Need help with antissh?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

kaniini
125 Stars 18 Forks Other 88 Commits 6 Opened issues

Description

An IRC bot which monitors for compromised embedded devices being used as proxies.

Services available

!
?

Need anything else?

Contributors list

# 120,721
ircd
sasl
specifi...
Vue.js
20 commits
# 294,177
Shell
encrypt...
C++
Ansible
12 commits
# 66,712
bittorr...
id3v2
tacotro...
tensorf...
7 commits
# 703,584
Python
5 commits
# 246,714
Shell
tor
rust-la...
q
5 commits
# 152,943
python-...
ircd
faceboo...
Twitch
4 commits
# 594,271
C
irc
C++
Shell
3 commits
# 727,362
C
irc
C++
Shell
3 commits
# 15,426
Go
Shell
Kuberne...
cluster...
1 commit
# 772,768
Python
1 commit

antissh

An IRC bot which monitors for compromised embedded devices being used as proxies.

background

In 2018, there was a resurgence of IRC spam attacks that were undetected by traditional proxy scanning methods. This is because the attackers were using vulnerable SSH daemons running on routers, IPMI devices and other embedded devices to proxy the connections, using the

direct-tcpip
subsystem.

antissh
is a bot which scans incoming IRC connections for this vulnerability, and bans hosts which have it from your network, similar to how HOPM does this for normal proxies.

antissh
is sufficiently capable of stopping the IRC spam bots that they IRC spam bots, themselves, have been advertising it, in an attempt to prolong the life of their 'botnet.'

usage

$ pip3 install -r requirements.txt
$ cp antissh.conf.example antissh.conf
$ vi antissh.conf
$ python3.6 antissh.py antissh.conf

You should probably use this under a supervisor such as OpenRC's supervise-daemon(8), systemd, s6, runit, etc.

known issues

asyncssh
is kind of slow, would be nice to write an implementation of this bot in C, Go, Elixir or something faster. But, I will leave that to somebody else.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.