WormRadar Node Volunteers Help Graph Attacks 159
zoombat writes "NTBugtraq has a post looking for volunteers to run WormRadar nodes. The nodes are essentially honeypots that watch for suspicious activity. Its purpose is to both measure the frequency of known, current worms and to alert us all when something new becomes active. A graph (updated every 30 minutes) shows what was detected. Currently it looks like only a Windows client is available, though."
Other platforms (Score:5, Insightful)
Might it make more sense to have the client available on platforms which are not necessarily vulnerable to most of these infections? After all, many of the systems which are connected to the Internet full time (servers/workstations etc...) are not Windows machines.
Lol. Understatement. (Score:5, Funny)
It's like the canary in the mineshaft...Works fine for detecting hazards, but a little rough on the bird.
Re:Lol. Understatement. (Score:5, Funny)
while (not_infected) {
send ("Woo Hoo! I'm alive still")
}
And the server does this:
listen (client_port) {
while (get_alive_messages) {
writeGraph (noWorm);
}
ohShit(clientMachineGotWorm);
}
Not a very good solution if the clients never die now, is it?
Re:Lol. Understatement. (Score:1)
If the sole purpose of the bird is to get the crap kicked out of it anyways, why not take it into the mine anyways? I'm looking for a suitable piece of junk hardware that I can throw questionable programs on and try to make them phone home... might as well toss this on while I'm at it.
Because (Score:3, Insightful)
It seems like windows was implemented with the "everyone is mostly nice" idea that the original internet, and certainly the original email system was. No one at MS anticipated that people would run programs that actively harmed them, and that their computers wo
The problem is (Score:2)
Problem: You can't not give people root/admin/whatever access to their own systems. They need the ability to install new programs, updates
Yes, you can (Score:3, Insightful)
The problem is that programs these days do things that the user dosn't know about, dosn't want, can't control, and ultimately can't even stop when they find out. That's ridiculous.
If I'm root, and I don't trust a program I'm running, I can su it, and run it as a regular user and lock it down to a single folder on the file system with no network access. You have to do it manually, and on windows you can only do it
Re:Lol. Understatement. (Score:1, Flamebait)
They remind me of Southern Baptists.
Re:Other platforms (Score:2, Interesting)
Re:Other platforms (Score:4, Interesting)
0x65f00000-65fc0800 (PE) C:\WINDOWS\SYSTEM\OLE32.DLL
0x70bd0000-70c34600 (PE) C:\WINDOWS\SYSTEM\SHLWAPI.DLL
0x78000000-7804000
Threads:
process tid prio
0000000a (D) Y:\updates\WormRadar.exe
0000000b 0 <==
WineDbg terminated on pid a
Re:Other platforms (Score:1)
Unhandled exception: 0eedfade in vm86 code (ffffffff:550e3ec0).
In vm86 mode.
Register dump:
CS:ffff SS:3ec0 DS:0000 ES:0000 FS:0000 GS:0018
IP:3ec0 SP:9258 BP:e255 FLAGS:d954( -N01O T Z-A-P- )
AX:2ff4 BX:a25c CX:e231 DX:2ff4 SI:9380 DI:3ec0
Stack dump:
0x3ec0:0x9258: 0000 0000 0000 0000 0000 0000 0000 0000
0x3ec0:0x9268: 0000 0000 0000 0000 0000 0000 0000 0000
0x3ec0:0x9278: 0000 0000 0000 0000 0000 0000 0000 0000
0x3ec0:0x9288:
Re:Other platforms (Score:5, Insightful)
honey pot: n.
1. A box designed to attract crackers so that they can be observed in action. It is usually well isolated from the rest of the network, but has extensive logging (usually network layer, on a different machine). Different from an iron box in that its purpose is to attract, not merely observe. Sometimes, it is also a defensive network security tactic -- you set up an easy-to-crack box so that your real servers don't get messed with. The concept was presented in Cheswick & Bellovin's book Firewalls and Internet Security.
2. A mail server that acts as an open relay when a single message is attempted to send through it, but discards or diverts for examination messages that are detected to be part of a spam run.
With emphasis on the attract part. How are you going to monitor worms that propigate using windows with a linux box? You may be able to say, for instance, how many times a certain port was probed. You can't get a linux box to respond in the same way as a windows box without seriously getting into the kernel though.
Re:Other platforms (Score:2, Interesting)
Re:Other platforms (Score:5, Insightful)
Re:Other platforms (Score:4, Interesting)
It's a blasted worm. Only if very sophisticated would a worm look for an authentic Windows environment. Why would they bother?
