openpacket-devel Mailing List for OpenPacket Tools (Page 6)
Brought to you by:
crazy_j,
taosecurity
Menu
▾
▴
openpacket-devel — OpenPacket development list
This list is closed, nobody may subscribe to it.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(25) |
Aug
(29) |
Sep
(6) |
Oct
(4) |
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(4) |
Feb
|
Mar
(8) |
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
(2) |
Sep
(3) |
Oct
(27) |
Nov
(3) |
Dec
(1) |
| 2008 |
Jan
(19) |
Feb
(16) |
Mar
(4) |
Apr
(8) |
May
(3) |
Jun
(15) |
Jul
(10) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2009 |
Jan
(5) |
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Richard B. <tao...@gm...> - 2006-10-04 15:15:53
|
Hello all, Here is my feedback on the latest demo: - Need a password retrieval system. I thought I remembered my password for my test account, but it doesn't seem to work. Right now there is no way to recover automatically. Emailing a new password to the email address on file, then prompting a password change, is a good idea. - Will the site support SSL, perhaps for login? - A confirmation message after creating a user account would be helpful. - When a trace is approved or disapproved by a moderator, could we send an email to the submitter saying whether their trace was approved or disapproved? I can work out some wording. If there is a comment applied by a moderator, that could be added to the email. - When approving captures via http://openpacket.no-ip.org:8000/approvefiles/ I locked up the system. orr:/home/richard$ nc -v openpacket.no-ip.org 8000 Connection to openpacket.no-ip.org 8000 port [tcp/*] succeeded! HEAD / HTTP/1.0 I wonder if it had trouble trying to parse rfpHNScan14.zip? I'm wondering if we should just run captures through something like Capinfos (from Wireshark), e.g.: orr:/home/richard$ capinfos rpc.pcap File name: rpc.pcap File type: Wireshark/tcpdump/... - libpcap Number of packets: 8 File size: 3866 bytes Data size: 3714 bytes Capture duration: 4.994468 seconds Start time: Mon Feb 9 15:22:07 2004 End time: Mon Feb 9 15:22:12 2004 Data rate: 743.62 bytes/s Data rate: 5948.98 bits/s Average packet size: 464.25 bytes and provide that for a trace? Thank you, Richard |
|
From: Richard B. <tao...@gm...> - 2006-10-04 13:40:40
|
On 10/4/06, Leon Ward <leo...@so...> wrote: > Hi > - Setting mimetype of the pcaps to download would be a good idea. > My browser (firefox on OSX) does not recognise the file extension so the > pcap is "displayed" in the browser. > - Looks like the submission process will accept zip files, is there any > checking on upload data types? > - A list of supported upload file types would be good. > - Something to show user "status" or access rights would be nice. > - Upload a file is under "Auth required" however I can still access it (auth > prob or GUI design prob?) > > Do you want a logo? If I get time I should be able to GIMP something up. > > Regards, > > - Leon Hi Leon, Thanks for your feedback. No worries on a logo -- we have one: http://www.taosecurity.com/images/openpacket-org_small.png Thank you, Richard |
|
From: Richard B. <tao...@gm...> - 2006-10-04 12:59:39
|
On 9/26/06, ml...@im... <ml...@im...> wrote: > I sure will. Server will be up from 7am to 5pm this wednesday. > http://openpacket.no-ip.org:8000/ is active again. Please test and reply with comments. Thank you, Richard |
|
From: <ml...@im...> - 2006-09-27 03:45:36
|
I sure will. Server will be up from 7am to 5pm this wednesday. Thanks, David. ---------------------------- Original Message ---------------------------- Subject: [Openpacket-devel] OpenPacket Alpha Demo Update From: "Richard Bejtlich" <tao...@gm...> Date: Tue, September 26, 2006 7:53 pm To: ope...@li... -------------------------------------------------------------------------- Hello all, I was on the road all day today, so I was unable to react to the change in IP associated with openpacket.dyndns.org. I just updated openpacket.dyndns.org to the IP David now has. However, going forward it would be best to use http://openpacket.no-ip.org:8000/ to access the demo site. David registered openpacket.no-ip.org, so he can control the IP assignment during demo testing. Incidentally, the demo is down now. I believe David may give it another try Wednesday. Thanks for the feedback we've gotten thus far. Sincerely, Richard ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Openpacket-devel mailing list Ope...@li... https://lists.sourceforge.net/lists/listinfo/openpacket-devel |
|
From: Richard B. <tao...@gm...> - 2006-09-26 23:53:27
|
