the configuration file
-			#
-			if IPAddr.new("#{address}").ipv4? then
-				system("#{@@cfgfile['iptables']['ipv4']} -I DVASH -s #{address} -j DROP")
-			end
-
-			#
-			# Block the client IP address using ip6tables binaries set in the configuration file
-			#
-			if IPAddr.new("#{address}").ipv6? then
-				system("#{@@cfgfile['iptables']['ipv6']} -I DVASH -s #{address} -j DROP")
-			end
-		end
-
-	end
+  end
 end