I'm far more familiar with honey pot definition 2 - and I know how incredibly stupid spammers have long been when it comes to open relay honeypots. They are doing bulk abuse, not pinpoint abuse. Whatever the details they are looking for a vulnerability - and then exploit that vulnerability when they find it. They look for hundreds or thousands of vulnerable systems. They do that "quick and dirty" - that's all they've had to do (almost no complex countermeasures are employed against them.) That has worked for them. Why should they make it more complicated?
It's not guaranteed that the woms are so primitive that they don't verify that a system is a Windows system - but it's not guaranteed the worms do. Wouldn't it be better to set up the Linux systems and see if they succeed or are discovered as fakes? That has some chance of success. Arm's-length philosophical discussions won't stop any abuse.
My experience with open relay honeypots suggests that all the spammers do to check for those is attempt to relay. I can see reason for the abusers to be more careful and more clever - but rather than assume they are the better idea is to force them into being more careful and more clever. Burn up more of their time, confuse them about the rest of the internet (the part they abuse, as opposed to their own part.) There are many goals in fighting abuse - don't fixate on just one. If the abusers can be made thoroughly confused about the rest of the internet (i.e., can't tell what is and what isn't vulnerable to abuse) then they pretty much have to give up. That will never happen if all that is done is engage in discussions.
OK, do fixate - it's you time - who am I to tell you what to do? But give some thought to how much better it is to make a broader attack, if you will, please.
P.S. Open relay honeypots still work today, April 23, 2004. Open proxy honeypots may be even more powerful.
Re:Other platforms (Score:2)
so go (Score:5, Interesting)
distributed attacks against hackers doing distributed attacks
Re:so go (Score:3, Insightful)
Besides, the way I see it, the more viruses and worms floating around the better: it helps people realize how shitty Windows is as a platform, and how Microsoft just treats their customer like crap by selling them mediocre products at outrageous prices. I certainly don't to help Microsoft look better.
Obvious joke (Score:5, Insightful)
Why is there only a windows client? Because all the worms only effect windows machines, what would be the point of a client on anything else?
Although of course, the more serious answer is "A client on something other than windows would be sensible, because if a new worm comes out and hits a 0-day windows hole then your machine could be infected and dead before it gets the chance to report that it is being attacked. (Just why is it that all these worms people write nowadays just seem so.. nice? I remember the days when 90% of viruses would at the very least format your hard disc.. now they just sit there. It's almost a shame, because one good formating worm might finally make people take them more seriously.. it's only a matter of time)
Re:Obvious joke (Score:4, Insightful)
Why is smallpox darn near extinct, but the common cold thrives?
If a worm formats your hard disk, it can't keep scanning for and infecting new machines. For one thing, now you know something is wrong, and are more inclined to fix it.
It's almost a shame, because one good formating worm might finally make people take them more seriously.
And there, you answer your own query. If worms did "real" damage (i.e. obviously interfered with the working of the computer), people would be much more cautious about contracting and spreading them. But how many of you freak out and quarantine yourself if you come in contact with a carrier of the common cold? Same thing...
Re:Obvious joke (Score:3, Informative)
'Cause we KILLED smallpox! (well...excepting what's so far noncontagiously tucked away in cryo storage here and there)
It has nothing to do with the virulence of smallpox as opposed to the common cold. Hell, as far as that goes, the great sweaty mass of humanity is a fat ripe target just waiting for something that will sweep through and slay the many, but I drift OT.
Worms that can do "real" damage may well yet spring up from out of the ground an
Re:Obvious joke (Score:2)
Smallpox was more dangerous, so we killed it.
The common cold does kill people, but mostly just old people.
Admittedly it doesn't seem possible to cure the common cold because you'd have to cure it everywhere all at once which is presumably impossible, and we don't even really necessarily know where they come from in the first place.
Re:Obvious joke (Score:2)
Good catch. Thank you.
Admittedly it doesn't seem possible to cure the common cold because you'd have to cure it everywhere all at once which is presumably impossible, and we don't even really necessarily know where they come from in the first place.
Well, if the common cold were thought to be a major threat, the first thing we'd do is start being less casual about spreading it around. We'd quarantine people who come down with the sni
Re:Obvious joke (Score:3, Insightful)
It's evolution. A pathogen that kills its host too fast is a failure unless it can spread extremely fast to compensate. While the old viruses and worms were the equivalent of ebola, wreaking as much havoc to the host as possible, the new ones are more the software equivalent of lampreys or tapeworms- slowly but sure
Re:Obvious joke (Score:2)
After all if they are using that machines resources it would make sense for the worm to make any modifications to the set up to enable it to run more efficiently and defend it's self against other worms taking over it's host and kicking it out.