Hello all, I was on the road all day today, so I was unable to react to the change in IP associated with openpacket.dyndns.org. I just updated openpacket.dyndns.org to the IP David now has. However, going forward it would be best to use http://openpacket.no-ip.org:8000/ to access the demo site. David registered openpacket.no-ip.org, so he can control the IP assignment during demo testing. Incidentally, the demo is down now. I believe David may give it another try Wednesday. Thanks for the feedback we've gotten thus far. Sincerely, Richard |
|
From: Joel E. <joe...@so...> - 2006-09-25 13:12:11
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Your addr obfuscation routine seems to be borked. J KeyError at /uploadfile/ 0 Request Method: POST Request URL: http://openpacket.dyndns.org:8000/uploadfile/ Exception Type: KeyError Exception Value: 0 Exception Location: C:\Documents and Settings\Roach\My Documents\workspace\openpacket\..\openpacket\_extensions\pcapParser.py in obfuscateIPaddr, line 60 Traceback (innermost last) Switch to copy-and-paste view C:\Python24\lib\site-packages\django\core\handlers\base.py in get_response response = callback(request, *callback_args, **callback_kwargs) ... ? Local vars C:\Documents and Settings\Roach\My Documents\workspace\openpacket\pcapfiles\views.py in uploadPcapFile obfuscateIPaddr(new_pcapfile.filepath) ... ? Local vars C:\Documents and Settings\Roach\My Documents\workspace\openpacket\..\openpacket\_extensions\pcapParser.py in obfuscateIPaddr dstip3 = randomnum[dstip3] ... ? Local vars Request information GET No GET data POST Variable Value category 'malicious' description 'Sadmind with root credentials' obfuscateIP 'on' COOKIES Variable Value sessionid '9f1305deca45f0218684874e8de2dbee' META Variable Value ALLUSERSPROFILE 'C:\\Documents and Settings\\All Users' APPDATA 'C:\\Documents and Settings\\Roach\\Application Data' APR_ICONV_PATH 'C:\\Program Files\\Subversion\\iconv' BITROCK '1' CLASSPATH '.;C:\\Program Files\\Java\\j2re1.4.2_12\\lib\\ext\\QTJava.zip' COMMONPROGRAMFILES 'C:\\Program Files\\Common Files' COMPUTERNAME 'ROACH4-LAPTOP' COMSPEC 'C:\\WINDOWS\\system32\\cmd.exe' CONTENT_LENGTH '4337' CONTENT_TYPE 'multipart/form-data; boundary=----------0xKhTmLbOuNdArY' DJANGO_SETTINGS_MODULE 'openpacket.settings' GATEWAY_INTERFACE 'CGI/1.1' HOMEDRIVE 'C:' HOMEPATH '\\Documents and Settings\\Roach' HTTP_ACCEPT '*/*' HTTP_ACCEPT_ENCODING 'gzip, deflate' HTTP_ACCEPT_LANGUAGE 'en' HTTP_CONNECTION 'keep-alive' HTTP_COOKIE 'sessionid=9f1305deca45f0218684874e8de2dbee' HTTP_HOST 'openpacket.dyndns.org:8000' HTTP_REFERER 'http://openpacket.dyndns.org:8000/uploadfile/' HTTP_USER_AGENT 'Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3' LOGONSERVER '\\\\ROACH4-LAPTOP' NUMBER_OF_PROCESSORS '1' OS 'Windows_NT' PATH 'C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\Program Files\\SecureCRT\\;C:\\Program Files\\Subversion\\bin;C:\\Python24;C:\\Program Files\\QuickTime\\QTSystem\\' PATHEXT '.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH' PATH_INFO '/uploadfile/' PROCESSOR_ARCHITECTURE 'x86' PROCESSOR_IDENTIFIER 'x86 Family 6 Model 11 Stepping 4, GenuineIntel' PROCESSOR_LEVEL '6' PROCESSOR_REVISION '0b04' PROGRAMFILES 'C:\\Program Files' PROMPT '$P$G' QTJAVA 'C:\\Program Files\\Java\\j2re1.4.2_12\\lib\\ext\\QTJava.zip' QUERY_STRING '' REMOTE_ADDR '24.214.132.43' REMOTE_HOST 'user-24-214-132-43.knology.net' REQUEST_METHOD 'POST' RUN_MAIN 'true' SCRIPT_NAME '' SERVER_NAME 'roach4-laptop.no-domain-set.bellcanada' SERVER_PORT '8000' SERVER_PROTOCOL 'HTTP/1.1' SERVER_SOFTWARE 'WSGIServer/0.1 Python/2.4.3' SESSIONNAME 'Console' SYSTEMDRIVE 'C:' SYSTEMROOT 'C:\\WINDOWS' TEMP 'C:\\DOCUME~1\\Roach\\LOCALS~1\\Temp' TMP 'C:\\DOCUME~1\\Roach\\LOCALS~1\\Temp' TZ 'America/Montreal' USERDOMAIN 'ROACH4-LAPTOP' USERNAME 'Roach' USERPROFILE 'C:\\Documents and Settings\\Roach' WINDIR 'C:\\WINDOWS' wsgi.errors <open file '<stderr>', mode 'w' at 0x0095E0B0> wsgi.file_wrapper <class 'django.core.servers.basehttp.FileWrapper'> wsgi.input <socket._fileobject object at 0x013DBF48> wsgi.multiprocess False wsgi.multithread True wsgi.run_once False wsgi.url_scheme 'http' wsgi.version (1, 0) Settings Using settings module openpacket.settings Setting Value ABSOLUTE_URL_OVERRIDES {} ADMINS () ADMIN_FOR () ADMIN_MEDIA_PREFIX '/adminmedia/' ALLOWED_INCLUDE_ROOTS () APPEND_SLASH True AUTHENTICATION_BACKENDS ('django.contrib.auth.backends.ModelBackend',) BANNED_IPS () CACHE_BACKEND 'simple://' CACHE_MIDDLEWARE_KEY_PREFIX '' COMMENTS_ALLOW_PROFANITIES False COMMENTS_BANNED_USERS_GROUP None COMMENTS_FIRST_FEW 0 COMMENTS_MODERATORS_GROUP None COMMENTS_SKETCHY_USERS_GROUP None DATABASE_ENGINE 'sqlite3' DATABASE_HOST '' DATABASE_NAME '_db\\OP.db' DATABASE_PASSWORD '********************' DATABASE_PORT '' DATABASE_USER '' DATETIME_FORMAT 'N j, Y, P' DATE_FORMAT 'N j, Y' DEBUG True DEFAULT_CHARSET 'utf-8' DEFAULT_CONTENT_TYPE 'text/html' DEFAULT_FROM_EMAIL 'webmaster@localhost' DISALLOWED_USER_AGENTS () EMAIL_HOST 'localhost' EMAIL_HOST_PASSWORD '********************' EMAIL_HOST_USER '' EMAIL_PORT 25 EMAIL_SUBJECT_PREFIX '[Django] ' ENABLE_PSYCO False IGNORABLE_404_ENDS ('mail.pl', 'mailform.pl', 'mail.cgi', 'mailform.cgi', 'favicon.ico', '.php') IGNORABLE_404_STARTS ('/cgi-bin/', '/_vti_bin', '/_vti_inf') INSTALLED_APPS ['django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.admin', 'openpacket.comments', 'openpacket.pcapfiles', 'openpacket.users', 'openpacket.navigation'] INTERNAL_IPS () JING_PATH '/usr/bin/jing' LANGUAGES (('ar', 'Arabic'), ('bn', 'Bengali'), ('cs', 'Czech'), ('cy', 'Welsh'), ('da', 'Danish'), ('de', 'German'), ('el', 'Greek'), ('en', 'English'), ('es', 'Spanish'), ('es_AR', 'Argentinean Spanish'), ('fr', 'French'), ('gl', 'Galician'), ('hu', 'Hungarian'), ('he', 'Hebrew'), ('is', 'Icelandic'), ('it', 'Italian'), ('ja', 'Japanese'), ('nl', 'Dutch'), ('no', 'Norwegian'), ('pt-br', 'Brazilian'), ('ro', 'Romanian'), ('ru', 'Russian'), ('sk', 'Slovak'), ('sl', 'Slovenian'), ('sr', 'Serbian'), ('sv', 'Swedish'), ('uk', 'Ukrainian'), ('zh-cn', 'Simplified Chinese'), ('zh-tw', 'Traditional Chinese')) LANGUAGES_BIDI ('he', 'ar') LANGUAGE_CODE 'en-us' MANAGERS () MEDIA_ROOT '_media' MEDIA_URL 'http://127.0.0.1:8000/media' MIDDLEWARE_CLASSES ('django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.middleware.doc.XViewMiddleware') MONTH_DAY_FORMAT 'F j' PREPEND_WWW False ROOT_URLCONF 'openpacket.urls' SECRET_KEY '********************' SEND_BROKEN_LINK_EMAILS False SERVER_EMAIL 'root@localhost' SESSION_COOKIE_AGE 1209600 SESSION_COOKIE_DOMAIN None SESSION_COOKIE_NAME 'sessionid' SESSION_EXPIRE_AT_BROWSER_CLOSE False SESSION_SAVE_EVERY_REQUEST False SETTINGS_MODULE 'openpacket.settings' SITE_ID 1 TEMPLATE_CONTEXT_PROCESSORS ('django.core.context_processors.auth', 'django.core.context_processors.debug', 'django.core.context_processors.i18n') TEMPLATE_DEBUG True TEMPLATE_DIRS ('_templates',) TEMPLATE_LOADERS ('django.template.loaders.filesystem.load_template_source', 'django.template.loaders.app_directories.load_template_source') TEMPLATE_STRING_IF_INVALID '' TIME_FORMAT 'P' TIME_ZONE 'America/Montreal' TRANSACTIONS_MANAGED False USE_ETAGS False USE_I18N True YEAR_MONTH_FORMAT 'F Y' You're seeing this error because you have DEBUG = True in your Django settings file. Change that to False, and Django will display a standard 500 page. - -- +---------------------------------------------------------------------+ Joel Esler Senior Security Consultant 1-706-627-2101 Sourcefire Security for the /Real/ World -- http://www.sourcefire.com Snort - Open Source Network IPS/IDS -- http://www.snort.org GPG Key http://demo.sourcefire.com/jesler.pgp.key AIM: eslerjoel Gtalk: eslerj Yahoo: eslerjoel +---------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFFF9WeKbCSyXHckt4RAifyAJ9I2V/P3NVKF+GzUTysy1CXzxR5vQCeLCwo OksHF3U08JHoLXHmQ5Cm90Q= =C12B -----END PGP SIGNATURE----- |
|
From: Richard B. <tao...@gm...> - 2006-09-25 12:49:11
|
Hello, David Belle-Isle has reactivated the OpenPacket alpha demo server. It is available at: http://openpacket.dyndns.org:8000/ The site will be live: Monday from 7am to 5pm Tuesday from 7am to 5pm All times are EST (I believe). To gain moderator status, visit http://openpacket.dyndns.org:8000/makememoderator David says: Things that have been done since last demo: - Moderators can dis/approve and leave comments - A log is written each time a dis/approval is made - Remoderation feature: moderators can re-approve a disapproved file or perm delete it (log is written) - Number of downloads is now shown for each file - A marker has been added if the file is sanitized - You can sort when browsing files - Searching features have been added for comments - Searching features have been added for parsed information of files - Clicking a user brings a page with all the files that user uploaded - Moderators can put "final comments" on a file. This comment will be highlighted - Categories have been added What needs to be done: - Tagging - Rating of files - Rating of users - Checksums - Validate that the uploaded file is a pcap file - Add the openpacket logo Please give the demo a try and post your feedback to the openpacket-devel list. Thank you David, and thank you testers! Sincerely, Richard |
|
From: Richard B. <tao...@gm...> - 2006-09-18 12:33:29
|
