Skip to main content

Posts

Showing posts from June, 2010
TFTP and Emulate view

I enhance a bit Markus' SQL query with


  (                SELECT                        COUNT(*)                FROM                        (                                SELECT                                        MIN(a.download) AS download                                FROM                                        downloads AS a                                JOIN                                        connections AS b ON(a.connection = b.connection)                                GROUP BY                                        a.download_md5_hash                                HAVING                                        strftime('%Y-%m-%d',MIN(b.connection_timestamp),'unixepoch','localtime')                                = strftime('%Y-%m-%d',connections.connection_timestamp,'unixepoch','localtime')                        ) AS newdownloads                        NATURAL JOIN downloads                WHE…
From Paris with Love ...!

Saya berpeluang berjalan-jalan di Kota Paris, bersama isteri saya selepas kira-kira enam bulan perkahwinan kami (macam honeymoon lah tu!). Kami bertolak berdua dari Stesen Keretapi St Pancras di London, dan tiba di Stesen Keretapi Gare Du Nord di Paris. Perjalanan adalah kira-kira 2 jam, merentasi terowong bawah laut Selat Inggeris. Di Paris kami tidak punya banyak masa, disebabkan cuti isteri saya yang pendek, kami hanya ambil cuti seminggu sahaja untuk pusing-pusing di Ireland, UK dan Perancis. Kenangan di Perancis lebih mencabar kerana sahabat kami yang mulanya menemani perjalanan di UK dan Ireland (dia belajar di Dublin) tidak dapat menemani kami, kerana ada kelas. Nak harapkan orang yang tak pernah study oversea macam kami ni hehehehe


Maka perjalanan pun bermula...!
Setelah sampai di Gare Du Nord tadi, kami perlu mencari penginapan kami, hotel bajet yang terletak di Rosny (macam nama Dekan saya dulu, Dr Rosni). Mula-mula kami naik keretapi RER dan turun di…
Gnuplot stuffs
Yeah, long time not dealing with Gnuplot now it's up to it again. Since my machine didn't get a lot of binaries compared to other people out there who might have vast range of public IPs, so here goes.
This is the content of my uniqfiles.txt

2010-06-18|108|12|98|11|11 2010-06-17|96|25|87|20|19 2010-06-16|71|4|67|3|2 2010-06-15|67|2|64|2|2 2010-06-14|65|8|62|8|8 2010-06-12|57|8|54|8|8 2010-06-09|49|4|46|4|4 2010-06-08|45|7|42|6|6 2010-06-06|38|7|36|7|7 2010-06-05|31|8|29|8|8 2010-06-03|23|3|21|3|3 2010-05-31|20|2|18|2|2 2010-05-26|18|4|16|2|2 2010-05-25|14|2|14|2|2 2010-05-23|12|4|12|4|4 2010-05-22|8|3|8|3|3 2010-05-20|5|5|5|5|5
which actually derived from the following (if you want to see what it means...)



How to visualize them, refer Markus' write up here .
This is what I got;





I changed a little bit on the scale since 600x120 seems so squeezed on my plot.
Afterglow stuffs
I have been using Afterglow yesteryears back in 2008, when I submit my "conference paper" on what I fetched from my Nepenthes sensors. Tonite I just followed Markus tips on creating the same stuffs, the only thing that triggered me to try out was getting the data from SQLite, something which I never done before since usually I simply create an AWK script (sigh, what a waste) aka log parsing. So 2000 late.
This is what I did,

The following are sanitized IPs:



Read the rest from Markus
Mwcollectd v4
Mwcollectd is written by 0xff (Georg Wicherski), now that since I plan to contribute back to mwcollect alliance, I've to get a software which provides module for the binaries submission. Nepenthes will do, with the submit-mwserv.conf module (however, I'm yet to know how to enable this, either by editing nepenthes.conf or something). Dionaea, I'm not sure yet since I can't find the module for the submission. 
For the mean time I go for Mwcollect, perhaps until I can figure out how to do this on Nepenthes/Dionaea. 
If you wondering what mwcollect is, go here . There is also slides which presented stuffs on mwcollect.


Dionaea, XMPP and SQLiteman


The following is what it's look like for the normal log.


But since we have the SQLiteman client, simply invoke the SQL statement, and query the data as you like ;-)