-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathREADME
38 lines (26 loc) · 1.26 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
BearTrap v0.2-beta
BearTrap is meant to be a portable network defense utility written entirely in
Ruby. It opens "trigger" ports on the host that an attacker would connect to.
When the attacker connects and/or performs some interactions with the trigger
an alert is raised and the attacker's ip address is potentially blacklisted.
The idea came from listening to the PaulDotCom Security Podcast
(http://pauldotcom.com/security-weekly/) particularly episodes 203 and 204 as
the concept of honeyports is described.
Dependencies:
Ruby 1.9.x interpreter
Installation varies from system to system.
getopt ruby gem
Install with 'gem install getopt'
Installation:
No installation required. Simply edit the configuration file, config.yml. It
should be fairly well documented and/or self-explanatory. If its not, check
out the support section below.
Usage:
ruby bear_trap.rb -c config.yml
Running as root is recommended, as most blacklisting tools (pfctl, iptables,
etc) must be ran as root.
Support:
If you have any significant problems, send me an email at
chrisbdaemon [at] gmail.com with BearTrap somewhere in the subject.
If you would like to contribute, go ahead and fork the github repo, make your
changes and send a pull request (see http://help.github.com/fork-a-repo/).