-
February 7th, 2002, 01:54 AM
#1
cmd.exe LOL
Was looking over our firewall logs today, and on a whim I decided to filter them for cmd.exe and get a rough idea how widespread code red / nimda still are...
We are still seeing 500 plus hits a day with cmd.exe to our webservers from 15 to 20 unique ip addresses.
Only a few of those addresses show up on multiple days...
thought someone might find this interesting.
IchNiSan
-
February 7th, 2002, 01:58 AM
#2
You should run a tarpit or honeynet. It actually reduces the bandwidth caused by worm infestations by up to 80%. It's actually really simple to set up and administer. You can also set it up a web page and post your "guests" there. I like that part.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
-
February 7th, 2002, 05:27 PM
#3
Well most days I see mstream master and tcp overlap besides all the rest. Actually some moron is running qmail .....
Trappedagainbyperfectlogic.
-
February 7th, 2002, 06:16 PM
#4
KorpDeath is right...
I don't know if this was already posted once...
http://www.hackbusters.net/ is the homepage of Labrea (tarpit)
see their logs for yourself... http://www.hackbusters.net/cgi-bin/guests_pt1
and their viplist http://www.hackbusters.net/cgi-bin/guests_pt2
the program they offer runs on *nix and winnt...
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !
-
February 7th, 2002, 06:42 PM
#5
Just to add the the_JinX's comments. It's the best tarpit program I've tested. I could only find two other products and they aren't worth mentioning.
It's gret for the enterprise to run a tarpit because it also identifies mis-configured services when it tarpits the connection. we found some mis-configured Vital Agents the first hour we ran the 'crapper' (the name of the tarpit box).
So now we just tell people they are in the crapper if they get tarpitted..
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
-
February 8th, 2002, 01:04 AM
#6
I'll have to try that tarpit out.
I saw it a while back, and actually checked it out on their site, but I just didnt have a chance to do anything about it.
thanks,
Ich
-
February 8th, 2002, 05:11 AM
#7
IchNiSan, did you check any of the ips out to see if they were web sites, or just the result of iis being turned on by default on win2k computers?
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|