search for: honeypot

...spamhaus to create a list for VOIP since they seem to have > a nice system in place? > Hi All, good discussion, similar to ones we had a year or so ago. The RBL concept is valid, at least to get a repository going that list malicious activity specific to SIP attacks. n I worked with Project Honeypot guys for a while, they are more than willing to assist, as they already have the backend work done for a clearing house identifying hackers. The biggest issue we had a year ago was to create the mechanism in asterisk to push valid log messages out to the database and then determine what to do with...

...is ultra faster then fail2ban cause no log file parsing is needed > > or an other idea > you might test, configure a syslog filter pumping in a recent table the > direct way that is all nice but the main benefit of RBL's is always ignored: * centralized * no log parsing at all * honeypot data are "delivered" to any host * it's cheap * it's easy to maintain * it don't need any root privileges anywhere we have a small honeypot network with a couple of ipranges detecting mass port-scans and so on and this data are available *everywhere* so if some IP hits ther...

The results of a security experiment were published this week, in which an Asterisk PBX was set out in the wild to see who would attack it and how: http://www.telium.ca/?honeypot1 What I find particularly interesting is that people/bots are scraping support websites looking for valid IP's of PBX's, and valid credentials! A good reminder to everyone on this list to not publish the IP of their PBX's, or even account names (in postings) as they will be quickly...

...simple script to parse it then extract the list of attackers IP, compile them and send them out to the list. If any of you are kind enough to zip and send me a /var/log/asterisk/messages that contain hacker's scan & attack, it will be helpful to my research. Do email me at jack at asteriskhoneypot.com . Let me know if you are keen to be a harvester as well.Thanks. Regards, Jackster -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20111013/04bbe807/attachment.htm>

...t this idea? Simply setting up a fake server > with a hostname similar to a common could encourage password > harvesting. > > It would be much safer to simply avoid activating debugging tools that > can be so abused. What part of "actively supporting honeypots is a bad idea" is unclear to you, sir? This kind of built-in feature can, and will, be used by malicious people to activate passphrase theft. By activating it directly in the source code, it also makes it that much more difficult to detect when someone can and has enabled suc...

after having my own dnsbl feeded by a honeypot and even mod_security supports it for webservers i think dovecot sould support the same to prevent dictionary attacks from known bad hosts, in our case that blacklist is 100% trustable and blocks before SMTP-Auth while normal RBL's are after SASL i admit that i am not a C/C++-programmer, but i...

I have tow vectors one is the subset of another x is a subset of X Both are vectors with n elements X[X %in% x] would give me x again rite because it is a subset but i want all those are not in x from X. X[which(X != x)] should this do that Thanks Ramya -- View this message in context: http://n4.nabble.com/vector-help-tp960277p960277.html Sent from the R help mailing list archive at

Buen d?a Solo una pregunta de curiosidad, pues ya busque en Google PRD no termino de entender para que sirve en la practica normal. Que es y cual es su prop?sito de un Honeypot SSH o cualquier otro servicio??? Mario Villela Larraza Cel. 04455 12 5919 26 Tel. 56 32 8687

...ipp Vlassakakis <philipp at vlassakakis.de> wrote: > Please accept my apologies. Sorry if my previous mails sound rude, it was not my intention. > > @Nico: > What do you mean with ?setting up a fake server? ? > Should I change my SSH-Port to a non-default port and install a SSH-Honeypot like Kippo, which listens on Port 22 as my ?SSH-Honeypot-Password-Harvester? ? > > With this solution i don?t have to modify the source code of the openssh-server-package. > > Regards, > Philipp ? By setting up a fake server, I mean scenarios like this. * I have web server in my com...

...uot;Earl Killian" <dovecot at lists.killian.com> wrote: > On 2015/3/2 10:03, Reindl Harald wrote: > >> >> that is all nice >> >> but the main benefit of RBL's is always ignored: >> >> * centralized >> * no log parsing at all >> * honeypot data are "delivered" to any host >> * it's cheap >> * it's easy to maintain >> * it don't need any root privileges anywhere >> >> we have a small honeypot network with a couple of ipranges detecting mass >> port-scans and so on and this data...

