I pushed some final mysql fixes for dionaea yesterday, and just had a look on the ore if there was some activity already.
Yes, there was some activity.
The ore has arrived.
Ore is a public and registration less version of the carniwwwhore webinterface which is fed with the anonymous data gathered over xmpp.
The hardware is sponsored by Kasperky.
Enjoy it.
I felt carniwwwhore needs some visuals, so I've been playing with pychart lately, and I wanted to point out some aspects of the data which are easily accessible with carniwwwhore.
The data used here was gathered using the anonymous xmpp sensor network, which is not that exact as source, as users may nmap their own scanner for testing purposes, or fail to install properly.
The code which generates charts for the data is not in git yet, but all charts are plain copies from 'what exists' already.
distribution of the top 100 rejects for the last 2 weeks
The top 10 of the top 100 rejects make a large chunk of the total.
| # | port | count | … |
|---|---|---|---|
| 1 | 15436 | 16540 | unknown |
| 2 | 139 | 11311 | netbios |
| 3 | 9415 | 8687 | proxy? |
| 4 | 1080 | 1449 | proxy |
| 5 | 4899 | 1127 | radmin |
| 6 | 445 | 762 | smb - dionaea should serve this |
| 7 | 25 | 754 | smtp |
| 8 | 27977 | 723 | proxy? |
| 9 | 3389 | 716 | rdp |
| 10 | 23 | 714 | telnet |
| 11 | 1433 | 677 | mssql - dionaea should serve this |
| 12 | 2967 | 302 | big yellow |
| 13 | 5900 | 242 | vnc |
For tcp/port 15436 I have no idea what is meant to be served on the port, the distribution of the top 100 hosts looks like this:
distribution of the top 100 rejected hosts for tcp/port 15436 for the last 2 weeks
carniwwwhore is meant to be a webinterface for dionaea's postgres database which is fed over xmpp. To start with, you can convert your current logsql sqlite database to postgres, instructions are included. carniwwwhore is written in python2.x using django.
<jcanto> workmate: 'Django is like a cheap whore: takes some time to understand her, but then it makes lots of stuff for a little spending
As the Berlusconi in me was convinced rather instantly, I decided to give django a shot.
Current projectname is carniwwwhore, and as I know I suck in this webdev, I'm looking for people who want to participate, so this flower survives the cold season.
I basically just tested how to get things done with django, and from what I can say, jcanto's workmate is correct.
Due to my lack of love towards html and css, it looks ugly, but given the MVC and use of templates, making it look pretty should be easy for somebody who wants a pretty presentation.
Given my obvious anticipation towards html, I spent most of the time on the filters …
Printing the connections recursively was a pita, but it works …
