DJUGL June 2013

6db32988bd24b2f19231a7e88a74455a?s=47 Kura
July 17, 2013

DJUGL June 2013

6db32988bd24b2f19231a7e88a74455a?s=128

Kura

July 17, 2013
Tweet

Transcript

  1. Blackhole Kura | @kuramanga Yes, this presentation is deliberately digusting

    and brown. I am shit at making slides.
  2. What is Blackhole? • An async “fake” MTA • Built

    on the Tornado framework • Low disk I/O (high disk I/O with debug flag enabled)
  3. Uhh... Why? • Speed testing • Integration testing • Oh

    shit I need to test on a copy of live data but can't anonymise user content and don't want to accidentally send emails to users • Honey pot (Nectar suite)
  4. Using Blackhole • Using blackhole.io service via raw SMTP or

    sending an email to <name>@blackhole.io • Running your own blackhole server just like you would Postfix, Exim etc
  5. Here be dragons (the debug flag is dangerous)

  6. [08A6002A19] RECV: EHLO [hel.kura.io] [08A6002A19] SEND: 250-2.5.0 OK, done [08A6002A19]

    SEND: 250-SIZE 512000 … [08A6002A19] RECV: MAIL FROM:<kura@kura.io> size=64 [08A6002A19] SEND: 250 2.5.0 OK, done [08A6002A19] RECV: RCPT TO:<wtf@kura.io> [08A6002A19] SEND: 250 2.5.0 OK, done [08A6002A19] RECV: DATA [08A6002A19] SEND: 354 3.5.4 Start mail input; end with <CRLF>.<CRLF> [08A6002A19] RECV: From: <kura@kura.io> [08A6002A19] RECV: To: <wtf@kura.io> [08A6002A19] RECV: Subject: Test [08A6002A19] RECV: [08A6002A19] RECV: gwergerg [08A6002A19] RECV: . [08A6002A19] SEND: 251 2.5.0 OK, done [08A6002A19] RECV: QUIT [08A6002A19] SEND: 221 2.2.1 Thank you for speaking to me
  7. PyPy • Works well with PyPy 1.9 and 2.0 •

    Performance improvements of blackhole.io of 1000% over time • Caveat: a bug somewhere that causes the process to crash on PyPy 2.0 when daemonizing... Works if daemon.start() is disabled. No clue why, need to fix.
  8. Nectar (dev/planned) • Honey pot suite, split in to 5

    components • Nectar-MTA – based on Blackhole, logs all incoming/outgoing connections + data • Nectar-SSH – Kippo-like SSH honeypot, brute force logging, fake Linux environment, shell logging • Nectar-Web – Web honeypot, exposes XSS and SQL injection vulns, logs all requests and exploit attempts • Nectar-GUI – web-based GUI for viewing and graphing data
  9. [Taylor Placeholder]

  10. [Taylor Placeholder]

  11. [Taylor Placeholder]

  12. Questions

  13. Linkies • http://blackhole.io • https://github.com/kura/blackhole • http://nectar.blackhole.io • @kuramanga •

    http://git.io/kura • kura@kura.io
  14. fin