[Intrusions] `tattle`, now with goodness
William Stearns
wstearns at pobox.com
Wed Jun 15 16:44:56 GMT 2005
Good afternoon, Andrew, C.J.,
On Tue, 14 Jun 2005, Andrew Daviel wrote:
> On Mon, 13 Jun 2005, C.J. Steele, CISSP wrote:
>
>> If you're reading the [intrusions] list, you're probably not seeing
>> quite a bit of the lynching I've taken on [bugtrq], which has caused
>> `tattle` to evolve in many of the ways you're suggesting. Given the
>> types of attacks we're all seeing, I suspect you'll find that `tattle`
>> makes a best-effort attempt to report the mail to the right parties
>> (i.e. abuse.net and then whois, where abuse doesn't reply), reverse
>> lookups of IP addresses, etc...
>
> I had a look at tattle, and it is certainly way more elegant
> than my thing ... using NET::Whois::IP which does the
> iteration through ARIN. My script is really ugly, but I will send you a
> copy if you promise not to laugh....
> I will also send the list of contacts, which is easier to work with..
I'm personally interested in both tools, and would be especially
interested in seeing if the best of both can be merged into a single
program.
I suspect others are too, so if you provide urls for readers to
download them, that would be great.
Cheers,
- Bill
---------------------------------------------------------------------------
"Whoever fights monsters should see to it that in the process he
does not become a monster. And when you look into an abyss, the abyss
also looks into you."
-- Nietzsche
(Courtey of Neal Dias <ndias at sunglasshut.com>)
--------------------------------------------------------------------------
William Stearns (wstearns at pobox.com). Mason, Buildkernel, freedups, p0f,
rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org
--------------------------------------------------------------------------
More information about the Intrusions
mailing list