Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: very interesting 0day tool... http honeypot in action

From: Michal Zalewski <lcamtuf () bos bindview com>
Date: Wed, 13 Mar 2002 09:54:53 -0500 (EST)
On Tue, 12 Mar 2002, Michal Zalewski wrote:


[...] I couldn't find any references to this tool, or any logs showing
this kind of activity in the past.


...as few people pointed out to me, recently released WHAresenal tool from
www.whitehatsec.com seems to be a good utility of this kind (still lacking
few things and having few bugs, but it seems to be beta), and it is also
very likely to be the base code behind the scan. The attack was performed
using slightly modified tool with a different database of possible
resources to look for. As I expected, there are several other things that
can be done after finishing brute-force test, and looking at this tool
might be pretty interesting.

-- 
_____________________________________________________
Michal Zalewski [lcamtuf () bos bindview com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
          http://lcamtuf.coredump.cx/photo/





----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: