Tarpit command application that may slow down malicious attempts to scan a system.
Supported Protocols:
- SSH
- HTTP
$ make linux-amd64
GOOS=linux GOARCH=amd64 go build -o "build/tarpit-linux-amd64"
This command will build the application in build/tarpit-linux-amd64. We can then run the tarpit on an unprivileged port (e.g. 2222).
$ ./build/tarpit-linux-amd64 -P ssh -p 2222
Or you can run it on a privileged port with sudo.
$ sudo ./build/tarpit-linux-amd64 -P ssh -p 22
Usage of ./tarpit:
-b, --bind-address string address to bind the socket to
-d, --delay string delay between the tarpit keep-alive data packets (default "10s")
-g, --gid uint16 setgid, after creating a listening socket
-p, --port uint16 TCP port, leave it 0 for service default
-P, --proto string protocol to tarpit (default "ssh")
-u, --uid uint16 setuid, after creating a listening socket
-v, --version show current version
The ports < 1024 require superuser privileges. The command allows to drop superuser privileges (using setuid/setgid), right after it acquires a listening socket. Thus, allowing to bind to a privileged port and start serving as a regular unprivileged user. This is done by running the command as a superuser (e.g. with sudo) and setting the -u/--uid <uid> and -g/--gid <gid> command line flags.
$ sudo ./build/tarpit-linux-amd64 -P ssh -p 22 -u "$(id -u)" -g "$(id -g)"
Thanks to nullprogram.com / @skeeto for the article about tarpits that served as an inspiration for this application.