memory of nobody

TFTP and Emulate view I enhance a bit Markus' SQL query with   (                 SELECT                         COUNT(*)                 FROM                         (                                 SELECT                                         MIN(a.download) AS download                                 FROM                                         downloads AS a     ...

Gnuplot stuffs Yeah, long time not dealing with Gnuplot now it's up to it again. Since my machine didn't get a lot of binaries compared to other people out there who might have vast range of public IPs, so here goes. This is the content of my uniqfiles.txt 2010-06-18|108|12|98|11|11 2010-06-17|96|25|87|20|19 2010-06-16|71|4|67|3|2 2010-06-15|67|2|64|2|2 2010-06-14|65|8|62|8|8 2010-06-12|57|8|54|8|8 2010-06-09|49|4|46|4|4 2010-06-08|45|7|42|6|6 2010-06-06|38|7|36|7|7 2010-06-05|31|8|29|8|8 2010-06-03|23|3|21|3|3 2010-05-31|20|2|18|2|2 2010-05-26|18|4|16|2|2 2010-05-25|14|2|14|2|2 2010-05-23|12|4|12|4|4 2010-05-22|8|3|8|3|3 2010-05-20|5|5|5|5|5 which actually derived from the following (if you want to see what it means...) How to visualize them, refer Markus' write up here  . This is what I got; I changed a little bit on the scale since 600x120 seems so squeezed on my plot.

Afterglow stuffs I have been using Afterglow yesteryears back in 2008, when I submit my " conference paper " on what I fetched from my Nepenthes sensors. Tonite I just followed Markus tips on creating the same stuffs, the only thing that triggered me to try out was getting the data from SQLite, something which I never done before since usually I simply create an AWK script (sigh, what a waste) aka log parsing. So 2000 late. This is what I did, The following are sanitized IPs: Read the rest from Markus

Mwcollectd v4 Mwcollectd is written by 0xff ( Georg Wicherski) , now that since I plan to contribute back to mwcollect alliance, I've to get a software which provides module for the binaries submission. Nepenthes will do, with the submit-mwserv.conf module (however, I'm yet to know how to enable this, either by editing nepenthes.conf or something). Dionaea, I'm not sure yet since I can't find the module for the submission.  For the mean time I go for Mwcollect, perhaps until I can figure out how to do this on Nepenthes/Dionaea.  If you wondering what mwcollect is, go here  . There is also slides which presented stuffs on mwcollect.

Dionaea, XMPP and SQLiteman The following is what it's look like for the normal log. But since we have the SQLiteman client, simply invoke the SQL statement, and query the data as you like ;-)

SQLite and Dionaea Markus  shared that in order to use SQLite which manipulates loqsql.sqlite in the default /opt/dionaea/var/dionaea/logsql.sqlite, sqlite3 should be used. Also instead of using the creepy SQLite statement, use sqlman instead as follows: also, since Markus already upgraded the Dionaea code, you don't need to use XMPP client either PSI or Pidgin based, instead just invoke  /opt/dionaea/bin/dionaea -l all,-debug -L 'logxmpp'

Psi and Pidgin with Dionaea Honeypot (XMPP support)

Dionaea with XMPP I was actually wonder why Nepenthes sensors and Dionaea did not catch any malware since 8th April. It's more than a month now. So I decided to look to the other way despite looking at the empty, boring folder. But I'm not sure whether my config is correct, although I guess I already able to login. You might also want to use XML Console within Psi