-
Notifications
You must be signed in to change notification settings - Fork 286
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Random message delay? #71
Comments
Open
rarescosma
added a commit
to rarescosma/endlessh-go
that referenced
this issue
May 9, 2024
Adds a new argument called 'interval_jitter', expressed as a percentage number (range 0-100) that has the following effects: If 0 => no effect. If >0 => choose a random integer in the [-(interval * jitter / 100), +(interval * jitter / 100)] range and add use it as an offset for the sleep interval. So for example, if our interval is 1000ms and we pick interval_jitter=20, then the sleep values will be in the range [800ms, 1200ms] This has been a requested feature in the original implementation, and is useful to twarth SSH scanners that have tarpit-detecting logic. Link: skeeto/endlessh#71
rarescosma
added a commit
to rarescosma/endlessh-go
that referenced
this issue
May 9, 2024
Adds a new argument called 'interval_jitter', expressed as a percentage number (range 0-100) that has the following effects: If 0 => no effect. If >0 => choose a random integer in the [-(interval * jitter / 100), +(interval * jitter / 100)] range and add use it as an offset for the sleep interval. So for example, if our interval is 1000ms and we pick interval_jitter=20, then the sleep values will be in the range [800ms, 1200ms] This has been a requested feature in the original implementation, and is useful to twarth SSH scanners that have tarpit-detecting logic. Link: skeeto/endlessh#71
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi @skeeto, I've noticed that many ssh-bots have figured out that Endlessh is at play on my honeypot. b/c client disconnect happens at almost exactly double the message delay (I have of course increased delay time but the behavior remains). Any way to randomize message delay (fx MaxDelay)?
current behavior examples: delay@10000 = [email protected] | delay@12543 = [email protected]
The text was updated successfully, but these errors were encountered: