-
Notifications
You must be signed in to change notification settings - Fork 9
/
config.ini
184 lines (158 loc) · 4.58 KB
/
config.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
[myConfig]
# to obtain interfaces, open cmd and type: tshark -D (or ./tshark -D)
# if blank the first available interface will be selected as a default
# INTERFACE=
# font size
FONT_SIZE=8
# rule name has to be set to the corresponding language
# run cmd:
# >netsh advfirewall firewall show rule name=all
# check left-side before ----------------------------
RULE_NAME_STR=Rule name
# connection "established" has to be set to the corresponding language
# obtain the text by running cmd and typing:
# netstat -an
# check for "established" connections in column Status
# *** for other languages the text changes, set as it corresponds in your case ***
CONN_ESTABLISHED_STR=ESTABLISHED
# CONN_ESTABLISHED_STR=HERGESTELLT
# run as admin?
# to kill (some) processes or add rules to the Windows firewall..
# when running as Admin we get a CONSOLE
# though we have a very STRANGE BEHAVIOR...we start a complete new instance of the App
# we cannot debug when running as Admin..
RUN_AS_ADMIN=0
# add a new rule in Windows Firewall to block a BAD-IP automatically
# NOTE: if set to True, then RUN_AS_ADMIN shall also be set to True !!!
ADD_FIREWALL_RULE_BLOCK_BAD_IP=0
# shell to file?
SHELL_TO_FILE=1
# if option to ping a specified amount of random IPs is selected:
NR_OF_RANDOM_IPS_TO_PING=10
# check period in seconds
# to check, hosts resolutions, kill IPs and active connections
CHECK_PERIOD_IN_SEC=0.5
# packed visualization of output to terminal
PACKED_OUTPUT=0
# max TX bytes
MAX_TX_KILOBYTES=10000
# local router
# cmd> ipconfig (default gateway)
ROUTER_IP=192.168.178.1
# ROUTER_IP=192.168.178.1
# public IP
# can be found here:
# https://ifconfig.me/ip
# or here:
# https://www.whatismyip.com/
# if defined as empty then it will be determined during execution.
PUBLIC_IP=
# host locations
MY_CITY=Dallas
MY_COUNTRY=US
MY_IP_ADDRESS=ROUTER_IP # will be replaced by resolved "public" IP
MY_LATITUDE=32.8
MY_LONGITUDE=-96.9
MY_REGION=Texas
# map settings
# center in Dallas
MAP_CENTER_LAT=32.8
MAP_CENTER_LON=-96.9
MAP_INFO_LAT=30.0
MAP_INFO_LON=-50.0
# zoom enough to see the whole world in full-screen
MAP_ZOOM=3
# use white list or black list (exclusive alternatives!)
# if False then we'll use the Blacklist
USE_WHITE_LIST=1
# Black List
# see: https://dev.maxmind.com/geoip/legacy/codes/iso3166/
BlackList={
"A1":"Anonymous Proxy",
"A2":"Satellite Provider",
"O1":"Other Country",
"AF":"Afghanistan",
"SY":"Syrian Arab Republic"
}
# EXCLUSIVE White List
# see: https://dev.maxmind.com/geoip/legacy/codes/iso3166/
WhiteList={
"BE":"Belgium",
"CH":"Switzerland",
"DE":"Germany",
"GB":"United Kingdom",
"HK":"Hong Kong",
"IE":"Ireland",
"IT":"Italy",
"JP":"Japan",
"NL":"Netherlands",
"NO":"Norway",
"US":"United States"
}
# EXCLUSIVE White List for NOT killing
# IMPORTANT: check which processes you need to add here
# if processes establish network connections they may be killed
# unless they are inside this list!
WhiteListNotKill=[
"svchost.exe",
"pythonw.exe",
"python.exe",
"thunderbird.exe",
"whosip.exe",
"MsMpEng.exe"
]
# Black List for BAD owner
# Rule: if BlackListOwner AND NOT WhiteListOwner
# WARNING: NOT IDENTIFIED owner names will be marked as BAD!
BlackListOwner=[
"CEDIA",
"Hostway LLC",
"EDIS GmbH",
"EDIS Infrastructure",
"Hosting Services Inc. (dba Midphase)",
"INTERNET-GROUP-DATACENTER"
]
# NON-EXCLUSIVE White List for BAD owner
# Rule: if BlackListOwner AND NOT WhiteListOwner
WhiteListOwner=[
"Microsoft",
"Google",
"Amazon",
"ARIN",
"RiPE",
"LACNIC",
"APNIC",
"AfriNIC",
"Yahoo",
"Facebook",
"Mozilla",
"Thunderbird",
"Akamai",
# "Avira",
"Cloudflare"
]
# Black List for BAD city
BlackListCity=[
"Montreal (Ville-Marie)",
"Damascus"
]
# NON-EXCLUSIVE White List for good city
WhiteListCity=[
"Centreville",
"San Francisco",
"Los Angeles"
]
[tshark]
# Specify the path to the tshark executable.
# If the configured path does not exist, these locations will be searched:
# (Linux): /usr/bin/tshark
# (Linux): /usr/sbin/tshark
# (Linux): /usr/lib/tshark/tshark
# (Linux): /usr/local/bin/tshark
# (Windows): %ProgramFiles%\Wireshark\tshark.exe
# (Windows): %ProgramFiles(x86)%\Wireshark\tshark.exe
# tshark_path = C:\Program Files\Wireshark\tshark.exe
tshark_path = dist\WiresharkPortable\App\Wireshark\tshark.exe
[dumpcap]
# dumpcap_path = C:\Program Files\Wireshark\dumpcap.exe
dumpcap_path = dist\WiresharkPortable\App\Wireshark\dumpcap.exe