One of the things that I find lacking in netcat is a timestamp feature. You can log the requests but you can not easy log the exact timestamps. Instead of writing a wrapper around netcat I wrote a small python script that can act as a simple TCP or UDP network server.
A lot of the code is inspired on code at http://ilab.cs.byu.edu/python/select/echoserver.html and http://www.binarytides.com/udp-socket-programming-in-winsock/
All of the code can be found on Github together … Read more.
I manage a number of WordPress sites. These sites get a lot of login attempts. Instead of dropping these attempts I decided to log them and build some stats.
I also wanted “something” that I could use to play with Pipal. Pipal is a password analyzer that provides useful statistics on a list of passwords. Note that it is NOT a password cracker.
I created a fake WordPress login form (wp-login.php) and installed this on … Read more.
The Elasticsearch ELK Stack (Elasticsearch, Logstash and Kibana) is an ideal solution for a search and analytics platform on honeypot data.
There are various howto’s describing how to get ELK running (see here, here and here) so I assume you already have a working ELK system.
This post describes how to import honeypot data into ELK. The easiest way to get all the necessary scripts and configuration files is by cloning the full repository.
If … Read more.
This is the fifth part in a list of cheatsheets based on the book Network Security: Private Communications in a Public World (2nd Edition).
This post provides an overview of some best practices. The first part, Cryptography Introduction Cheatsheet – part 1, was about cryptography, the second part, Cryptography Introduction Cheatsheet – part 2, about authentication, the third part Cryptography Introduction Cheatsheet – part 3, about standards and the fourth part Cryptography Introduction Cheatsheet – … Read more.
This is the fourth part in a list of cheatsheets based on the book Network Security: Private Communications in a Public World (2nd Edition).
This post is about standards. The first part, Cryptography Introduction Cheatsheet – part 1, was about cryptography, the second part, Cryptography Introduction Cheatsheet – part 2, about authentication and the third part Cryptography Introduction Cheatsheet – part 3, about standards.
There are two types of mail distribution lists
The … Read more.
This is the third part in a list of cheatsheets based on the book Network Security: Private Communications in a Public World (2nd Edition).
This post is about standards. The first part, Cryptography Introduction Cheatsheet – part 1, was about cryptography and the second part, Cryptography Introduction Cheatsheet – part 2, about authentication.
Kerberos is a secret key based service for providing authentication in a network. It uses a KDC on a secure node. A … Read more.
This is the second part in a list of cheatsheets based on the book Network Security: Private Communications in a Public World (2nd Edition).
This post is about authentication. The first part, Cryptography Introduction Cheatsheet – part 1, was about cryptography.
Authentication is the process of reliably identifying the identity of someone.
Password based authentication happens via a secret quantity. The biggest drawback is eavesdropping. Guessing the password can happen online or offline. Offline … Read more.
This post (and the follow ups to this post) are based on a study book, Network Security: Private Communications in a Public World (2nd Edition) from Prentice Hall, that I started reading end of the summer of 2014.
I wanted to write some cheatsheets to make it easier to look up the information at a later stage. You can find the book in the Amazon bookstore.
Alice, Fred and Trudy are the participants in … Read more.
In a previous post I did an analysis of HTTP headers returned by Belgian websites. The list of websites was based on an old Alexa datafile and more or less reflected the most ‘popular’ Belgian websites. I now trimmed these domains to their top domain only (so www.site.be and alpha.site.be became site.be) and decided to check what type of MX records are defined for the different domains.
MX records are DNS records that specify a … Read more.
This is the second part in the analysis of the content of HTTP headers returned from Belgian websites. The first part describes what HTTP headers are and analyses the results of the network requests.
Disclosing HTTP headers is not going to make your site more vulnerable nor is not disclosing them going to make your site more secure. But by leaking version information you basically give away your level of patch management, making it easier … Read more.
Graphs made with cudeso posts stats
By continuing to use the site, you agree to the use of cookies. more information
An HTTP cookie, is a small piece of text sent from a website and stored in your web browser. Cookies are a reliable mechanism for websites to remember your preferences and improve your browsing experience.
If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.