by Javantea aka. Joel R. Voss
Sept 8, 2006
Botnets
Spam Server Analysis
Spam Server Passive/Active Analysis 0.4
[sig]
50 MB of Test Spam
[sig]
At the above Neg9 Seattle meeting (Sept 8, 2006), a group of four Neg9 security researchers gathered to discuss botnets and various other ideas. I, Javantea, led the discussion of botnets, but as expected, the three other participants were far more knowledgeable than I on the topic of botnets. Quite a lot of research, development, and interest is going into botnets currently. This is a very positive note because everyone benefits from better knowledge and control of botnets.
It begs to be said that nothing illegal was done at the Neg9 meeting. Nothing unethical was done at the Neg9 meeting. Polite portscans are legitimate techniques of security researchers and criminals alike. I limited the output of my box to a maximum of 6 packets per second at maximum and 2 packets per second at nominal. Connecting to any machine on the internet is legitimate because open ports are public information. Anyone who disagrees is a complete idiot and should go straight to /dev/null.
Read more »Ident Protocol Scan
jvoss@altsci.com
jvoss@myuw.net
Oct 28, 2005
This program connects to an identd server and asks for the information. This is an unintended consequence of the design of the server.
Identd is an interesting program. It searches /proc/net/tcp for a matching entry. The input is easy enough for a human to input into telnet if they have the localport and the remoteport. We get the localport from getsockname() and the remote port is the port that we are connected to. This will give us the user that is running the command.
Read more »MD5 Collision Parser
jvoss@altsci.com
jvoss@myuw.net
Nov 17, 2005
MD5 Collision Parser 0.1 Source
[sig]
MD5 Collision Data Example
[sig]
MD5 Collision Generation Homepage
This program parses the output of an MD5 Collision Generation program. It creates two binaries with the same md5sum. Hopefully this will allow people to put MD5 into a deep grave with a dozen nails in the coffin.
I went for quick and dirty. This python program is not secure. In fact, a person should not use this until after looking at both the source and the data. The program uses an eval() call on the data.
Read more »Network Mapping
jvoss@altsci.com
jvoss@myuw.net
Nov 11-13, 2005
NetMap2 0.2.2 Source
[sig]
NetMap1 0.2.1 Source
[sig]
Netmap1 Neg9 Talk
Netmap2 Neg9 Talk
Netmap2 Neg9 Project
The Network Mapping project (also known as Neg9 UW Network Project) plans to develop tools to report on the usage of public networks through active scanning of ports. The first two tools are known as netmap1. It uses Nmap to discover available hosts and discover open ports on the hosts. Netmap1 involves two tools that can be run as part of a script. parse_ping1.py and parse_port1.py are run by the script scan_full1.sh. The output of the script are a set of xml files and records in a MySQL database.
Read more »