Security Incidents mailing list archives
Re: very interesting 0day tool... http honeypot in action
From: Michal Zalewski <lcamtuf () bos bindview com>
Date: Wed, 13 Mar 2002 09:54:53 -0500 (EST)
On Tue, 12 Mar 2002, Michal Zalewski wrote:
[...] I couldn't find any references to this tool, or any logs showing this kind of activity in the past.
...as few people pointed out to me, recently released WHAresenal tool from www.whitehatsec.com seems to be a good utility of this kind (still lacking few things and having few bugs, but it seems to be beta), and it is also very likely to be the base code behind the scan. The attack was performed using slightly modified tool with a different database of possible resources to look for. As I expected, there are several other things that can be done after finishing brute-force test, and looking at this tool might be pretty interesting. -- _____________________________________________________ Michal Zalewski [lcamtuf () bos bindview com] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-= http://lcamtuf.coredump.cx/photo/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- very interesting 0day tool... http honeypot in action Michal Zalewski (Mar 12)
- Re: very interesting 0day tool... http honeypot in action zeno (Mar 12)
- Re: very interesting 0day tool... http honeypot in action Michal Zalewski (Mar 13)