Jun 15
So, recently I obtained several new experiences :-).
I am working with Fortigate machines (AFA1000’s) and Juniper Netscreen SSG550’s, which are both great machines to work with. I touched a couple of netscreens just a week before I started my new assignment, and now I work full time with them. Beyond that I also try to support the team I am in now with cisco/networking knowledge so that the team can keep on rolling (even if the grand-master will be on holiday within 2 months from now).
Apart from the work experience I also did some work in perl again and finished up check_honeynet.pl v2.0.3b (Which will eventually become v2.0) and I am playing around with svn and mirroring subversion stuff (For FreeBSD and my own projects).
Seeing my upcoming agenda makes it a bit challenging to properly give all my activities enough time, but I am sure I Can manage that just fine.
written by Remko
\\ tags: Fortigate, Fortinet, Honeynet, honeynet.pl, Juniper, Netscreen, Perl, SSG550
Mar 24
So, Saturday and today I spend a bit of time updating my honeynet check mirror application, which retrieves information from various mirrors to do an educated guess on when the mirrors did a last sync (all in perspective ofcourse because it doesn’t tell the actual status, but at least it’s a guide, and if properly done, we can see what happends).
That ofcourse doesn’t mean the tool is honeynet only, you can easily change it for your own needs to enlist several own mirrors etc. It’s just that I named it for the honeynet project: check_honeynet, one could argue to name it “evil-mirror-validator” or something (evil- are prefixes of most of my projects).
Anyway: back to the discussion: v1.7 has a new way of parsing configuration records which is rather straight forward. I will be implementing the same for 2.0 (which is actually just a continued development on top of 1.7). This makes use of the Config::Simple module, which enables me to write it all ini-style based (it was already like that, but then resolved more ugly then it is now).
If you browse to the downloads section, you will find it there, with a published web-frontend and so on. If you have any comments please let me know. From what I saw from my local tests this just works fine.
For 2.0 I will be issueing a seperated statistics file, which I will write ini based (from the application) to gather statistics about [ok] [bad] [banned] hosts. This way we can more selectively send messages to the bogus mirror, and even ban them (which could result in an automated removal from the main site for example) if they trigger the (adjustable) thresholds.
written by Remko
\\ tags: download, Honeynet, honeynet.pl, Mirror checker, Mirror., Perl
