SKIMMERD A Telnet Skimmer client Daemon for Linux and BSD
Glen E. Gardner, Jr.
What is it ?
SKIMMERD is a BSD socket client/daemon which can be used to acquire data from one of the reversebeacon.net telnet skimmers.
How does it work ?
Given the proper command line arguments it will run in the background, connect to a network skimmer and send the data to a plain text file of your choice. It can also provide output to the console so that it can be used as a command line program to monitor skimmer activity.
What operating systems does it run on ?
Skimmerd is written in C, using BSD sockets. It will compile and run on Linux and BSD Unix.
How do I get it?
It is available as a gzipped tar file. Click HERE to download skimmerd.tgz
How do I install it ?
1) Download skimmerd.tgz
2) decompress the archive: tar -xzvf skimmerd.tgz
This will produce a directory named "skimmerd" with three files: README, LICENSE.TXT and skimmerd.c
3) Compile the source code: gcc -o skimmerd skimmerd/skimmerd.c
If you are running it as a user you likely want to put it in the "bin" directory at $HOME/bin/skimmerd
If you wish to install it so that other users can use it you can put it at /usr/bin/skimmerd
How do I use it ?
Skimmerd needs to know the following information;
The hostname of the skimmer that you wish to get data from
The network port to use
The network protocol to use (skimmers only support TCP, so use that)
Your call sign
The name of the log file which you wish to create.
The mode to operate in; "-D" means to run in daemon mode. Skimmerd launches, then spawns a child daemon. The parent process exits, leaving the child daemon to do the job. If the mode is set to anything other than "-D", skimmerd will run as a console mode program.
Data is logged to a file only when in daemon mode.
Data is sent to the console only when in console mode.
An example console mode command line: skimmerd wa8xyz.telnet.reversebeacon.net 7300 TCP AA8C mylog.txt -C
An example daemon mode command line: skimmerd wa8xyz.telnet.reversebeacon.net 7300 TCP AA8C mylog.txt -D
To run one or more skimmerd daemon sessions from /etc/cron.daily;
Create a bash shell script as follows and put it in /etc/cron.daily:
# this script will kill and and restart multiple skimmer sessions once a day
killall -9 skimmerd
/usr/bin/skimmerd w8xyz.telnet.reversebeacon.net 7300 TCP N8XYZ /extra/logs/mylog_1.txt -D
/usr/bin/skimmerd w4zzz.telnet.reversebeacon.net 7300 TCP N8XYZ /extra/logs/mylog_2.txt -D
Caveats, Bugs, etc.
You have to supply a file name for a log file, even in console mode.
If you are using logrotate to manage captured data files you will need to stop skimmerd before rotating the logs, and restart it when done. Otherwise logrotate will decide that the file is locked and fail.
Skimmerd does not interact with the telnet skimmer or the console. To exit console mode press ctrl-c. To stop a skimmerd daemon you can use the commands: kill <pid>, or killall -9 skimmerd.
The skimmer telnet servers tend to "hang" the connection now and then. The cause is unknown, but the "fix" seems to be disconnecting and starting a new session. Skimmerd attempts to detect a bad read of the socket and if there are many consecutive bad socket reads , it will assume the connection is broken and will attempt to reconnect. After a total of ten failed connections, skimmerd will exit. For those who are collecting skimmer data for long periods of time, it may be a good idea to stop and restart skimmerd once in a while to reduce the chance of losing data because the daemon exited due to an excessive number of reconnect attempts after many failed socket read attempts. In practice, some skimmer servers will not keep a connection alive more than an hour, others seem to go for up to 24 hours without a problem.
Technically, skimmerd supports UDP. The skimmers do not and this ability has not been explored or developed in skimmerd.
The code is very old, and is based on software which I wrote many years ago. As a result, there is a lot of functionality present that is not really used. It fills the need for a Linux client/daemon to get data from the telnet skimmers, so it is presented as such, old age, warts, and all, included for free.