David Belle-Isle is coding the suggestions made since the demo last month. He expects to be done within a week. When the demo site is available again, I will post a notice here and on the OpenPacket.org Blog. Thank you, Richard |
|
From: Aaron T. <syn...@gm...> - 2006-09-14 21:54:25
|
Sorry for not replying to the thread directly, but I just subscribed to the list... Anyways, tcpreplay already fixes checksums L3/L4 in pcap files as well as pesudo-randomizing the IP addresses contained within (note, only supports doing so for IPv4 and at layer 3, so don't expect it to fix them in a FTP PORT command or in a HTTP Host header). I'd recommend grabbing v2.3.5 (the 3.0 beta series is a bit buggy right now). An example usage would be: sudo ./tcpreplay -F -s 367 -i en0 -w out.pcap -R in.pcap If you're feeling lucky, grab 3.0.beta11 and use tcprewrite: tcprewrite --seed=423 --infile=input.pcap --outfile=output.pcap The big advantage of tcprewrite, is that it doesn't require running as root and is a little more intelligent (it'll update IPv4 addresses in ARP packets for example). It will also someday gracefully handle non-Ethernet captures. http://tcpreplay.synfin.net/ Anyways, glad to see that work is finally being done on openpacket. I'm particularly interested in it since so many people ask me where to get packet captures for use with tcpreplay. Regards, Aaron -- Aaron Turner http://synfin.net/ |
|
From: Richard B. <tao...@gm...> - 2006-08-09 18:13:38
|
On 8/9/06, Bamm Visscher <bam...@gm...> wrote: > FYI: > > http://openpacket.cvs.sourceforge.net/openpacket/openpacket/ > > or > > cvs -d:pserver:ano...@op...:/cvsroot/openpacket > login > cvs -d:pserver:ano...@op...:/cvsroot/openpacket > co openpacket > > Should work. > > Bammkkkk > > Indeed! Instructions: http://sourceforge.net/cvs/?group_id=148106 Example as anonymous: hacom:/home/richard$ cvs -d:pserver:ano...@op...:/cvsroot/openpacket login Logging in to :pserver:ano...@op...:2401/cvsroot/openpacket CVS password: cvs login: warning: failed to open /home/richard/.cvspass for reading: No such file or directory hacom:/home/richard$ cvs -d:pserver:ano...@op...:/cvsroot/openpacket co openpacket cvs checkout: Updating openpacket U openpacket/.project U openpacket/__init__.py U openpacket/manage.py U openpacket/settings.py U openpacket/urls.py cvs checkout: Updating openpacket/_db U openpacket/_db/OP.db U openpacket/_db/sqlite3.exe cvs checkout: Updating openpacket/_extensions U openpacket/_extensions/__init__.py U openpacket/_extensions/cons.py U openpacket/_extensions/feeds.py U openpacket/_extensions/logging.py U openpacket/_extensions/login.py U openpacket/_extensions/pcapParser.py cvs checkout: Updating openpacket/_media cvs checkout: Updating openpacket/_media/css U openpacket/_media/css/main.css cvs checkout: Updating openpacket/_media/images U openpacket/_media/images/delete.gif U openpacket/_media/images/feed.gif cvs checkout: Updating openpacket/_media/pcapfiles U openpacket/_media/pcapfiles/readme cvs checkout: Updating openpacket/_media/quarantined U openpacket/_media/quarantined/readme cvs checkout: Updating openpacket/_templates U openpacket/_templates/base.html U openpacket/_templates/index.html cvs checkout: Updating openpacket/_templates/comments U openpacket/_templates/comments/search.html cvs checkout: Updating openpacket/_templates/navigation U openpacket/_templates/navigation/forbidden.html U openpacket/_templates/navigation/viewlogs.html cvs checkout: Updating openpacket/_templates/pcapfiles U openpacket/_templates/pcapfiles/browseFiles.html U openpacket/_templates/pcapfiles/fileApproval.html U openpacket/_templates/pcapfiles/search.html U openpacket/_templates/pcapfiles/uploadPcapFile.html U openpacket/_templates/pcapfiles/viewPcapFile.html cvs checkout: Updating openpacket/_templates/users U openpacket/_templates/users/login.html U openpacket/_templates/users/signup.html U openpacket/_templates/users/userUploads.html cvs checkout: Updating openpacket/comments U openpacket/comments/__init__.py U openpacket/comments/models.py U openpacket/comments/views.py cvs checkout: Updating openpacket/navigation U openpacket/navigation/__init__.py U openpacket/navigation/models.py U openpacket/navigation/views.py cvs checkout: Updating openpacket/pcapfiles U openpacket/pcapfiles/__init__.py U openpacket/pcapfiles/models.py U openpacket/pcapfiles/views.py cvs checkout: Updating openpacket/users U openpacket/users/__init__.py U openpacket/users/models.py U openpacket/users/views.py Thanks all, Richard |
|
From: Bamm V. <bam...@gm...> - 2006-08-09 18:00:44
|
