codered/general simple honeypot

[corecode <corecode () corecode ath cx>]

i have written a codered catcher, that logs the accesses pretty well i think...
i know it's a little too late as the storm is over but somebody might want this

it accepts on port 80 and logs the whole traffic to a seperate file
if multiple equal (ie. same bytes) requests occur only the first is saved, 
the remaining connections are just logged (to reduce redundancy).

as the worm contains self-modifying code i need to improve this a bit so 
that these parts of the worm don't count.

have a look at http://www.eikon.tum.de/~simons/coderedcatch.c (will be 
updated now and then)

cheerz
  corecode

Attachment: coderedcatch.c
Description:

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com