Open russhaun opened 2 years ago
I've built a sniffer using the AnsweringMachine library available in scapy. this gives me direct access @ the packet level to be able to manipulate any queries coming at artillery ports. I have alpha's of 2 types of servers. one acts like a tarpit where i never send the final syn packet effectively hanging the attacker. the other grabs the artillery response packet and modifies it to be the proper response for the service you are trying to act like, ex: if you are running artillery on tcp 80 it always responds with a "200 ok" for whatever path you ask it for basically killing web spiders/scanners. or acting as an iis server or any other web server you want. Basically gives you full control over the responses that artillery can\will give in any situation. on a side note i have a super alpha that attempts to stop dos attacks by tracking the # of incoming packets on a port and if it passes a threshold it throttles down the speed of the affected port still need more testing done on this though
sniffer function available needs work though. working on it