drosera

Crates.iodrosera
lib.rsdrosera
version0.3.2
sourcesrc
created_at2020-12-13 22:27:22.656911
updated_at2022-09-20 23:57:13.195531
descriptionSmall and fairly efficient SSH tarpit server
homepage
repositoryhttps://github.com/LimeEng/drosera/
max_upload_size
id322540
size24,555
Emil Englesson (LimeEng)

documentation

README

CI status Latest version

Drosera

Drosera is a small SSH tarpit server. Inspired by endlessh.

When initiating a SSH session, the server first sends a version string to the client before communication begins. However, tarpits like drosera can exploit the following paragraph in the SSH specification, found in RFC 4253:

The server MAY send other lines of data before sending the version
string.  Each line SHOULD be terminated by a Carriage Return and Line
Feed.  Such lines MUST NOT begin with "SSH-", and SHOULD be encoded
in ISO-10646 UTF-8 [RFC3629] (language is not specified).  Clients
MUST be able to process such lines.

It is thus incredibly easy to trap ill-configured clients in a tarpit by simply never sending the version string. To keep the connection alive, some data should be sent periodically.

Drosera, like its beautiful namesake, is designed to thrive in memory-constrained environments while feeding on the numerous blood-sucking drones seeking prey on the Internet.

Table of Contents

Installation

If you want to download and use drosera you have a couple of alternatives. If you have cargo installed, you can download and install the latest published version by running the following command:

cargo install drosera

You can also download and install from the latest commit on master, by running the following command:

cargo install --git https://github.com/LimeEng/drosera

If you do not have cargo installed it is also possible to download a pre-built binary for either Windows, Linux or macOS from the releases-page.

Usage

Simply run ./drosera --help to obtain the following output:

drosera 0.3.2
Tarpit SSH server

USAGE:
    drosera.exe [OPTIONS]

OPTIONS:
    -d <delay>                  Approximately wait this long before sending more data (in
                                milliseconds) [default: 10000]
    -h, --help                  Print help information
    -m <max_connections>        The maximum number of connections maintained at once [default: 1024]
    -s <socket_addr>            The socket address to bind to [default: 127.0.0.1:22]
    -V, --version               Print version information

Risks

Running tarpits servers at all might not be a good idea. An adversary might even be able to exploit a vulnerability in drosera to gain access to the machine it's running on. Adversaries could also launch massive denial-of-service attacks, quickly consuming what little memory is available and crashing the server.

Commit count: 27

cargo fmt