FYI: http://openpacket.cvs.sourceforge.net/openpacket/openpacket/ or cvs -d:pserver:ano...@op...:/cvsroot/openpacket login cvs -d:pserver:ano...@op...:/cvsroot/openpacket co openpacket Should work. Bammkkkk On 8/9/06, David Belle-Isle <ml...@im...> wrote: > Hi everyone, > > I just commited the first version of openpacket to the sourceforge CVS > repository. > > Host: openpacket.cvs.sourceforge.net > Directory: /cvsroot/openpacket > Module name: openpacket > > http://openpacket.cvs.sourceforge.net/openpacket > > In order to be able to checkout the project you need to be assigned as a > developer for the project ( I think ). > > So, just send an email to Richard and me if you want to help. > > > Also, I'll attach to this email the database schema of the project. It's a > graphical representation of the django model I'm using. > > > Thanks everyone for the support, > > If you have any questions don't be shy, shoot! :) > > David > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > > > > -- sguil - The Analyst Console for NSM http://sguil.sf.net |
|
From: Bamm V. <bam...@gm...> - 2006-08-09 17:58:02
|
You should be able to do an anonymous checkout once the data propagates. Bammkkkk On 8/9/06, Scott Dexter <sco...@gm...> wrote: > I'd be intrested in taking a look. > > On 8/9/06, David Belle-Isle <ml...@im...> wrote: > > Hi everyone, > > > > I just commited the first version of openpacket to the sourceforge CVS > > repository. > > > > Host: openpacket.cvs.sourceforge.net > > Directory: /cvsroot/openpacket > > Module name: openpacket > > > > http://openpacket.cvs.sourceforge.net/openpacket > > > > In order to be able to checkout the project you need to be assigned as a > > developer for the project ( I think ). > > > > So, just send an email to Richard and me if you want to help. > > > > > > Also, I'll attach to this email the database schema of the project. It's a > > graphical representation of the django model I'm using. > > > > > > Thanks everyone for the support, > > > > If you have any questions don't be shy, shoot! :) > > > > David > > > > ------------------------------------------------------------------------- > > Using Tomcat but need to do more? Need to support web services, security? > > Get stuff done quickly with pre-integrated technology to make your job easier > > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > > > > _______________________________________________ > > Openpacket-devel mailing list > > Ope...@li... > > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > > > > > > > > > > > -- > Scott Dexter > > "You're not one of us." > "I don't think I'm one of them, either," said Brutha. > "I'm one of mine." > > Terry Pratchett (Small Gods) > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > -- sguil - The Analyst Console for NSM http://sguil.sf.net |
|
From: Scott D. <sco...@gm...> - 2006-08-09 17:54:15
|
I'd be intrested in taking a look. On 8/9/06, David Belle-Isle <ml...@im...> wrote: > Hi everyone, > > I just commited the first version of openpacket to the sourceforge CVS > repository. > > Host: openpacket.cvs.sourceforge.net > Directory: /cvsroot/openpacket > Module name: openpacket > > http://openpacket.cvs.sourceforge.net/openpacket > > In order to be able to checkout the project you need to be assigned as a > developer for the project ( I think ). > > So, just send an email to Richard and me if you want to help. > > > Also, I'll attach to this email the database schema of the project. It's a > graphical representation of the django model I'm using. > > > Thanks everyone for the support, > > If you have any questions don't be shy, shoot! :) > > David > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > > > > -- Scott Dexter "You're not one of us." "I don't think I'm one of them, either," said Brutha. "I'm one of mine." Terry Pratchett (Small Gods) |
|
From: David Belle-I. <ml...@im...> - 2006-08-09 16:02:26
|
Hi, Here's a list of what have been done since the demo: - Approval is now redesigned. You can approve/disapprove and leave comments - You can browse the moderation history log - Number of downloads is shown when viewing a file - A marker has been added if a file is sanitized - You can sort on the first 3 columns when browsing files - When clicking a user it takes you to a list of the files he uploaded - Categories have been added (for traces) - You can perform searches on the IP (dst, src), port (dst, src), MAC address (dst, src) - You can perform searches on the comments left by users Here's a list of what needs to be done: - Checksums in obfuscated Pcap files are incorrect - Remoderation features (moderators should be able to somehow browse quarantined files, decide if they want to permenantly delete the file or bring it back (reapprove) it). - Moderators should be able to place a final comment to a trace to explain what it really is. Comments should still be available even though a moderator stated his final thoughts on the trace. - Trace files rating based on: most downloaded, most commented, "hot or not" rating - Uploader rating based on: number of traces, accumulated KB, trace rating, level of discussion - Tagging mechanism That's about it. Thanks, David |
