Enable a host, the entire subnet, or mix of hosts and subnets to respond to incoming packets sent to darknet telescope
- ICMP and ICMPv6 Echo requests -> Echo reply
- TCP SYN -> Complete TCP three-way handshake
- DNS Query -> DNS SERVFAIL
- NTP -> NTP KoD (DENY)
Twinklenet requires GO version 1.21.0+ to run.
- Install the latest version of go
Clone this repo and build twinkleserver binary.
cd ~/go/src/CAIDA/twinklenet/cmd
go build -o twinkleserver twinkleserver.go
sudo mkdir -p /usr/local/twinkleserver/
sudo mv twinkleserver /usr/local/twinkleserver/Install systemd.service
sudo cp twinklenet.service /etc/systemd/system/Twinklenet server's configuration file is written in YAML format.
<Service Name>:
type: <icmpalias|tcpserver|dnspot|ntppot>
ingressinf: <interface for incoming packets>
egressinf: <interface for response packets>
egressgw: <MAC address of IP gateway of egress interface, optional>
protofilter: <a bpf filter to screen out packets>
prefix: <comma seperated lists of hosts or/and subnets>
log: <directory for log files>
pcap: <directory for pcap files>Example:
ICMPAliasServer:
type: icmpalias
ingressinf: enp4s0
egressinf: enp4s0
egressgw: aa:bb:cc:11:22:33
protofilter: icmp6
prefix: 1234:1:2:3:4:5:1234:abcd/128,1234:f:2:3::/64
log: icmplog
pcap: icmppcapSave config file config.yaml to /usr/local/twinklenet/config.yaml
Start the service
sudo systemctl start twinklenetStop the service
sudo systemctl stop twinklenetCheck debug output
sudo systemctl status twinklenet