Re:Infect, Effect and Affect (Score:4, Interesting)
"Infect" refers to passing along a nasty.
"Effect" means "make happen" or "bring about" as in "Make it so."
"Affect" can be understood in terms of a combination the above.
I think you meant to say "worms only affect windows machines".
Affectionately speaking, of course.
Re:Infect, Effect and Affect (Score:1)
Effect is a noun. Affect is a verb.
Re:Obvious joke (Score:2)
Re:Obvious joke (Score:2)
So they can use the infected machines as spam zombies. Or at least as DDoS networks in their IRC wars...
Ebola (Score:2)
Well, a virus/worm that kills it's host too easily won't spread too far, will it? It's the same in the biological world. Ebola is very effective at killing it's host quickly, and that's what limits it's spread.
And generally these newer viruses/worms aren't just sitting there, they're figuring out how to spead to all
Witty Worm (Score:2)
What about the Witty worm [caida.org]? To quote from that link, Witty was the first widely propagated Internet worm to carry a destructive payload. The authors of the referenced study think that the Witty Worm infected the entire vulnerable population before it self-destructed by scragging hard disks.
If you invoke the "too" in "kills it's host too easily", then I'll just wave you off as tautological: there's no way to disprove what you
Open Source or Trojan Horse? (Score:5, Insightful)
Re:Open Source or Trojan Horse? (Score:5, Informative)
Roger Thompson
Roger Thompson
1650 Emerald Ridge
Marietta, GA 30062
US
Phone: 6785608027
Fax..: 6785609109
Email: rogert@mindspring.com
If not that would be the first time that a trojan writer puts his real world address out for all to see.
In the windows world people don't even expect to be able to see the source code.
Re:Open Source or Trojan Horse? (Score:2, Insightful)
Re:Open Source or Trojan Horse? (Score:3, Insightful)
This could be said about any small, proprietary software utility that you see on download.com or tucows. Only time will tell if it's a trojan or not, but if it is, the techies who make up its target audience will find out fast. And they'll spread the word fast. And after receiving the word, they will take it seriously. Techies have other traits besides access to lots o
"Download WormRadar.exe now" (Score:4, Funny)
Yeah, that's going to happen.
Someone run it through IDA? :-P
Re:"Download WormRadar.exe now" (Score:1, Informative)
PNG for gawds sake! (Score:3, Insightful)
And oh, "they" use JPEG for the graph! Look at it -- it's horrible!
Okay, you DON'T download and run executables from people who can't even pick the right image format for an image like that one (hint: it's PNG). What's the odds of these people knowing anything about researching worms if they can't even get a fscking image right? Close to zero.
I honestly don't understand how come so many have a problem with this. Just look at that "JPEG patents"-story. Scary. I thought this was a place for nerds?
Here'
Re:PNG for gawds sake! (Score:3, Informative)
They used the size variables in HTML to resize it (which of course makes it look terrible). Image size is 446x668, They resize it to 560x839. Makes no sense.
Still makes their operation look pretty bad.
Fixed (Score:2)
Re:"Download WormRadar.exe now" (Score:1)
it connects to some time sync server and sets the system clock very accurately to some foreign local time
the GUI for the app really sucks and is severly broken in its behaviour. (buttons disappear, etc)
dont bother using this software, the underlying worm detection code is probably as broken as the rest.
Seems like a good idea implemented poorly (Score:5, Informative)
Leusent _AT_ Link-net.org
Re:Seems like a good idea implemented poorly (Score:1)
It's great software, and it proved itself.
The distributed option of sharing data is a plus.
IINAL (Score:3, Interesting)
Re:IINAL (Score:5, Interesting)
Why would you say that? It certainly isn't entrapment. If you leave your house windows open, it doesn't give thieves permission to steal.
And a burglar can't complain that you have video cameras all over the house recording them while you call the cops.
In Texas & many other states, you could blow them away with a shotgun and get cheers in the local paper.
Re:IINAL (Score:5, Interesting)
Re:IINAL (Score:2)
If this thing was used a man in the middle approach, that would be interception, but a writer of a worm is going to have a hard time defending it.
