Category: Projects
29 January, 2010 (18:36) | Honeynet Project, PhoneyC, Projects | No comments
About two months ago I started contributing PhoneyC, a pure Python honeyclient implementation originally developed by Jose Nazario. The perception is that our development efforts are moving on the right track. The code can be downloaded here. If you’re interested take a look at the different development branches and give us your feedback. Moreover if [...]
29 September, 2009 (15:58) | Botnets, Fast-Flux, Honeynet Project, Projects, TIP | 2 comments
It’s long time since I don’t write about TIP and its evolution. A lot of things have changed during these last months in order to make TIP more efficient and scalable. So maybe it’s worth to talk about it! First of all, TIP really exploits the Twisted Plugin System as best as it can. As [...]
3 July, 2009 (14:28) | Projects, TIP | No comments
A new spamtrap submodule is currently under development. Its targets are spamtraps located on mailservers which I administer. Few of these mailservers generate huge amounts of spam mails and this leads to great performance troubles if you try to download them by POP3/IMAP and then parse. A different approach was thought for situations like these. [...]
1 July, 2009 (16:54) | Botnets, Fast-Flux, Projects, TIP | No comments
Few days ago I started thinking about the scalability limits of the TIP Fast-Flux Tracking module and realized its design was really awful. The approach was based on the idea of assigning a monitoring thread to each fluxy domain. This approach is well suited if the number of threads is quite small but not for [...]
24 April, 2009 (17:33) | Projects, TIP | No comments
In the last days, the inner workings of TIP changed too much. In fact, as soon as I plugged in the new Spamtrap module, I realized that the core engine was far from perfect. In particular, it was designed when I had no precise idea of the work load it had to face and this [...]
10 March, 2009 (13:55) | Projects, TIP | No comments
I spent my last days working on a subtle bug in TIP which didn’t allow a correct engine rescheduling and thus a correct information sources updating. The bug has gone now but I’m realizing how hard is working always close to the limits of the operating system and the database management system. But it’s a [...]
7 January, 2009 (16:25) | Botnets, Fast-Flux, Projects, TIP | No comments
Today I came back from my Christmas holidays with the precise idea of rewriting the Fast Flux Tracking module from scratch. In fact, in the last days I observed strange behaviors during its working when the number of domains to monitor exceeded a few thousands. A deep investigation of the code revelead to me the [...]
19 December, 2008 (18:34) | Botnets, Fast-Flux, Malware, Projects, TIP | No comments
Eppur si muove!
TIP (Tracking Intelligence Project) is taking its first steps. In my most beautiful dreams, TIP should be an information gathering framework whose purpose is to autonomously collect Internet threat trends. Currently, TIP is closely monitoring information derived from few publicly available blacklists thus identifying malicious domains and networks. To reach its goal, TIP [...]