-
I've been running Avircap for some time on a honeypot server and it provides two very useful functions:-
1. Keeping a track of any attacks that might be launched across the subnets that we use.
2. Drawing attention away from other servers that may be more vulnerable to attack.
I'm happy with the current functionality, but am wondering about two specific aspects; firstly the component...
2003-03-14 15:13:22 UTC by clarkete
-
Hey I'm back.I have another quick easy one.How about adding a function to optionally delete log after sending reports so the next report is "fresh"?
I have another not so quick one.How about formating output to .txt file so in the same format as zonealarm,blackice or one of the other firewall logs that are used by My netwatchman.
http://www.mynetwatchman.com/
Just a thought.
2001-11-13 07:22:40 UTC by sixonetonoffun
-
How about adding an option to schedule or automate email notices to resolvable dns administrators or registeraints? I realize some would not likely get out and many would be sent to some administrator or office manager. I have no clue what the security or even legal issues of this would be.But it sure would be nice not to spend so much time attempting to contact all these places.I have found...
2001-11-10 23:39:52 UTC by sixonetonoffun
-
The Automated CODERED & NIMDA wormtype detection / track and Trace utility. Its a utility that passibly monitors for CODERED and NIMDA typ of attacks. The system feature reports as On-Screen, File, Email, SQL or FTP uploaded CSV's. Offending hosts can be further investigated by additional reporting tools. The features makes it suitable to cluster the system together with ofther AVIRCAP...
2001-10-04 19:28:51 UTC by org2
-
Yes it has now been modified to find NIMDA aswell.
2001-10-03 14:37:55 UTC by org2
-
I found out i need to rename CodeHunt into AVirCAP instead. The old name do not reflect the systems capabilities any longer.
AVirCAP is short for A Virus Capturer
/Fredrik.
2001-10-01 13:01:42 UTC by org2
-
NIMDA - ADMIN spelt backwards...
This worm is worse than Code Red.... Is there any plans to modify CodeHunt?.
2001-09-19 04:54:28 UTC by clarkg
-
Source codes for the CODERED Hunt V1.5 is now finally released as a single ZIpball. So it's now possible to port this to other platforms without to much hazzles.
Please take a look on it and please submit your changes to it.
2001-09-09 22:00:55 UTC by org2
-
new version of CODEHUNT is released. With some small bugfixes but aswell with a LOT of new features as EMAIL support and CRON/Scheduled tasks
Ver 1.5
*FIX Shortcuts fixed for Stop CODERED (Andreas Ott)
*FIX No File output when running nosql=true (Andreas Ott)
*FIX De-installation fix for Start CODERED in Startup folder. (It tried to launch
a deleted program after reboot.). (MT)
*NEW...
2001-09-09 00:03:22 UTC by org2
-
Input and Ideas wanted for improvements of the system. Aswell as I'm looking for persons who have modified the script with enhancements. I'm curious of what you've done :-)
2001-08-23 07:35:38 UTC by org2
