Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
github.com/hashicorp/go-sockaddr
sockaddr
LibrarySocket address convenience functions for Go. go-sockaddr
is a convenience
library that makes doing the right thing with IP addresses easy. go-sockaddr
is loosely modeled after the UNIX sockaddr_t
and creates a union of the family
of sockaddr_t
types (see below for an ascii diagram). Library documentation
is available
at
https://godoc.org/github.com/hashicorp/go-sockaddr.
The primary intent of the library was to make it possible to define heuristics
for selecting the correct IP addresses when a configuration is evaluated at
runtime. See
the
docs,
template
package,
tests,
and
CLI utility
for details and hints as to how to use this library.
For example, with this library it is possible to find an IP address that:
GetDefaultInterfaces()
)IfByNetwork()
)IfByRFC("1918")
)OrderedIfAddrBy(args)
where
args
includes, but is not limited
to,
AscIfType
,
AscNetworkSize
)IfByType("^(IPv4)$")
)/32
(IfByMaskSize(32)
)down
interface
(ExcludeIfs("flags", "down")
)SortIfByType()
+
ReverseIfAddrs()
); andIfByRFC("6890")
)Or any combination or variation therein.
There are also a few simple helper functions such as GetPublicIP
and
GetPrivateIP
which both return strings and select the first public or private
IP address on the default interface, respectively. Similarly, there is also a
helper function called GetInterfaceIP
which returns the first usable IP
address on the named interface.
sockaddr
CLIGiven the possible complexity of the sockaddr
library, there is a CLI utility
that accompanies the library, also
called
sockaddr
.
The
sockaddr
utility exposes nearly all of the functionality of the library and can be used
either as an administrative tool or testing tool. To install
the
sockaddr
,
run:
$ go install github.com/hashicorp/go-sockaddr/cmd/sockaddr@latest
If you're familiar with UNIX's sockaddr
struct's, the following diagram
mapping the C sockaddr
(top) to go-sockaddr
structs (bottom) and
interfaces will be helpful:
+-------------------------------------------------------+
| |
| sockaddr |
| SockAddr |
| |
| +--------------+ +----------------------------------+ |
| | sockaddr_un | | | |
| | SockAddrUnix | | sockaddr_in{,6} | |
| +--------------+ | IPAddr | |
| | | |
| | +-------------+ +--------------+ | |
| | | sockaddr_in | | sockaddr_in6 | | |
| | | IPv4Addr | | IPv6Addr | | |
| | +-------------+ +--------------+ | |
| | | |
| +----------------------------------+ |
| |
+-------------------------------------------------------+
There were many subtle inspirations that led to this design, but the most direct
inspiration for the filtering syntax was
OpenBSD's
pf.conf(5)
firewall
syntax that lets you select the first IP address on a given named interface.
The original problem stemmed from:
Instead we needed some way to codify a heuristic that would correctly select the right IP address but the input parameters were not known when the image was created.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.