It's directed at your computer (Score:2)
There's also nothing saying that what run on a port needs to be what conventionally runs on that port. Yes, 21 is conventionally FTP, but that's convention not a legal mandidate. You can run other services (like this) on 21, or run FTP on a different port.
Re:IINAL (Score:2)
Of course, you'd have to be mad to admit that you left the windows wide open when the insurance guy asks if you secured your home before leaving as part of their claim handling process.
Re:IINAL (Score:3, Insightful)
A honeypot is just a pseudo-server meant to trap, delay and/or observe a client. Useful for wasting spammers time/bandwidth, looking for spiders or in this case looking for active worm traffic.
You have to connect to the honeypot for it to be active so in absolutely no way can this be "illegal".
Tom
Worm Watching Clients for Windows Only? (Score:5, Funny)
Graph shows u137unk exploit (Score:5, Interesting)
And, as it says in the article, u137unk is aimed at port 137 using UDP. NetBIOS request en masse. Over the internet? Why does this not make sense? Maybe all those exploits are Messenger spams? However, iirc, Messenger spam uses a different port and TCP. So if this is not Messenger spam... Then what?
A little creepy ... calling home? (Score:5, Informative)
no mention of what anywhere.
Sorry, perhaps I'm paranoid... but that's not very cool with me.
Re:A little creepy ... calling home? (Score:3, Insightful)
This data-sharing/graphing of Internet attacks graphs.. etc.. comes as a second to the actual use for the program - a good and decent honey pot.
The program doesn't hide the fact that it "calls home" and it is all explained in another comment.
Re:A little creepy ... calling home? (Score:4, Informative)
"Events are reported by both email and udp... email because it makes it convenient to attach a capture if it is something new, and udp because while unreliable, it is fast."
Exactly how do you expect it to function if it doesn't talk to the people who are using it to track things?
Re:A little creepy ... calling home? (Score:2)
It's not more or less unreliable than the IP layer on which it is transported.
Re:A little creepy ... calling home? (Score:1)
What a headline (Score:4, Funny)
WormRadar Node Volunteers Help Graph Attacks
Did a node spontaneously provide some "help graph" attacks? Did node volunteers assist in attacking a graph or several graphs? Did the help given by volunteers end up graphing an attack? Or did it perform a little known "graph attack" on something?
Re:What a headline (Score:1)
Re:What a headline (Score:2)
You can always use VMware or Virtual Machine (Score:4, Informative)
The program is under constant development, surprising us with new features. The author is also very quick on responding to bug reports.
WR allows for emulation of IIS, sub7 and other useful applications/Trojan horses, as well as specifying your own ports to listen on.
It's a great program and a project worth supporting.
Important note: the
There is some way yet to go until this program hits 'legacy', but as I said it is under constant development, really useful
Excellent! An AC Recommending Suspect Software! (Score:1, Insightful)
What's Truly Sad... (Score:5, Insightful)
Date: 04/23 01:24:30 Name: ICMP PING CyberKit 2.2 Windows
Priority: 3 Type: Misc activity
IP info: 216.18.121.12:n/a -> x.x.x.x:n/a
References: none found SID: 483
Date: 04/23 02:10:26 Name: MS-SQL Worm propagation attempt
Priority: 2 Type: Misc Attack
IP info: 152.66.211.244:3280 -> x.x.x.x:1434
References: none found SID: 2003
Date: 04/23 02:10:59 Name: MS-SQL Worm propagation attempt
Priority: 2 Type: Misc Attack
IP info: 210.13.22.79:1171 -> x.x.x.x:1434
References: none found SID: 2003
Date: 04/23 02:32:46 Name: SCAN Squid Proxy attempt
Priority: 2 Type: Attempted Information Leak
IP info: 69.158.81.79:4380 -> x.x.x.x:3128
References: none found SID: 618
Date: 04/23 02:32:49 Name: SCAN Squid Proxy attempt
Priority: 2 Type: Attempted Information Leak
IP info: 69.158.81.79:4380 -> x.x.x.x:3128
References: none found SID: 618
Date: 04/23 02:32:54 Name: SCAN SOCKS Proxy attempt
Priority: 2 Type: Attempted Information Leak
IP info: 69.158.81.79:4514 -> x.x.x.x:1080
References: none found SID: 615
Date: 04/23 02:32:57 Name: SCAN SOCKS Proxy attempt
Priority: 2 Type: Attempted Information Leak
IP info: 69.158.81.79:4514 -> x.x.x.x:1080
References: none found SID: 615
Date: 04/23 02:59:50 Name: ICMP PING CyberKit 2.2 Windows
Priority: 3 Type: Misc activity
IP info: 216.18.121.12:n/a -> x.x.x.x:n/a
References: none found SID: 483
Date: 04/23 03:22:04 Name: MS-SQL Worm propagation attempt
Priority: 2 Type: Misc Attack
IP info: 67.163.239.113:1209 -> x.x.x.x:1434
References: none found SID: 2003
Windows has free built-in worm watching (Score:2, Funny)
So I need to run it without a firewall? (Score:1, Interesting)
Re:So I need to run it without a firewall? (Score:1, Insightful)
DMZ? NAT? personal firewall allowing this program only?
