lightweight HTTP sink using socat

Quick n’ dirty way to run a HTTP sink (on a server that isn’t supposed to have a HTTP server running) to catch bots scanning all machines across your network.

socat -T 1 -d -d tcp-l:80,bind=192.168.200.115,reuseaddr,fork,su=nobody,crlf system:”echo -e \”\\\”HTTP/1.0 200 OK\\\nDocumentType: text/html\\\n\\\n<html>date: \$\(date\)<br>server:\$SOCAT_SOCKADDR:\$SOCAT_SOCKPORT<br>client: \$SOCAT_PEERADDR:\$SOCAT_PEERPORT\\\n<pre>\\\”\”; cat; echo -e \”\\\”\\\n</pre></html>\\\”\”” 2>&1 | grep connection
2015/03/30 21:11:23 socat[12223] N accepting connection from AF=2 192.168.200.100:65477 on AF=2 192.168.200.115:80

Leave it up and running to quickly identify and process bot IP addresses that should be blocked.  Modify port as needed for other services the bots are trying to find.

This entry was posted in Networking. Bookmark the permalink.