Geth RPC-API Attack Logger - Kauri
Write Article
Create Collection
Import from medium
Sign in
POSTED 17 Feb 2019 15:31

Geth RPC-API Attack Logger

Todd Garrison

Project Name

Geth RPC-API Attack Logger (graal?)

Project Tagline/Description (140 Characters Max. Will be used on table card for judging)

An Ethereum RPC-API medium-interaction honeypot for gathering attack information.

Team Members.

  • Todd Garrison
  • Marcus Tetreault
  • Cameron Merrick ID

Detailed Project Description (no more than 3-4 sentences)

At some point many of us have left an RPC-API port open, perhaps by accident, or just out of curiosity. This is a project to assist in gathering data around what attacks take place when that happens, including the IP addresses involved, and the destination addresses the attackers use.

Describe your tech stack (e.g., protocols, languages, API’s, etc.)

  • Docker is used to start a geth light client, and a custom proxy.
  • The proxy is a simple golang service that provides logging, uses a kvs (bboltdb) to keep a running count of request types, and rewrites a few API calls that attackers find enticing, such as having an unlocked wallet.
  • The logs are intended to be ingested into elasticsearch for more analysis.
  • A simple stats.json file is created by the proxy, with the intent that this could be pushed into s3. This json file drives a (very simple) vue2 dashboard to show information about what IP addresses, what RPC methods, or the destination addresses for attempted outgoing transfers.

Track: Open

No bounties

A link to all your source code on a public repo (i.e. Github)