Releases: telekom-security/t-pot-attack-map
T-Pot Attack Map 2.1.0
DataServer:
- Introduce simple text output of attacks if ENV TPOT_ATTACKMAP_TEXT is set to ENABLED with timestamps shown in local time instead of UTC
- More meaningful error messages if Redis or Elasticsearch are unavailable
AttackMapServer:
- More meaningful error messages if Redis is unavailable
- Improve status notifications for websockets
map.js:
- Restrict Min / Max Zoom levels to reasonable bounds
- Introduce zoomSnap / zoomDelta options for better zoom control
- Reduce circleCount to reasonable 100
- Use Luxon to re-calculate UTC events to browser timezone and display events accordingly
- Handle connection errors gracefully and with reconnection attempts to ensure service
- Indicate online / offline status through honeypotStatsHeader
Credits:
Shoutout to @kawaiipantsu who inspired some of the changes with his fork tpotce-fullscreen-attackmap.
Contributors
Assets 2
T-Pot Attack Map 2.0.1
Changelog:
- Return port no. instead of "OTHER" if unknown
- Rename some headings
Full Changelog: 2.0.0...2.0.1
T-Pot Attack Map 2.0.0
Changelog:
- Remove Mapbox and replace entirely with Leaflet and OpenStreetMap / CARTO
- Reorder CSS / JS sources and provide integrity check for all sources
- Update Leaflet to v1.9.3
- Finetune index.css for attribution and z-index adjustment to avoid map being in the foreground
- Upgrade D3 to v7
- Request some more fields to display with circles and markers
- Finetune the animations to reduce stuttering in some browsers
- Remove unused files
- Add popups for circles and markers to display some basic info for the T-Pots and sources
- Adjust CSS for popup properties
- Fix some typos
- Fiddling with Promise.all
- Finetuning marker / circle popups
- Tweaking
Full Changelog: 1.2.0...2.0.0
T-Pot Attack Map 1.2.0
Changelog:
- Fix color for SIP service
- Represent destinations / T-Pots with map markers instead of a circle
- Control number of map markers and circles by using objects
Full Changelog: 1.1.2...1.2.0
T-Pot Attack Map 1.1.2
T-Pot Attack Map 1.1.1
Changelog:
- Add Flagpack: Some flags were missing or not shown correctly. Flagpack now unifies all the flags with identical dimensions.
- Tweaking: Reverted some optimizations which resulted in slow response if browser tab was in the background for too long.
- Attribution: The attribution for Mapbox and OpenStreetMap disappeared, adding
leaflet-control-attributionto prevent this from recurring.
Full Changelog: 1.1.0...1.1.1
T-Pot Attack Map 1.1.0
Changelog:
- Add T-Pot Honeypots Stats Bar on top, containing events for last 1m, 1h and 24h incl. adjustments for DataServer and AttackMapServer to properly get the data from ES and push it to redis
- Adjust position of the Leaflet Zoom buttons
- Adjust position of the bottom dashboard and rename some headers
- Add flag for a Norwegian island which was not displayed correctly
- Tweak code for better performance
Fix high CPU usage
Fixes #3
Security Fix
Remove redis pinning to avoid CVE.
T-Pot GeoIP Attack Map
T-Pot Attack Map
This fork of the GeoIP Attack Map was adjusted for T-Pot, also introducing new features (i.e. dynamic destination IPs to represent T-Pots), better performance for the Attack Map Server by using aiohttp, asyncio and aioredis and, where possible, serving the dependencies locally instead from different CDNs.
T-Pot Attack Map Visualization
This geoip attack map visualizer was forked and adjusted to display T-Pot Honeypot events in real time. The data server connects to elasticsearch, parses out source IP, destination IP, source port, destination port, timestamp and honeypot type. Protocols are determined via common ports, and the visualizations vary in color based on protocol type while keeping stats regarding top source IPs and countries.
Credits
The original attack map was created by Matthew Clark May.
First T-Pot based fork was released by Eddie4.