A long time ago I used PGP to encrypt files but I forgot how to use it. Today I sent a message to a CERT (but this is another story…) and I had to encrypt a file so I downloaded GnuPG binary for Windows and started reading the GnuPG mini-howto. I’ve managed to remember the [...]
Archive for June, 2010
Offtopic – GnuPG for dummies
Posted in Miscellaneous on 06/29/2010 | Leave a Comment »
Kippo SSH Honeypot
Posted in Honeypots on 06/24/2010 | 6 Comments »
Thanks to Lukas Rist’s suggestion I found Kippo SSH Honeypot. Kippo is developed by Upi Tamminen and according to the project’s homepage, “Kippo is inspired, but not based on Kojoney.”, so I decided to give it a try. Kippo setup and installation is quite simple. You only have to download it, uncompress it, edit the [...]
Snort IDS – Report
Posted in IDS/IPS on 06/10/2010 | 1 Comment »
One of the reasons I was interested in honeypots is that I wanted to install and configure and IDS and learn more about attacks, threats and rules. Once Amun and Glastopf (now also Kojoney/Kippo) logs started to show activity it was time to start my Snort IDS and monitor the traffic passing through my bridge. [...]
Kojoney – An SSH Honeypot
Posted in Honeypots on 06/08/2010 | 7 Comments »
In the last weeks I’ve been inspecting what kind of traffic is sent to my DSL Router (I will soon post a report) and I’ve found many telnet and ssh connection attempts. I’m very curious about that traffic so I’ve decided to test Kojoney SSH Honeypot. Kojoney was developed by Joxean Koret and there’s a [...]
Amun – Malware detected
Posted in Honeypots on 06/07/2010 | 5 Comments »
Thanks to Amun, 78 malware samples have been currently collected. Unfortunately my ISP has recently blocked ports 135 and 445, so for a while there will be no more attacks for that ports. I wanted to know what kind of malware was downloaded so I used an antivirus. Initially I used ClamAV but 35% of [...]
Files moved to Google Code
Posted in Uncategorized on 06/03/2010 | Leave a Comment »
Hi, as WordPress doesn’t let me to upload Python files I had to use PDF files for scripts, so I have moved the files to Google Code. I am currently working on a reporting tool for Snort and I will upload the files there. –Miguel
Glastopf – Init.d script for Debian
Posted in Honeypots on 06/01/2010 | 1 Comment »
I want to share with you this init script for Glatopf web honeypot in Debian. If you find it useful let me know Download Enjoy! Updated: PDF was not a good storage option for this script, so I have moved the script to Google Code. My apologies for those who found errors using the PDFs
