dvash 0.0.6 → 0.0.7

data/dvash.gemspec

@@ -2,15 +2,15 @@
 
 Gem::Specification.new do |s|
   s.name = "dvash"
-  s.version = "0.0.6"
+  s.version = "0.0.7"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Ari Mizrahi"]
-  s.date = "2013-04-28"
+  s.date = "2013-04-29"
   s.description = "Part honeypot, part defense system.  Opens up ports and simulates services in order to look like an attractive target.  Hosts that try to connect to the fake services are considered attackers and blocked from all access."
   s.email = "codemunchies@gmail.com"
   s.executables = ["dvash"]
-  s.files = ["etc/dvash-baseline.conf", "lib/dvash/honeyports/ipv4/http.rb", "lib/dvash/honeyports/ipv6/http.rb", "lib/dvash/os/linux.rb", "lib/dvash/os/mac.rb", "lib/dvash/os/windows.rb", "lib/dvash/application.rb", "lib/dvash/core.rb", "lib/dvash.rb", "dvash.gemspec", "Gemfile"]
+  s.files = ["etc/dvash-baseline.conf", "lib/dvash/honeyports/ipv4/http.rb", "lib/dvash/honeyports/ipv4/rdp.rb", "lib/dvash/honeyports/ipv4/ssh.rb", "lib/dvash/honeyports/ipv4/telnet.rb", "lib/dvash/honeyports/ipv6/http.rb", "lib/dvash/honeyports/ipv6/rdp.rb", "lib/dvash/honeyports/ipv6/ssh.rb", "lib/dvash/os/linux.rb", "lib/dvash/os/mac.rb", "lib/dvash/os/windows.rb", "lib/dvash/application.rb", "lib/dvash/core.rb", "lib/dvash.rb", "dvash.gemspec", "Gemfile"]
   s.homepage = "http://github.com/codemunchies/dvash"
   s.require_paths = ["lib"]
   s.rubygems_version = "1.8.25"

data/lib/dvash.rb

@@ -30,7 +30,7 @@ module Dvash
     # A command-line interface using OptionParser
     #
     OptionParser.new do |opts|
-      opts.banner = "Dvash 0.0.6 ( http://www.github.com/codemunchies/dvash )\n"
+      opts.banner = "Dvash 0.0.7 ( http://www.github.com/codemunchies/dvash )\n"
       opts.banner += "Usage: dvash [options]"
       #
       # Option to set an alternate configuration file

data/lib/dvash/honeyports/ipv4/rdp.rb

@@ -0,0 +1,51 @@
+###############################################################################
+#
+#  Dvash Defense - RDP IPv4 Honeyport
+#  version 1.0
+#
+#  Written By: Ari Mizrahi
+#
+#  Honeyport to simulate rdp server
+#
+###############################################################################
+module Dvash
+
+	class Honeyport < Core
+
+		def ipv4_rdp
+			#
+			# Create a new IPv4 TCPServer object
+			#
+			server = TCPServer.new(3389)
+			#
+			# Infinite loop listens on port 3389 pretending to be an RDP server
+			#
+			loop do
+					#
+					# Fork a new instance of the TCPServer object when a client connects
+					# TODO: Maybe we should not send junk data until after the client IP has been validated
+					#	
+			    Thread.fork(server.accept) do |client| 
+			    		#
+			        # Send the connected client junk data
+			        #
+			        client.puts(random_data)
+			        #
+			        # Make sure the client has a valid IP address
+			        #
+			        if valid_ip?(client_ip(client)) then 
+			        	#
+			        	# Block the IP address
+			        	#
+			        	@@os.block_ip(client_ip(client))
+			        end
+			        #
+			        # Close the connection to the client and kill the forked process
+			        #
+			        client.close
+			    end
+			end
+		end
+
+	end
+end

data/lib/dvash/honeyports/ipv4/ssh.rb

@@ -0,0 +1,51 @@
+###############################################################################
+#
+#  Dvash Defense - SSHd IPv4 Honeyport
+#  version 1.0
+#
+#  Written By: Ari Mizrahi
+#
+#  Honeyport to simulate sshd server
+#
+###############################################################################
+module Dvash
+
+	class Honeyport < Core
+
+		def ipv4_ssh
+			#
+			# Create a new IPv4 TCPServer object
+			#
+			server = TCPServer.new(22)
+			#
+			# Infinite loop listens on port 22 pretending to be an SSH server
+			#
+			loop do
+					#
+					# Fork a new instance of the TCPServer object when a client connects
+					# TODO: Maybe we should not send junk data until after the client IP has been validated
+					#	
+			    Thread.fork(server.accept) do |client| 
+			    		#
+			        # Send the connected client junk data
+			        #
+			        client.puts(random_data)
+			        #
+			        # Make sure the client has a valid IP address
+			        #
+			        if valid_ip?(client_ip(client)) then 
+			        	#
+			        	# Block the IP address
+			        	#
+			        	@@os.block_ip(client_ip(client))
+			        end
+			        #
+			        # Close the connection to the client and kill the forked process
+			        #
+			        client.close
+			    end
+			end
+		end
+
+	end
+end

