[90049] in North American Network Operators' Group
Re: Tools for LARTing large nets of compromised boxen? (on/off list
daemon@ATHENA.MIT.EDU (Michael Loftis)
Thu Apr 20 17:56:07 2006
Date: Thu, 20 Apr 2006 15:55:21 -0600
From: Michael Loftis <mloftis@wgops.com>
To: nanog@merit.edu
In-Reply-To: <285AD8B831F7CCB21768BBDB@dhcp-2-206.wgops.com>
X-MailScanner-From: mloftis@wgops.com
Errors-To: owner-nanog@merit.edu
I received quite a few good responses, I've ended up using incident.pl and
wormeter.pl from the list below (found at the same place).
Thanks again everyone.
IASON was pointed out but seems incomplete http://iason.site.voila.fr/ and
http://sourceforge.net/projects/iason/
Another member pointed out that Cymru WHOIS server has a bulk mode input to
turn IP lists into source ASNs. http://www.cymru.com/ and
whois://whois.cymru.com/
incident.pl from http://www.viraj.org/ along with wormeter.pl from same is
what I ended up using. I had to write a pattern to match, and remove other
patterns to prevent accidental matches but this ended up doing what I
wanted.
I got some other responses, some duplicates too. I've anonymized responses
since I'm not sure if the off-list responders wish to be identified.
