frameloss
frameloss

2 min read - Posted 17 Feb 19

Geth RPC-API Attack Logger

Project Name

Geth RPC-API Attack Logger (graal?)

Project Tagline/Description (140 Characters Max. Will be used on table card for judging)

An Ethereum RPC-API medium-interaction honeypot for gathering attack information.

Team Members.

  • Todd Garrison
  • Marcus Tetreault
  • Cameron Merrick

Status.im ID

Detailed Project Description (no more than 3-4 sentences)

At some point many of us have left an RPC-API port open, perhaps by accident, or just out of curiosity. This is a project to assist in gathering data around what attacks take place when that happens, including the IP addresses involved, and the destination addresses the attackers use.

Describe your tech stack (e.g., protocols, languages, API’s, etc.)

  • Docker is used to start a geth light client, and a custom proxy.
  • The proxy is a simple golang service that provides logging, uses a kvs (bboltdb) to keep a running count of request types, and rewrites a few API calls that attackers find enticing, such as having an unlocked wallet.
  • The logs are intended to be ingested into elasticsearch for more analysis.
  • A simple stats.json file is created by the proxy, with the intent that this could be pushed into s3. This json file drives a (very simple) vue2 dashboard to show information about what IP addresses, what RPC methods, or the destination addresses for attempted outgoing transfers.

Track: Open

No bounties

https://github.com/frameloss/ethdenver2019

Created with Sketch.Content is"CC-BY-SA 4.0" licensed
Article On-chain
Article Author

Todd Garrison

1

0

0

0 Comments
Related Articles
ETH Dev Tools

Project Name ETH Dev Tools Note - we are pursuing work on this project and plan to release something on the Chrome store soon - sign up to be notified when its ready! - https://goo.gl/forms/ueRQA2NKt5c7KeIj1 Project Tagline/Description (140 Characters Max. Will be used on table card for judging) A chrome dev tools plugin with multiple modules to let users monitor and to help smart contract developers debug directly from their dapps. Team Members. First and Last Names Aidan Musnitzky Billy Rennek

Ethereum smart contract data with token/usd prices

Project Name Dune Coincapper Project Tagline/Description (140 Characters Max. Will be used on table card for judging) Real-time decoded Ethereum data you can query with SQL and join with token prices powered by CoinCap to get USD volumes for dApp activity. Team Members. First and Last Names Mats Julian Olsen, Fredrik Haga Status.im ID for Each Team Member (we will use this to contact you and your team) @eeee Fortunate Sociable Grunion (Fredrik’s phone is too old for Status’ app to work) Detailed

hagaetc
Fredrik Haga

17 Feb 19