nothink.org

Attacks in the last week
Here you can find some informations about "malwares IRC/DNS network activity". You can download a "TOTAL CSV FILE" (md5, file size, anubis results, dns query, irc server, irc server asn, irc server asn_org, irc server geo, irc nickname, irc username, irc password, irc channel, irc topic) : hash.csv.

Here you can find some malwares collected by my ADSL homed honeypots (Amun/Nepenthes) and comparison between several free Antivirus scanners.\n Write me if you want a copy of binaries. Some sandbox for malware analysis : CWSandbox, Norman, Anubis, ThereatExpert, Joebox.

Here you can find some statistics about "remote file inclusion attacks", collected parsing web log files.

Writings

Hardening OpenBSD: situazioni reali - Lab, Smau 05 in Milano on 22 October 2005;
Systrace: sicurezza alla base, a basic introduction to Systrace;

Metasploit modules

awstats_configdir_exec, AWStats configdir Remote Command Execution;
frontpage, display version information about FPSE;
frontpage_login, queries the FrontPage Server Extensions and determines whether anonymous access is allowed;
phpnuke_search_module, PHPNuke Search Module SQL Injection Vulnerability;
sphpblog_file_upload, Simple PHP Blog remote command execution;
snmp_enum, enumerate information from SNMP enabled devices; Net::SNMP perl module is required;
tikiwiki_information_disclosure, Tikiwiki information disclosure;
tikiwiki_remote_exec, Tikiwiki remote command execution;
file_disclosure, Webmin file disclosure;

Perl scripts

googlegath, simple Google-Search to gathering site/domain informations;
gpsdriveToGoogleEarth, extract data from gpsdrive db and build a "kml" file for Google Earth (example, example);
nmapdb, script to insert nmap results into a MySQL database (create_nmapdb);
snmpcheck, useful to get information via SNMP protocols for Windows, Linux, Cisco and other platforms...

Perl modules

Mail::Maps::Lookup, query the MAPS lookup service via DNS;
Mail::OpenRelay::Simple, check if a mail server runs as an open relay;
Net::DNS::Version, grab DNS server version;
Net::IP::Extract, extract Ip Address from a document;
Net::Netcraft::Query, query the Netcraft webserver search;
Net::Netstat::Wrapper, Perl module for getting the current tcp open ports;
Net::Scan::Fork, a simple way to manage fork processess;
Net::Scan::Ftp::Anonymous, scan for anonymous read/write access FTP servers;
Net::Scan::HTTP::Server::Directory, scan for directory on a web server;
Net::Scan::HTTP::Server::Methods, retrieve allowed http methods;
Net::Scan::HTTP::Server::Version, grab HTTP server version;
Net::Scan::SMTP::Banner, scan for banner message from a SMTP server;
Net::Scan::SNMP, scan devices to verify SNMP community;
Net::Scan::SSH::Server::Version, grab SSH server version;

Wireless

WL-172, Sitecom WL-172 on Ubuntu 7.10;
wardriving, my wardriving stuff;

Miscellaneous

Linkedin.com, my LinkedIn profile;
Flickr.com, my photos repository;

This page were 100% AUTO-GENERATED via customize Perl scripts.

The data on this website is provided for research purposes only. It is provided for your personal use only and is supplied AS IS WITHOUT WARRANTY OF ANY KIND. Use or reliance on this data is at your own risk.

Matteo Cantoni, matteo.cantoni@nothink.org


amicidiluca.com

ADSL homed honeypot summary report

last update 2008-05-17 (packets statistics)

Total attacks (last 24 hours) : 419

Top 5 source attackers (last 24 hours)
#ip addresscountryflag
5179.20.227.21itit flag
1679.20.214.197itit flag
1279.20.22.110itit flag
979.20.172.206itit flag
879.11.130.48itit flag

Top 5 destination ports (last 24 hours)
#portdshield link
216135dshield port details
46445dshield port details
12967dshield port details
18080dshield port details

Top 5 vulnerabilities (last 24 hours)
#vulnerability
216dcom
42asn1
2lsass
2pnp
1symantec

Top 5 urls (last 24 hours)
#url
51bind://hidden ip:1534/
9cbackf://79.20.214.197:17319/e7Hftw==
8bind://hidden ip:1670/
8bind://hidden ip:2937/
7bind://hidden ip:1499/

Top attackers coutries (month) : 30873
#countryflag
5471itit flag
55dede flag
21sese flag
15roro flag
15ruru flag
12usus flag
11arar flag
10plpl flag
10frfr flag
8gbgb flag
7cncn flag
6eses flag
3jpjp flag
2grgr flag
2mkmk flag
1unkunk flag
1phph flag
1atat flag
1dkdk flag
1sksk flag
1trtr flag
1twtw flag
1inin flag
1mymy flag
1nlnl flag