Artillery 0.2 Alpha has been released!

secmaniac

I’ve been busy at work on this one. Artillery 0.2 Alpha has been released. This begins to add basic support for Windows. What currently works right now in Windows is the creation of fake ports. Banning works only for Windows Vista and Windows 7 for right now. You need Python 2.6+ installed on the Windows machine in order to install it and you need to ensure its always running. I’m working on the service right now so that it starts up everytime Windows does however its slated for 0.2.2. I’m also working on 0.3 which will add agent/server support so that you can deploy Artillery to multiple systems and have it correlate back. In addition to this version, there is multiple additions and bug fixes incorporated into this release including some basic anti-dos prevention. I’ve also added it so new IPCHAINS are created called ARTILLERY versus clogging up INPUT.

~~~~~~~~~~~~~~~~~~~~~~
version 0.2 alpha
~~~~~~~~~~~~~~~~~~~~~

* added a check to see if we are running on windows or linux
* added a new anti-dos protection for linux, it will check connections and limit based on how many are connecting, you will probably want to adjust this per server
* changed honeypot ban method to src.core through ban(ip) versus standalone call for iptables
* changed iptable chains to be ARTILLERY versus piggy backing INPUT, much cleaner to view
* fixed a bug that would cause duplicate entries into iptables and in banlist.txt
* added functionality to support blacklisting via redirection routes on windows machines.. may have better alternatives but this works for now
* added a ip check routine for when banning IP addresses, ensures sanitization if something crazy is inserted instead of an IP address
* converted all core.py modules to be windows compliant
* converted all of honeypot.py modules to be windows compliant
* converted all of the monitor.py modules, this will only work for linux until I rewrite the module to support difflib versus the actual application diff
* converted all of the ssh_brute.py modules to be windows compliant.. this will be linux only since nix is primarily used for SSH
* converted all of the harden.py modules to be windows compliant.. this will be linux only since nix is primarily checked. Will expand later on others
* fixed a bug that would not properly monitor the overall database for monitored files (thanks Pier)

David Kennedy

Author: David Kennedy

Security expert, keynote speaker, avid gamer and the go-to for protecting companies from threats.