|
From: David Belle-I. <ml...@im...> - 2006-08-09 15:52:08
|
Hi everyone, I just commited the first version of openpacket to the sourceforge CVS repository. Host: openpacket.cvs.sourceforge.net Directory: /cvsroot/openpacket Module name: openpacket http://openpacket.cvs.sourceforge.net/openpacket In order to be able to checkout the project you need to be assigned as a developer for the project ( I think ). So, just send an email to Richard and me if you want to help. Also, I'll attach to this email the database schema of the project. It's a graphical representation of the django model I'm using. Thanks everyone for the support, If you have any questions don't be shy, shoot! :) David |
|
From: Tim F. <fu...@cc...> - 2006-08-08 15:16:02
|
Honeynet.org had also done some of that sort of thing, and has the old challenges up: http://honeynet.org/misc/chall.html They've done scan analysis, reverse engineering, and forensic analysis challenges. We might be able to draw inspiration from that. -Tim On 8/8/06, Jacob Ham <ha...@gm...> wrote: > > On 8/7/06, Richard Bejtlich <tao...@gm...> wrote: > > I'm trying to put myself in the shoes of a user who visits > > OpenPacket.org, perhaps not knowing what to look at or where to begin. > > Those three ratings might point n00bs to the most interesting traces. > > Along this note, there was an interesting post you made on your blog > recently. The packet analysis challenge that was conducted by SANS > Internet Storm Center was an very interesting way to learn about > packet analysis. Not only did I get to download the packet, but also > got to read the understanding behind it. > > I might be getting ahead of myself here, but something like a > challenge or just a walk through of an packet capture could help the > community immensely! Maybe we could get sponsors to offer rewards for > certain challenges, like a signed book from Richard Bejtlich himself > :-) > > Jake > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job > easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > -- Tim Furlong tim...@gm... |
|
From: Jacob H. <ha...@gm...> - 2006-08-08 15:07:59
|
On 8/7/06, Richard Bejtlich <tao...@gm...> wrote: > I'm trying to put myself in the shoes of a user who visits > OpenPacket.org, perhaps not knowing what to look at or where to begin. > Those three ratings might point n00bs to the most interesting traces. Along this note, there was an interesting post you made on your blog recently. The packet analysis challenge that was conducted by SANS Internet Storm Center was an very interesting way to learn about packet analysis. Not only did I get to download the packet, but also got to read the understanding behind it. I might be getting ahead of myself here, but something like a challenge or just a walk through of an packet capture could help the community immensely! Maybe we could get sponsors to offer rewards for certain challenges, like a signed book from Richard Bejtlich himself :-) Jake |
|
From: Richard B. <tao...@gm...> - 2006-08-07 16:30:52
|
On 8/7/06, David A. Belle-Isle <dbe...@im...> wrote: > Hi Richard, > > I'm working on the various comments you made after trying the demo and I > got one little question. > > - You say: "When browsing files, it would be nice to have a Rating based > on user feedback." --> Are you talking about the same rating as you > asked for users or is it another rating? If so, how is it calulated? > Number of feedbacks? Feedbacks quality? Users rate the file?? > Hi David, I had two ratings based in mind -- sorry for not making this clearer. Users who upload traces should be "rated" to receive karma/popularity points/whatever, Slashdot-style. I think traces should have ratings associated with them, independent of who uploaded them, so I could look for: 1. Most downloaded trace 2. Most commented-upon trace 3. A general "interesting"? (hot or not?) type rating? If anyone can improve my thinking on this, please do. I'm trying to put myself in the shoes of a user who visits OpenPacket.org, perhaps not knowing what to look at or where to begin. Those three ratings might point n00bs to the most interesting traces. Thank you, Richard |
|
From: Mark M. <mas...@gm...> - 2006-08-06 14:09:10
|
