Random message delay? #71
Comments
Open
rarescosma
added a commit
to rarescosma/endlessh-go
that referenced
this issue
May 9, 2024
Adds a new argument called 'interval_jitter', expressed as a percentage number (range 0-100) that has the following effects: If 0 => no effect. If >0 => choose a random integer in the [-(interval * jitter / 100), +(interval * jitter / 100)] range and add use it as an offset for the sleep interval. So for example, if our interval is 1000ms and we pick interval_jitter=20, then the sleep values will be in the range [800ms, 1200ms] This has been a requested feature in the original implementation, and is useful to twarth SSH scanners that have tarpit-detecting logic. Link: skeeto/endlessh#71
rarescosma
added a commit
to rarescosma/endlessh-go
that referenced
this issue
May 9, 2024
Adds a new argument called 'interval_jitter', expressed as a percentage number (range 0-100) that has the following effects: If 0 => no effect. If >0 => choose a random integer in the [-(interval * jitter / 100), +(interval * jitter / 100)] range and add use it as an offset for the sleep interval. So for example, if our interval is 1000ms and we pick interval_jitter=20, then the sleep values will be in the range [800ms, 1200ms] This has been a requested feature in the original implementation, and is useful to twarth SSH scanners that have tarpit-detecting logic. Link: skeeto/endlessh#71
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi @skeeto, I've noticed that many ssh-bots have figured out that Endlessh is at play on my honeypot. b/c client disconnect happens at almost exactly double the message delay (I have of course increased delay time but the behavior remains). Any way to randomize message delay (fx MaxDelay)?
current behavior examples: delay@10000 = disconnect@20.022 | delay@12543 = disconnect@25.106
The text was updated successfully, but these errors were encountered: