Security Incidents mailing list archives
RPAT - Realtime Proxy Abuse Triangulation
From: Stephen Friedl <steve () unixwiz net>
Date: Fri, 20 Dec 2002 08:17:15 -0800
Hello list, This isn't exactly an "incident", but it was suggested that I post this here. I've developed a technique for tracking down abusers of rotating proxy servers: RPAT - Realtime Proxy Abuse Triangulation http://www.unixwiz.net/rpat/ The short description: when an "attack" is observed, query the source via SNMP and suck down the netstat table to see who's talking to the proxy. Over time and enough different sources, one can "triangulate" back to the abuser. There are plenty of caveats, but I believe the technique is original. The writeup includes the perl source code. Happy holidays, all. Steve --- Stephen J Friedl | Software Consultant | Tustin, CA | +1 714 544-6561 www.unixwiz.net | I speak for me only | KA8CMY | steve () unixwiz net ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RPAT - Realtime Proxy Abuse Triangulation Stephen Friedl (Dec 20)
- Re: RPAT - Realtime Proxy Abuse Triangulation Kurt Seifried (Dec 24)
- Re: RPAT - Realtime Proxy Abuse Triangulation Mathias Wegner (Dec 27)
- Re: RPAT - Realtime Proxy Abuse Triangulation Jay D. Dyson (Dec 27)
- Re: RPAT - Realtime Proxy Abuse Triangulation Kevin Reardon (Dec 27)
- RE: RPAT - Realtime Proxy Abuse Triangulation Rob Shein (Dec 30)
- Re: RPAT - Realtime Proxy Abuse Triangulation Greg Barnes (Dec 30)
- Re: RPAT - Realtime Proxy Abuse Triangulation Mathias Wegner (Dec 27)
- Re: RPAT - Realtime Proxy Abuse Triangulation Kurt Seifried (Dec 24)
- Re: RPAT - Realtime Proxy Abuse Triangulation Gary Flynn (Dec 30)
- RE: RPAT - Realtime Proxy Abuse Triangulation Rob Shein (Dec 30)
- Re: RPAT - Realtime Proxy Abuse Triangulation Syzop (Dec 30)
- <Possible follow-ups>
- Re: RPAT - Realtime Proxy Abuse Triangulation Stephen Friedl (Dec 27)