Go to file

serxoz a2357178cc Merge pull request 'removed naive .unwrap() on a String::from_utf8() that parses data received from the savage internet' (#4 ) from dev into main Reviewed-on: #4		2024-04-23 11:09:47 +02:00
doc	responde a un register con unauthorized	2022-12-07 13:52:00 +01:00
installation/openbsd	remember rotate logs	2024-04-17 13:37:16 +02:00
src	removed naive .unwrap() on a String::from_utf8() that parses data received from the savage internet	2024-04-23 11:08:44 +02:00
.gitignore	starting with sqlite to save suspicious IP addr	2024-04-17 17:58:25 +02:00
Cargo.lock	starting with sqlite to save suspicious IP addr	2024-04-17 17:58:25 +02:00
Cargo.toml	starting with sqlite to save suspicious IP addr	2024-04-17 17:58:25 +02:00
Dockerfile	docker container	2024-04-16 17:39:33 +02:00
LICENSE	added license	2024-04-17 13:51:01 +02:00
Makefile	some aclarations on README	2024-04-17 13:43:46 +02:00
README.md	action script	2024-04-18 13:43:01 +02:00
action_script.sh	clarifications on example action script	2024-04-18 17:34:26 +02:00
config.toml	action script	2024-04-18 13:43:01 +02:00
fuzz.py	removed naive .unwrap() on a String::from_utf8() that parses data received from the savage internet	2024-04-23 11:08:44 +02:00

README.md

SIP tarpit

The idea is that a SIP attacker lost more time while trying to crack this "SIP service". Could be defined as a slow honeypot...

Initially will be designed against a sipvicious attacker.

SIP features:

Answer to OPTIONS This way will be mapped in the network
Answer to REGISTER This way attacker will be entertained for some time... :D

Use

Docker: simply do make docker-build && make docker-run
Install: enter installation directory and run install.sh

Configure

Read config.toml and adapt it to your preferences. Keep in mind that for docker use you want to keep log_file="CONSOLE".

Action Script

You can configure action script by adding it to config.toml. When a new suspicious IP address is detected, the script will be executed. See action_script.sh for an example.