All allowing you to log, so what's the problem?
Excellent! (Score:5, Funny)
I volunteer enthusiastically. Wormradar will complement nicely my Gaydar, Chickdar, and of course, flamedar.
For Those of you worried WR might be a Trojan (Score:5, Informative)
He is also a CARO member, which is a very respectable organization for old-timer AV researchers.
I know him personally and vouch for him, much like pretty much any other AV researcher in the world. Everybody knows Roger.
"Everybody Knows Roger"? I Don't. (Score:1, Insightful)
BTW, who are you? Oh, wait...I'm sure everybody knows you too.
Re:For Those of you worried WR might be a Trojan (Score:2)
reporting for ISPs (Score:3, Insightful)
How about reporting for ISPs? Say, daily reports grouped by netblock owner in an easily parsed format? Set it up so ISPs can sign up for them. ISP doesn't sign up? Shucks, they must be supporting viruses and whatnot.
While backbone providers love 'em because they get paid for every byte...worms are the scourge of DSL/cablemodem companies, because they don't get paid by the byte, and worms eat into their margins. So you'd think they would have a vested interest in taking care of the problem.
Of course, if they were competent, they'd be running IDS systems that would examine a portion of traffic looking for worm activity, automatically shutting off any systems...
everything is explained in the NTBUGTRAQ post, (Score:5, Informative)
I am looking for some more folks who would be interested in running
WormRadar. ( http://wormradar.com). The web site is still rudimentary, but
the graph is generated every 30 minutes, and is interesting to watch, and
WormRadar.exe is available for download from there.
It is essentially a distributed Windows honeypot that listens on known
wormy ports (or ports that are likely to become wormy), and crcs, or scans,
anything that comes along. Its purpose is to both measure the frequency of
known, current worms and to alert us all when something new becomes active.
It is free provided you allow it to report to the central site.
If you allow it, WormRadar will synchronize your pc to network time, and
all events are recorded to the millisecond utc. Events are reported by both
email and udp... email because it makes it convenient to attach a capture
if it is something new, and udp because while unreliable, it is fast.
A summarized graph of activity is refreshed every 30 minutes to the
website, and is refreshed every 15 minutes on the WorldView tab within
WorldRadar itself. The WorldView tab also has notification options which
allow you to be alerted by a variety of means if something new appears,
such as email to a pager or by playing a wav file. In the fullness of time,
I'll add more views and graphs. The summary graph is interpreted like this...
(1) Green bars are recognized things
(2) Red bars are new (and should be watched)
(3) If I didn't get any data, I generate a name based on whether it was tcp
or udp, plus the port number, plus '0 bytes'.E.g. "t17300 0 bytes" means it
was TCP port 17300 and was 0 bytes long.
(4) If I got some data, but couldn't recognize it, I generate a similar
filename, but the suffix is 'unk', for unknown.
(5) I call it a 'summary', because if a single sourceip hits a single
targetip 200 times on the same port (such as a sql dictionary attack on
1433), it is really only one incident, and that is how I summarize it.
It emulates some common servers, such as web and ftp, and some common
backdoors, such as sub7 and kuang, and there are a bunch of tcp and udp
ports that can be set to whatever you like.
To install it, simply make a directory, copy it in, run it, configure it a
bit if you want, and tell it to listen. You can set it to cc yourself, and
you will receive a copy of the email sent to wormradar.com. The UDP
messages are content-identical to the email, although without email-y
things like headers, and I don't UDP the attachment if there is one.
It runs on about any Windows platform but runs best on Win ME, W2k or
WinXP. Win ME is a good platform, because there are fewer services to turn
off to allow WormRadar to listen on those ports. It runs nicely behind
firewalls like ZoneAlarm, and runs nicely in Virtual PC or VMWare. It
doesn't need much hardware... 200 or 300 mhz is fine. In the unlikely event
that you want to install it on more than one computer, please don't install
them on side by side IP addresses... this just skews the data. What we
really want is a nice, random, widespread distribution.
