nothink.org

Attacks in the last week
Here you can find some informations about "malwares IRC/DNS network activity". You can download a "TOTAL CSV FILE" (md5, file size, anubis results, dns query, irc server, irc server asn, irc server asn_org, irc server geo, irc nickname, irc username, irc password, irc channel, irc topic) : hash.csv.

Here you can find some malwares collected by my ADSL homed honeypots (Amun/Nepenthes) and comparison between several free Antivirus scanners.\n Write me if you want a copy of binaries. Some sandbox for malware analysis : CWSandbox, Norman, Anubis, ThereatExpert, Joebox.

Here you can find some statistics about "remote file inclusion attacks", collected parsing web log files.

Writings

Hardening OpenBSD: situazioni reali - Lab, Smau 05 in Milano on 22 October 2005;
Systrace: sicurezza alla base, a basic introduction to Systrace;

Metasploit modules

awstats_configdir_exec, AWStats configdir Remote Command Execution;
frontpage, display version information about FPSE;
frontpage_login, queries the FrontPage Server Extensions and determines whether anonymous access is allowed;
phpnuke_search_module, PHPNuke Search Module SQL Injection Vulnerability;
sphpblog_file_upload, Simple PHP Blog remote command execution;
snmp_enum, enumerate information from SNMP enabled devices; Net::SNMP perl module is required;
tikiwiki_information_disclosure, Tikiwiki information disclosure;
tikiwiki_remote_exec, Tikiwiki remote command execution;
file_disclosure, Webmin file disclosure;

Perl scripts

googlegath, simple Google-Search to gathering site/domain informations;
gpsdriveToGoogleEarth, extract data from gpsdrive db and build a "kml" file for Google Earth (example, example);
nmapdb, script to insert nmap results into a MySQL database (create_nmapdb);
snmpcheck, useful to get information via SNMP protocols for Windows, Linux, Cisco and other platforms...

Perl modules

Mail::Maps::Lookup, query the MAPS lookup service via DNS;
Mail::OpenRelay::Simple, check if a mail server runs as an open relay;
Net::DNS::Version, grab DNS server version;
Net::IP::Extract, extract Ip Address from a document;
Net::Netcraft::Query, query the Netcraft webserver search;
Net::Netstat::Wrapper, Perl module for getting the current tcp open ports;
Net::Scan::Fork, a simple way to manage fork processess;
Net::Scan::Ftp::Anonymous, scan for anonymous read/write access FTP servers;
Net::Scan::HTTP::Server::Directory, scan for directory on a web server;
Net::Scan::HTTP::Server::Methods, retrieve allowed http methods;
Net::Scan::HTTP::Server::Version, grab HTTP server version;
Net::Scan::SMTP::Banner, scan for banner message from a SMTP server;
Net::Scan::SNMP, scan devices to verify SNMP community;
Net::Scan::SSH::Server::Version, grab SSH server version;

Wireless

WL-172, Sitecom WL-172 on Ubuntu 7.10;
wardriving, my wardriving stuff;

Miscellaneous

Linkedin.com, my LinkedIn profile;
Flickr.com, my photos repository;

This page were 100% AUTO-GENERATED via customize Perl scripts.

The data on this website is provided for research purposes only. It is provided for your personal use only and is supplied AS IS WITHOUT WARRANTY OF ANY KIND. Use or reliance on this data is at your own risk.

Matteo Cantoni, matteo.cantoni@nothink.org


amicidiluca.com

ADSL homed honeypot summary report

last update 2008-05-08 (packets statistics)

Total attacks (last 24 hours) : 330

Top 5 source attackers (last 24 hours)
#ip addresscountryflag
2479.11.148.225itit flag
2079.11.148.49itit flag
2079.11.111.165itit flag
1879.11.201.222itit flag
1579.11.78.145itit flag

Top 5 destination ports (last 24 hours)
#portdshield link
191135dshield port details
138445dshield port details
12967dshield port details

Top 5 vulnerabilities (last 24 hours)
#vulnerability
191dcom
118asn1
20pnp
1symantec

Top 5 urls (last 24 hours)
#url
18bind://hidden ip:3725/
12ftp://1:1@0.0.0.0:19580/atixdrivx.exe
12ftp://1:1@79.11.148.49:42742/fada.exe
11bind://hidden ip:2266/
10ftp://1:1@0.0.0.0:47062/avvg.exe

Top attackers coutries (month) : 3641
#countryflag
2526itit flag
27dede flag
15sese flag
11arar flag
9roro flag
8ruru flag
6frfr flag
5usus flag
5gbgb flag
4cncn flag
4eses flag
4plpl flag
3jpjp flag
1unkunk flag
1trtr flag
1atat flag
1twtw flag
1mkmk flag
1nlnl flag
1phph flag