50.000 complaints
by scooba on Oct.15, 2009, under Honeypots
Whow.. I finally crossed the 50.000 complaints line. I got about 18.600 replies to
my complaints; either being autoreplies by abuse departments, activity statements of the
providers or “over quota” or similar bounce messages from abuse-mailboxes.
I hope that this service does something good.
20.000 complaints
by scooba on Aug.19, 2009, under Honeypots
Since the beginning of sending automated complaints due to attacks of my honeypot the system now has send out more than 20.000 emails. Some positive reactions have reached me, so I hope that this service is somewhat helpful. Funny are the bounces from the not reachable abuse-addresses .. will put them on a different page soon.
honeypot now complaints actively
by scooba on Jul.14, 2009, under Uncategorized
I started the honeypot-complaint service – now every attck is reported to the appropriate email-address. This was kind of tricky, since the abusix-database does not match every time. I added a whois-query and grep in the output, too..
Milw0rm down
by scooba on Jul.08, 2009, under Uncategorized
The exploit-portal Mil0rm has stopped.
Too many exploits and not enough time to verify them are the reasons.
Bad news..
Legato Networker: dynamic directory listing
by scooba on Jul.07, 2009, under Uncategorized
You use Legato Networker and your directory-path are changing quite often? You want wo
parallelize your SaveSets? Here is how I do it:
on the backup server:
* enter “savepnpc” in the clients backup command.
* create 2 groups with this client starting shortly one after the other
on the client:
* in the /nsr/res directory create 2 file named <groupname1>.res and <groupname2>.res
group1 (which runs first) contains:
type: savepnpc;
precmd: "/usr/local/sbin/nsrupdate";
group2 contains:
----------------------------------
type: savepnpc;
precmd: "/usr/local/sbin/nsrupdate";
pstcmd: "/usr/local/sbin/nsrpostupdate";
The file nsrupdate reads the dir-listing and changes networker via nsradmin;
in the second group this saveset is then used and afterwards changed to something
small, which will be modified again in the the next run..
------------------------------
#!/usr/bin/expect
# erstelle Directory-Listing:
set var [glob -nocomplain -types d /backup_dir/*]
# trenne Dateien mit kommas
foreach f [lsort $var] {
set g $f,
append dir $g
append dir " "
}
# Kontrolle?
#puts $dir
#
# entferne Lerrezeichen Komma vom letzten Dir-Eintrag
set dir [string trim $dir ]
set dir [string trim $dir ,]
# starte das backup-administrationsprogramm
spawn /usr/sbin/nsradmin -s backupserver
expect "nsradmin>"
send ". type : NSR client;name:dummy\r"
expect "nsradmin>"
send "update save set: $dir\r"
expect "Update?"
send "Y\r"
expect "updated resource"
send "quit\r"
exit 0
------------------------------
------------------------------
#!/usr/bin/expect
# starte das backup-administrationsprogramm
spawn /usr/sbin/nsradmin -s backupserver
expect "nsradmin>"
send ". type : NSR client;name:dummy\r"
expect "nsradmin>"
send "update save set: /tmp/y\r"
expect "Update?"
send "Y\r"
expect "updated resource"
send "quit\r"
exit 0
---------------------------------
nice Stop – Sign
by scooba on Jul.04, 2009, under Uncategorized
looks like CDU has been hacked : http://www.cdu-bundestag.de/
shows a nice Stop-Sign 
Actually, it isn’t hacked: cdu-bundestag.de (same as spd-bundestag.de) is a hoax;
it never belonged to the party.
New Honeypot
by scooba on Jun.16, 2009, under Honeypots
The nepenthes-teammembers have been busy working on a new (low interaction) honeypot.
The name dionaea is taken from another carnivore. Here is the link to the project-homepage. Sounds interesting, since it is written in C with python-modules attached.
FTC shuts down pricewert
by scooba on Jun.05, 2009, under Uncategorized
The FTC shuts down a rogue Provider known for hosting phishing and malware sites.
Good Job! Story
torpig powned
by scooba on May.05, 2009, under botnet
According to a recent article on Heise some scientists have
taken over the torpig-botnet for 10 days. The original article an
be found here.
Elvis still alive!
by scooba on Apr.22, 2009, under Uncategorized
Elvis has an E-Passport Look at the video at
the thc epassport page.