I fix some issues and created some new goodies to play with. 

• fake-sshd - Bug Fixes
• brute-sshd - Added
• memory-pressure - Added
• pipesplit - Added

I have just added another tool to my collection. Which is a fake sshd for linux. It can be used to capture login attempts. It is used for doing the following.

• Profiling password attack atempts on servers.
• Setting up a honey pot so you can invite the "kids" in
• Stealing the dictionary's used by attackers to test against your own password hashes.

Here is an example of the log output from an attack.

Dec 11 14:02:04 debian fake-sshd.exe: IP: 74.53.140.146 USER: root PASS: edityahoo.no
Dec 11 14:02:06 debian fake-sshd.exe: IP: 74.53.140.146 USER: root PASS: edityahoo.org
Dec 11 14:02:07 debian fake-sshd.exe: IP: 74.53.140.146 USER: root PASS: 68b329da9893e34099c7d8ad5cb9c940
Dec 11 14:02:09 debian fake-sshd.exe: IP: 74.53.140.146 USER: root PASS: 7hur@y@t3am$#@!(*(
Dec 11 14:02:10 debian fake-sshd.exe: IP: 74.53.140.146 USER: sysgames PASS: qwertycosmin
Dec 11 14:02:12 debian fake-sshd.exe: IP: 74.53.140.146 USER: bin PASS: diana4ever
Dec 11 14:02:13 debian fake-sshd.exe: IP: 74.53.140.146 USER: bin PASS: bostanel

more information / download

So I have been busy digging and moving tech recently as I switched jobs. So I went for a rummage way back to when I learnt to program which would have been in the mid 90's and found some of the following things. To my surprise almost everything I found still compiled and I have decided to dump some of the short programs I have onto my software page. Most were created for the purpose of learning at the time. All of them are written in C and will compile on debian / lenny. There will probably be more to follow as well!

The following have been added

• Fake Sub7 Trojan
• ICMP Ping sweeper
• NetFlow to MySql Logger
• Sub7 Scanner
• TCP Fast Scanner

More will probably follow later!

Recently I seem to be running into a little bit of a spamming problem with backlink's being submitted to the blog. It looks like the way .net blog engine does post is really easy for the spammer to be able to post lots and lots of comments with bots (I guess the spammers are getting good at this now). This sounds quite bad but everything is being caught by the spam filters so its really not so bad. So this is a bit of a guide to attempt to protect a website from such action coming from abusive computers around the internet. More...