GSoC'09: Some Updates for Glastopf

< "Bypassing Kernel Code Integrity Protection Mechanisms" | "Towards Proactive Spam Filtering" >

GSoC'09: Some Updates for Glastopf

Today Lukas commited some major changes to glastopf, his Google Summer of Code project. The goal of glastopf is to learn more about attacks against web applications, mainly by attracting remote file inclusion attacks. The new version now features a new parser that should be able to handle more attacks and respond in a more flexible way. Furthermore, the connection to a central database was improved and the daemon now also drops privileges after starting up.

The software is constantly collecting information and in the next couple of weeks more analysis tools will be implemented to also process the collected data. The current glastopf implementation logs status messages to Twitter: "Got 142 attacks in the last 30 minutes!". More than 13,000 IP addresses were observed and thousands of requests processed.

This entry was posted by Thorsten Holz on Monday, July 20. 2009 at 23:28. and is filed under honeynets. You can leave a response, or trackback from your own blog.

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Name
Email
Homepage
In reply to
Comment	E-Mail addresses will not be displayed and will only be used for E-Mail notifications To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information? Subscribe to this entry