Thanks
Roger
He said... what?! (Score:1, Funny)
Win ME is a good platform, [...]
I never thought I'd hear that.
Guys, this is all a big hoax. Where's the hidden camera?
Ya gotta wonder. (Score:3, Funny)
You mean absolutely everybody who runs Windoze? (Score:2, Funny)
What WR connects out to.. SMTP and UDP, explained (Score:4, Interesting)
If you allow it, WormRadar will synchronize your pc to network time, and
all events are recorded to the millisecond utc. Events are reported by both
email and udp... email because it makes it convenient to attach a capture
if it is something new, and udp because while unreliable, it is fast.
A summarized graph of activity is refreshed every 30 minutes to the
website, and is refreshed every 15 minutes on the WorldView tab within
WorldRadar itself. The WorldView tab also has notification options which
allow you to be alerted by a variety of means if something new appears,
such as email to a pager or by playing a wav file. In the fullness of time,
I'll add more views and graphs. The summary graph is interpreted like this...
Recruit these guys for a good data sample (Score:5, Interesting)
As much as this is a good cause and all... (Score:1, Informative)
new open source project idea? (Score:1)
I'm all for a new open source project where we could take all our old AT computers running linux (you know you've got a bunch of them) and put a new and improved open source honeypot/worm tracking and graphing distributed network software on them. It will be open source so we can trust it. We might have more volunteers to help write and test this if it is open source too so it will get d
Re:new open source project idea? (Score:4, Insightful)
Email the author and offer your help, he is a great guy and I am sure he will take any help he can get.
I trust him, the question is if he can trust everyone who offers to help with a project such as this? Ask him and you'll find out.
Constructive vs....
Re:new open source project idea? (Score:1)
So.... question,
In the best possible universe, do you believe that a project like this should be closed source or open source?
Re:new open source project idea? (Score:1)
You as a user have the right to decide whether or not you'd use it.
The author is respectable and a very old timer in the AV and security field. He chose to make it freeware, that's something I am going to thank him for (already did, actually).
Re:new open source project idea? (Score:2)
Even if the author has a great reputation, we all make mistakes at times.
Dshield and myNetwatchman (Score:2, Informative)
who is Roger Thompson, you ask? (Score:1)
http://energycommerce.house.gov/108/Hear
Re:who is Roger Thompson, you ask? (Score:2)
Well of course! (Score:4, Funny)
You all must remember under what "license" this is (Score:1)
The program is still being developed and there isn't much of a web page, it is an as-is service, and the program does a great job.
The guy runs a new project, which is still very much under development. I suppose you don't have to download and/or run the software if you don't want to.
It is good software, and it worked great, but I don't see any reason to shoot the guy for admitting to needing help with running nodes, while he furt
It works! (Score:1, Funny)
Port 2000 (Score:3, Interesting)
Re:Port 2000 (Score:2)
I monitor port probing as well -- and see a wide range of known and "unknown" port attempts also coming from all over the world. In the last week not one (!1) probe on port 2000...
It's just you.
Re:Port 2000 (Score:1)
Was it just me? (Score:1)
WormRadar Nude Volunteers Help Graph Attacks
Re: Was it just me? (Score:1)
> Did anyone else read the headline as: WormRadar Nude Volunteers Help Graph Attacks
At first I read it as "That hot babe you saw at the store this afternoon is trying to track you down for a weekend of hot sex", but I rubbed my eyes and it went away.
This guy should have done it in java (Score:2)
Then anyone with a java compiler could participate, no matter what hardware they have.
(Also, the chance of this being a trojan would be rendered nonexistent)
Say what you will about java performance, but when it comes to writing networking software, java's pretty damn sweet!
The headline had me all excited.. (Score:1)
Damn.
dshield (Score:3, Informative)
Try dshield [slashdot.org], I've had my OpenBSD pf firewall generate and submit logs on a daily basis for near a year now. There are a numerous dshield clients and adapter scripts. You will also get daily reports from dshield, there's a tonne of online statistics, and they use your data to submit reports to abuse owners at domain names.
Here's the current statistics:
Records Added:
Last Month - 286,455,729
Last Week - 112,352,882
Today - 591,719
WINE (Score:1)
The Graph (Score:2)
Unless your browser has smooth scaling! Wasn't Mozilla suppost to have added that a while back?
Now it all makes sense. . . (Score:2)
*Now* I get it!