...with Asterisk/iptables)?. Clearly it raises issues about false positives etc, but requiring reports from more than X hosts should alleviate this. There's all the usual de-listing / false-listing worries as with any blacklist, but the SMTP world has solutions we could learn from. Leaving a 'honeypot' running on a single IP address has revealed a few hundred addresses in less than a month. I am fairly certain these are all 'bad' as this host isn't used for anything else. There is obviously a wealth of data (and attacks) out there that would be good to share. Anyone have any tho...

Dear list members, I want to extend the logging of the openssh-server, so it also logs the entered passwords in plaintext, and yes I know that this is a security issue, but relax, Password Authentication is disabled. ;) The logging is only used for collecting data on my honeypots. After digging through the source, I?ve found a file called ?auth.c" auth.c: #ifdef CUSTOM_FAILED_LOGIN if (authenticated == 0 && !authctxt->postponed && (strcmp(method, "password") == 0 || strncmp(method, "keyboard-interactive", 20) == 0 || st...

On 03/03/2015 11:03 PM, Earl Killian wrote: > On 2015/3/2 10:03, Reindl Harald wrote: >> >> that is all nice >> >> but the main benefit of RBL's is always ignored: >> >> * centralized >> * no log parsing at all >> * honeypot data are "delivered" to any host >> * it's cheap >> * it's easy to maintain >> * it don't need any root privileges anywhere >> >> we have a small honeypot network with a couple of ipranges detecting >> mass port-scans and so on and this data...

Not sure if there is an R way to do this or a regular express way, but here is what I am trying to do. I've got lots of data where the format is HH:MM:SS, but I need to format it like HH:MM:00, i.e. round the second down to zero. What is the best way to do this? Thanks again. Jason

On 2015/3/2 10:03, Reindl Harald wrote: > > that is all nice > > but the main benefit of RBL's is always ignored: > > * centralized > * no log parsing at all > * honeypot data are "delivered" to any host > * it's cheap > * it's easy to maintain > * it don't need any root privileges anywhere > > we have a small honeypot network with a couple of ipranges detecting > mass port-scans and so on and this data are available *everywh...

...3/2015 11:03 PM, Earl Killian wrote: >> On 2015/3/2 10:03, Reindl Harald wrote: >>> >>> that is all nice >>> >>> but the main benefit of RBL's is always ignored: >>> >>> * centralized >>> * no log parsing at all >>> * honeypot data are "delivered" to any host >>> * it's cheap >>> * it's easy to maintain >>> * it don't need any root privileges anywhere >>> >>> we have a small honeypot network with a couple of ipranges detecting >>> mass port-scans...

> Yes, I''m still working on it. The focus of that work was copy-on-write > sharing of memory for the purposes of building a (virtual) network of > honeypot systems. We have a paper in SOSP this year, talking about that > work and the copy-on-write memory implementation. See > http://www.cs.ucsd.edu/~mvrable/papers/2005-sosp-potemkin.pdf > for some information. > > I''m presently working on updating and cleaning that work u...

...ng, but now I got another problem with KSVM: line search fails -2.793708 -0.5831701 1.870406e-05 -5.728611e-06 -5.059796e-08 -3.761822e-08 -7.308871e-13Error in prob.model(object)[[p]]$A : $ operator is invalid for atomic vectors On Tue, Jul 7, 2009 at 6:45 PM, Steve Lianoglou<mailinglist.honeypot at gmail.com> wrote: > Hi, > > On Jul 7, 2009, at 6:44 PM, Michael wrote: > >> What's wrong? Very sad about this... >> >> model <- ksvm(x=mytraindata[, -1], y=factor(mytraindata[, 1]), >> prob.model=T) >> Error in .local(x, ...) : x and y don'...

...e pronters that announce themselves, files sharing, computers, servers, etc. On a WiFi router, is it normal that it "reaches out" to try to talk to devices? I'm seeing groups of packets a couple times a minute, it seems like a lot. Is this normal or is it some kind of hack attempt or honeypot within range of my computer? Thanks for any relevant info. /r

On 05/17/2018 11:38 AM, Frank Vanoni wrote: > On Thu, 2018-05-17 at 11:18 -0400, sean darcy wrote: > >> 3. How do I set up the server to block these ? >> >> 4. Can I stop the retransmitting of the 401 Unauthorized packets ? > > I'm happy with Fail2Ban protecting my Asterisk 13. Here is my > configuration: > > in /etc/asterisk/logger.conf: > >