Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update README.md for ants-watch #20

Merged
merged 5 commits into from
Nov 21, 2024
Merged

Update README.md for ants-watch #20

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
82d3b87
Update README.md
yiannisbot Nov 21, 2024
fdb4be0
Update README.md
yiannisbot Nov 21, 2024
9bb707c
Update README.md
yiannisbot Nov 21, 2024
c884d26
Update README.md
yiannisbot Nov 21, 2024
1170223
Update README.md
yiannisbot Nov 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,17 @@ Authors: [guillaumemichel](https://github.com/guillaumemichel), [kasteph](https:

## Overview

* `ants-watch` is a DHT honeypot monitoring tool, logging the activity of all DHT nodes.
* It spawns `ants` at targeted locations in the keyspace to _occupy_ and _watch_ the full keyspace.
* `ants-watch` is a DHT honeypot monitoring tool, logging the activity of all nodes in a DHT network.
guillaumemichel marked this conversation as resolved.
Show resolved Hide resolved
* An `ant` is a lightweight [libp2p DHT node](https://github.com/libp2p/go-libp2p-kad-dht), participating in the DHT network, and logging incoming requests.
* `ants` participate in the DHT network as DHT server nodes. `ants` need to be dialable by other nodes in the network. Hence, `ants-watch` must run on a public IP address either with port forwarding properly configured (including local and gateway firewalls) or UPnP enabled.
* The tool releases `ants` (i.e., spawns new `ant` nodes) at targeted locations in the keyspace in order to _occupy_ and _watch_ the full keyspace.
* The tool's logic is based on the fact that peer routing requests are distributed to `k` closest nodes in the keyspace and routing table updates by DHT client (and server) nodes need to find the `k` closest DHT server peers to themselves. Therefore, placing approximately 1 `ant` node every `k` DHT server nodes can capture all DHT client nodes over time.
* The routing table update process varies across implementations, but is by default set to 10 mins in the go-libp2p implementation. This means that `ants` will record the existence of DHT client nodes approximately every 10 mins (or whatever the routing table update interval is).
* Depending on the network size, the number of `ants` as well as their location in the keyspace is adjusted automatically.
* Network size and peers distribution is obtained by querying an external [Nebula database](https://github.com/dennis-tra/nebula).
* All `ants` run from within the same process, sharing the same DHT records.
* The `ant queen` is responsible for spawning and monitoring the ants as well as gathering their logs and persisting them to a central database.
* The `ant queen` is responsible for spawning, adjusting the number and monitoring the ants as well as gathering their logs and persisting them to a central database.
* `ants-watch` does not operate like a crawler, where after one run the number of DHT client nodes is captured. `ants-watch` logs all received DHT requests and therefore, it must run continuously to provide the number of DHT client nodes over time.

### Supported networks

Expand Down
Loading