I'm going to post my Rails site next week. After that, I'll be happy to help support David's site. Mark |
|
From: Richard B. <tao...@gm...> - 2006-08-04 23:32:28
|
On 8/4/06, Richard Bejtlich <tao...@gm...> wrote: > David -- phenomenal job. These are my immediate comments as I try the site: > Another thought -- could be allow users to assign tags to traces? That might help the site deal with moderator lack of time or desire to classify everything in a trace. Richard |
|
From: Richard B. <tao...@gm...> - 2006-08-04 23:30:49
|
On 8/4/06, Jacob Ham <ha...@gm...> wrote: > Well, may I suggest that now is a good time than ever to start a > SVN/CVS server for the site? I could host the site and SVN for > development. Then give access to developers who would like to work on > feature requests / bugs. > > We could also have the SVN repo on sourceforge and/or google. Not > sure if David is ready to do such a thing or not. But I would > definately like to help with some of these features and/or design. > > Jake > Hi Jake, David and I discussed CVS/SVN and we agree it's a good idea. David's OpenPacket.org code itself will be open source, so we could host it at sf.net. We might host it ourselves too. Either way, expect CVS/SVN sometime next week. Thank you, Richard |
|
From: Tim F. <fu...@cc...> - 2006-08-04 23:01:28
|
Hi David, Awesome work on the prototype, good job. A few things I noticed while poking around: - Not-logged-in users can't access any trace pages, but they can the same info on the front page as logged-in users - The "uploaded on" field on the main page reports time in 12-hour format, but prints single-digit hour prefixed with 0, e.g. 08:48 for 8:48pm; the trace pages display in 24-hour format, that is probably better for the front page too - Looks like the tracefile parser is assuming IP and not validating that; see arp-storm.pcap - the ARP packets appear to be being parsed as IP packets. As Jake mentioned, we should probably work on setting up some more tools to get collaboration going. I'd suggest that a wiki would be nice; I normally have MediaWiki running at home, but my usual webserver is down for the time being until I can scrounge up a heatsink and fan that'll fit it. :P Anyone else happen to have wiki software running? I'll see if I can take another look at getting my server running over the weekend. -Tim On 8/4/06, David Belle-Isle <ml...@im... > wrote: > > Hi everyone, > > You'll have a chance to test the version of openpacket that I started to > develop. Server will be open Friday and Monday. > > First, it's important that you know that I don't like the design, I use it > > just to be able to show what I developped. > > Second, known bugs: when you upload a file and you ask to change the IP > addresses, checksums are still incorrect. > > Third, moderators: when a file is uploaded a moderator needs to approve > the file before others can see it. For this test, a user "moderator" will > be created with the password "moderator". > > So, server will be open during this time: > > Friday: 4pm to 11pm > > and > > Monday: 1pm to 5pm > > > URL: http://roach4.no-ip.org:8000 > > > I would like to know everyone's opinions about the web site, hopefully > everyone that tries it will write a little report (bugs that you might > find, ideas that you think could be useful, and so on) on the mailing > list. > > Thanks everyone, > > David > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share > your > opinions on IT & business topics through brief surveys -- and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > -- Tim Furlong tim...@gm... |
|
From: Jacob H. <ha...@gm...> - 2006-08-04 20:32:29
|
Well, may I suggest that now is a good time than ever to start a SVN/CVS server for the site? I could host the site and SVN for development. Then give access to developers who would like to work on feature requests / bugs. We could also have the SVN repo on sourceforge and/or google. Not sure if David is ready to do such a thing or not. But I would definately like to help with some of these features and/or design. Jake On 8/4/06, Richard Bejtlich <tao...@gm...