Skip to Content.
Sympa Menu

rare-users - Re: [RARE-users] freeRtr security questions

Subject: RARE user and assistance email list

List archive

Re: [RARE-users] freeRtr security questions


Chronological Thread 
  • From: mc36 <>
  • To: Gabriel Tetzner <>, "" <>
  • Subject: Re: [RARE-users] freeRtr security questions
  • Date: Wed, 15 Jun 2022 19:05:38 +0200

hi,
so the honeypot is really simple, it just keeps a port open and executes a
script as in the devvie config:
https://github.com/rare-freertr/freeRtr/blob/3c0105ac87615b0e5f83c645fa097cb024d89289/rtr-sw.txt#L927
it's power comes that as a standard server, it could be combined with any
other protection mechanisms
a server could have in freerouter: curl http://www.freertr.org/tests.html |
grep crypt-acc
basically each are very useful, for example the subnet will check if a given
/24 /64 have
excessive connections, and all these could be combined with the blackholer,
who, once a
guy/subnet/whatever hit, will generate a route... other freerouters could
import this
to feed the local blackhole router process, but, for example you can
advertise these
to your core with a nexthop pointing to null0 interface, protecting the whole
infrastructure...
if that's too hard, freerouter can translate these routes to flowspec rules
with a user
configurable bandwidth, then, your core will rate limit the bad actors
instead of full drop...
btw, all these keep freertr.org up on the internet so you can give it a try:
feel free to
spin up 24 windows with "telnet www.nop.hu 80" then close them and www.nop.hu
will refuse
your connections... moreover dl.nop.hu will also refuse, regardless if you
even not touched
that guy beforehand... after some minutes, both guys will accept your tcp
connections...
br,
cs




On 6/15/22 18:29, Gabriel Tetzner wrote:
Hi Csaba,

I'm Gabriel Tetzner from working with Prometheus, this is a private email
about freeRtr, I have questions regarding something I'm going to do...

I would like to write an article about security in freeRtr, I have an idea in the way of "detection and mitigation of DDOS attacks in freeRtr", I thought of also doing traffic monitoring with Prometheus (it would be a joint work of these tools).

One question I have is about the honeypot server, would it be the same idea
as this one?

https://www.crowdstrike.com/cybersecurity-101/honeypots-in-cybersecurity-explained/#:~:text=A%20honeypot%20is%20a%20cybersecurity,methods%20and%20motivations%20of%20adversaries. <https://www.crowdstrike.com/cybersecurity-101/honeypots-in-cybersecurity-explained/#:~:text=A%20honeypot%20is%20a%20cybersecurity,methods%20and%20motivations%20of%20adversaries.>

It's just that I couldn't find any examples of a honeypot server, so I wanted
to know in more detail...

If it is possible I would also like suggestions on how I could do this
article or maybe tools that could help me in pursuing this task.





Archive powered by MHonArc 2.6.19.

Top of Page