Endlessh
#Threat Defense#Honeypots
Multi-honeypot platform with various honeypots and monitoring tools.
Endlessh: An SSH Tarpit for Random Banners
Endlessh is an SSH tarpit that slowly delivers an endless stream of random SSH banners.
It keeps SSH clients locked for extended periods
It keeps SSH clients locked up for several hours or even days at a time.
The Purpose of Using a Tarpit
The purpose is to move your actual SSH server to a different port, allowing the script kiddies to get caught in this tarpit instead of bothering your real server. Since the tarpit displays its banner before any cryptographic exchange takes place, this program does not rely on any cryptographic libraries.
It's a straightforward, single-threaded, standalone C program
It's a straightforward, single-threaded, standalone C program that operates independently.
Using poll() to Handle Multiple Clients Simultaneously
You can view usage information by using the -h option.
Usage:
endlessh [-vhs] [-d MS] [-f CONFIG] [-l LEN] [-m LIMIT] [-p PORT]
-4 Bind to IPv4 only
-6 Bind to IPv6 only
-d INT Set the message delay in milliseconds [default: 10000]
-f Specify and load the configuration file [/etc/endlessh/config]
-h Display this help message and exit
-l INT Set the maximum banner line length (range: 3-255) [default: 32]
-m INT Set the maximum number of clients allowed [default: 4096]
-p INT Specify the listening port [default: 2222]
-s Send diagnostic messages to syslog instead of standard output
-v Enable diagnostics (can be repeated)
Note: The order of arguments is important.
The configuration file loading process
The configuration file is loaded when the -f argument is processed. Therefore, only the options that come after this argument will override the configuration settings.