> wrote: > David -- phenomenal job. These are my immediate comments as I try the site: > > -- Love the RSS feeds! > > -- I assume people can't access the URL for an unapproved feed (say > http://roach4.no-ip.org:8000/viewfile/25 if 1-24 are already approved) > ? > > -- When approving traces, can there be some sort of "approve with > comment" or "disapprove with comment" instead of just Y or N? > > -- It would be helpful for moderators to be able to review a > Moderation History log to see who made what decisions, and when. > > -- We need a "remoderation" feature. A moderator might make a > mistake, or miss something. So we'll have to be able to remove a > trace, or maybe add it in later. > > -- When browsing files, it would be nice to have a Rating based on > user feedback. > > -- Each trace should have a counter showing number of downloads, if possible. > > -- Could you set some kind of marker on the trace indicating if the > trace was sanitized during upload or not? > > -- When browsing files, sorting on various columns would be cool. > > -- It would be neat to make trace uploader IDs a linkable feature that > would show all traces uploaded by that user ID. > > -- When looking at individual traces, the trace uploader ID is > currently a link to their email address. I would prefer removing that > to foil spammers. It would also be good to instead link to a page > built for the individual user. Maybe that page would also list all of > their uploads, as mentioned earlier? > > -- I'm starting to wonder how best to organize these traces. We > probably want some means of letting users indicate their idea of what > the trace is. We probably want the moderators to make the final > determination. > > -- We might want to stick with really generic categories, like > "normal," "suspicious," "malicious," or "unknown." > > -- Are you saving any information about the traces once your parser > reads them? For example, is it possible to search for traces > involving IP X or port Y or protocol Z? > > -- We may have to end up having the traces available mainly via > queries. In other words, trying to define rigid categories might be > doomed. > > -- I'll have to develop some disclaimers, FAQs, etc. I also need to > work on sponsors. > > This is really awesome. I think having this concrete site will help > us answer lots of questions. > > Thank you, > > Richard > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys -- and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > |
|
From: Richard B. <tao...@gm...> - 2006-08-04 20:10:42
|
David -- phenomenal job. These are my immediate comments as I try the site: -- Love the RSS feeds! -- I assume people can't access the URL for an unapproved feed (say http://roach4.no-ip.org:8000/viewfile/25 if 1-24 are already approved) ? -- When approving traces, can there be some sort of "approve with comment" or "disapprove with comment" instead of just Y or N? -- It would be helpful for moderators to be able to review a Moderation History log to see who made what decisions, and when. -- We need a "remoderation" feature. A moderator might make a mistake, or miss something. So we'll have to be able to remove a trace, or maybe add it in later. -- When browsing files, it would be nice to have a Rating based on user feedback. -- Each trace should have a counter showing number of downloads, if possible. -- Could you set some kind of marker on the trace indicating if the trace was sanitized during upload or not? -- When browsing files, sorting on various columns would be cool. -- It would be neat to make trace uploader IDs a linkable feature that would show all traces uploaded by that user ID. -- When looking at individual traces, the trace uploader ID is currently a link to their email address. I would prefer removing that to foil spammers. It would also be good to instead link to a page built for the individual user. Maybe that page would also list all of their uploads, as mentioned earlier? -- I'm starting to wonder how best to organize these traces. We probably want some means of letting users indicate their idea of what the trace is. We probably want the moderators to make the final determination. -- We might want to stick with really generic categories, like "normal," "suspicious," "malicious," or "unknown." -- Are you saving any information about the traces once your parser reads them? For example, is it possible to search for traces involving IP X or port Y or protocol Z? -- We may have to end up having the traces available mainly via queries. In other words, trying to define rigid categories might be doomed. -- I'll have to develop some disclaimers, FAQs, etc. I also need to work on sponsors. This is really awesome. I think having this concrete site will help us answer lots of questions. Thank you, Richard |
|
From: David Belle-I. <ml...@im...> - 2006-08-04 17:16:31
|
Hi, Since I'll probably not be able to get everyone a moderator access here's a trick I implemented for test purposes: - Sign up - Log in - access: http://roach4.no-ip.org:8000/makememoderator This will create a moderator access attached to your account. Thanks, David |
6 messages has been excluded from this view by a project administrator.
