Security Incidents mailing list archives
codered/general simple honeypot
From: corecode <corecode () corecode ath cx>
Date: Thu, 02 Aug 2001 02:04:51 +0000
i have written a codered catcher, that logs the accesses pretty well i think... i know it's a little too late as the storm is over but somebody might want this it accepts on port 80 and logs the whole traffic to a seperate fileif multiple equal (ie. same bytes) requests occur only the first is saved, the remaining connections are just logged (to reduce redundancy).
as the worm contains self-modifying code i need to improve this a bit so that these parts of the worm don't count.
have a look at http://www.eikon.tum.de/~simons/coderedcatch.c (will be updated now and then)
cheerz corecode
Attachment:
coderedcatch.c
Description:
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- codered/general simple honeypot corecode (Aug 01)