nanog mailing list archives
Re: Tools for LARTing large nets of compromised boxen? (on/off list summary)
From: Michael Loftis <mloftis () wgops com>
Date: Thu, 20 Apr 2006 15:55:21 -0600
I received quite a few good responses, I've ended up using incident.pl and wormeter.pl from the list below (found at the same place).
Thanks again everyone.IASON was pointed out but seems incomplete http://iason.site.voila.fr/ and http://sourceforge.net/projects/iason/
Another member pointed out that Cymru WHOIS server has a bulk mode input to turn IP lists into source ASNs. http://www.cymru.com/ and whois://whois.cymru.com/
incident.pl from http://www.viraj.org/ along with wormeter.pl from same is what I ended up using. I had to write a pattern to match, and remove other patterns to prevent accidental matches but this ended up doing what I wanted.
I got some other responses, some duplicates too. I've anonymized responses since I'm not sure if the off-list responders wish to be identified.
Current thread:
- Tools for LARTing large nets of compromised boxen? Michael Loftis (Apr 19)
- Re: Tools for LARTing large nets of compromised boxen? Michael Loftis (Apr 20)
- Re: Tools for LARTing large nets of compromised boxen? (on/off list summary) Michael Loftis (Apr 20)
- Re: Tools for LARTing large nets of compromised boxen? Jon Lewis (Apr 20)
- Re: Tools for LARTing large nets of compromised boxen? Michael Loftis (Apr 20)