data/lib/dvash/honeyports/ipv4/telnet.rb

@@ -0,0 +1,51 @@
+###############################################################################
+#
+#  Dvash Defense - Telnetd IPv4 Honeyport
+#  version 1.0
+#
+#  Written By: Ari Mizrahi
+#
+#  Honeyport to simulate telnetd server
+#
+###############################################################################
+module Dvash
+
+	class Honeyport < Core
+
+		def ipv4_telnet
+			#
+			# Create a new IPv4 TCPServer object
+			#
+			server = TCPServer.new(23)
+			#
+			# Infinite loop listens on port 23 pretending to be an Telnet server
+			#
+			loop do
+					#
+					# Fork a new instance of the TCPServer object when a client connects
+					# TODO: Maybe we should not send junk data until after the client IP has been validated
+					#	
+			    Thread.fork(server.accept) do |client| 
+			    		#
+			        # Send the connected client junk data
+			        #
+			        client.puts(random_data)
+			        #
+			        # Make sure the client has a valid IP address
+			        #
+			        if valid_ip?(client_ip(client)) then 
+			        	#
+			        	# Block the IP address
+			        	#
+			        	@@os.block_ip(client_ip(client))
+			        end
+			        #
+			        # Close the connection to the client and kill the forked process
+			        #
+			        client.close
+			    end
+			end
+		end
+
+	end
+end

data/lib/dvash/honeyports/ipv6/rdp.rb

@@ -0,0 +1,51 @@
+###############################################################################
+#
+#  Dvash Defense - RDP IPv6 Honeyport
+#  version 1.0
+#
+#  Written By: Ari Mizrahi
+#
+#  Honeyport to simulate rdp server
+#
+###############################################################################
+module Dvash
+
+	class Honeyport < Core
+
+		def ipv6_rdp
+			#
+			# Create a new IPv6 TCPServer object
+			#
+			server = TCPServer.new('::', 3389)
+			#
+			# Infinite loop listens on port 3389 pretending to be an RDP server
+			#
+			loop do
+					#
+					# Fork a new instance of the TCPServer object when a client connects
+					# TODO: Maybe we should not send junk data until after the client IP has been validated
+					#	
+			    Thread.fork(server.accept) do |client| 
+			    		#
+			        # Send the connected client junk data
+			        #
+			        client.puts(random_data)
+			        #
+			        # Make sure the client has a valid IP address
+			        #
+			        if valid_ip?(client_ip(client)) then 
+			        	#
+			        	# Block the IP address
+			        	#
+			        	@@os.block_ip(client_ip(client))
+			        end
+			        #
+			        # Close the connection to the client and kill the forked process
+			        #
+			        client.close
+			    end
+			end
+		end
+
+	end
+end

data/lib/dvash/honeyports/ipv6/ssh.rb

@@ -0,0 +1,51 @@
+###############################################################################
+#
+#  Dvash Defense - SSHd IPv4 Honeyport
+#  version 1.0
+#
+#  Written By: Ari Mizrahi
+#
+#  Honeyport to simulate sshd server
+#
+###############################################################################
+module Dvash
+
+	class Honeyport < Core
+
+		def ipv6_ssh
+			#
+			# Create a new IPv6 TCPServer object
+			#
+			server = TCPServer.new('::', 22)
+			#
+			# Infinite loop listens on port 22 pretending to be an SSH server
+			#
+			loop do
+					#
+					# Fork a new instance of the TCPServer object when a client connects
+					# TODO: Maybe we should not send junk data until after the client IP has been validated
+					#	
+			    Thread.fork(server.accept) do |client| 
+			    		#
+			        # Send the connected client junk data
+			        #
+			        client.puts(random_data)
+			        #
+			        # Make sure the client has a valid IP address
+			        #
+			        if valid_ip?(client_ip(client)) then 
+			        	#
+			        	# Block the IP address
+			        	#
+			        	@@os.block_ip(client_ip(client))
+			        end
+			        #
+			        # Close the connection to the client and kill the forked process
+			        #
+			        client.close
+			    end
+			end
+		end
+
+	end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dvash
 version: !ruby/object:Gem::Version
-  version: 0.0.6
+  version: 0.0.7
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-04-28 00:00:00.000000000 Z
+date: 2013-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: parseconfig
@@ -54,7 +54,12 @@ extra_rdoc_files: []
 files:
 - etc/dvash-baseline.conf
 - lib/dvash/honeyports/ipv4/http.rb
+- lib/dvash/honeyports/ipv4/rdp.rb
+- lib/dvash/honeyports/ipv4/ssh.rb
+- lib/dvash/honeyports/ipv4/telnet.rb
 - lib/dvash/honeyports/ipv6/http.rb
+- lib/dvash/honeyports/ipv6/rdp.rb
+- lib/dvash/honeyports/ipv6/ssh.rb
 - lib/dvash/os/linux.rb
 - lib/dvash/os/mac.rb
 - lib/dvash/os/windows.rb