You are here: start

Software at carnivore.it

dionaea

nepenthes

libemu

nebula

liblcfg

xmpp - take #3

Small update on the xmpp-files-for-all feature mentioned previously. There were some bugfixes and cleanups for receiving files via logxmpp.
Now, you can verify logxmpp works for you by starting dionaea with

/opt/dionaea/bin/dionaea -l all,-debug -L 'logxmpp'

it should end with something like: 

[15052010 20:27:24] logxmpp dionaea/logxmpp.py:125: I am anonymous@sensors.carnivore.it/qtVuZyLM
[15052010 20:27:27] logxmpp dionaea/logxmpp.py:315: trying to join anon-files@dionaea.sensors.carnivore.it/anonymous-qtVuZyLM
[15052010 20:27:27] logxmpp dionaea/logxmpp.py:315: trying to join anon-events@dionaea.sensors.carnivore.it/anonymous-qtVuZyLM
[15052010 20:27:28] logxmpp dionaea/logxmpp.py:341: logxmpp is online!

So, if you use it, update, if you do not use it yet, consider it an option.

xmpp - take #3 · 2010-05-15 20:25 · Markus · 3 Comments · Tags:

xmpp - take #2

While the xmpp backend works really good, I've had no problems during the last months, there were very little sensors, basically just my own and - from time to time - some roamers.

As such service is pretty worthless without users, I thought about how to make it more attractive.

The best thing I could come up with, was allowing all sensors to receive files streamed to the xmpp channel, so your benefit from contributing to xmpp is getting something back. And, as this was the most convincing thing I could come up with, I already made it work.

So, if you hook you dionaea to the xmpp channel now, you'll get back all the files collected by other sensors *anonymously* and in realtime.
They end up in the same directory as the files dionaea collects, and basically get the same treatment, so you even receive the sandbox results for them. The only difference in treatment is, you do not stream files gatherd via xmpp to xmpp again.

So, if you want to benefit, update your dionaea, verify the config is up-to-date too, and …

  • compile the lxml python module as outlined here.
  • add logxmpp to your ihandlers in your dionaea.conf

Thats it.

xmpp - take #2 · 2010-05-12 21:09 · Markus · 0 Comments · Tags:

xmpp backend

I just committed xmpp backend code.
The backend code can:

  • store files which get streamed to the xmpp service on disk
  • store events which get streamed in a postgres database

Read more…

xmpp backend · 2010-02-10 22:33 · Markus · 0 Comments · Tags:

xmpp progress

Short update on xmpp, I setup prosody (again), and connected two clients:

xmpp works
it works, still hacked the reporting to be no xml, else psi does not render it

Read more…

xmpp progress · 2010-01-31 08:03 · Markus · 0 Comments · Tags:

xmpp - basics

basics

As distributed sensors are desireable, I had another look on xmpp over the weekend. XMPP is basically an xml stream for instant messaging, which can be used for other things too.

The good news first, it works:
dionaea xmpp basics work
screenshot from the reporting using psi, I had to change the rendering to escape < and >, else psi would not render it …

Read more…

xmpp - basics · 2010-01-26 10:17 · Markus · 0 Comments · Tags:

random notes

Even though I've spent some time on dionaea lately, I did not commit much of it yet, so here is a short heads up.

Read more…

random notes · 2010-01-22 10:44 · Markus · 0 Comments · Tags:

Related

Recent Posts

Tags

alix botnet bpf dataviz debian dionaea ftp gnuplot gss-api honeytrap joomla libemu metasploit mssql nepenthes ntlm python3 smb sqlite xmpp

Comments

Index

start.txt · Last modified: 2010/06/15 14:07 by common
chimeric.de = chi`s home Creative Commons License Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0