Bug#183387: marked as done (RFP: earlybird -- Realtime HTTP worm intrusion attempt notification)
Your message dated Fri, 4 Jul 2003 14:03:45 +0200
with message-id <200307041403.55788@fortytwo.ch>
and subject line earlybird is obsolete
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 4 Mar 2003 13:11:27 +0000
>From avbidder@fortytwo.ch Tue Mar 04 07:11:27 2003
Return-path: <avbidder@fortytwo.ch>
Received: from zux006-026-099.adsl.green.ch (gluggsi.fortytwo.ch) [81.6.26.99]
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 18qCCc-0002H2-00; Tue, 04 Mar 2003 07:11:26 -0600
Received: from altfrangg.fortytwo.ch (altfrangg.fortytwo.ch [192.168.1.17])
by gluggsi.fortytwo.ch (Postfix) with ESMTP
id 24DB92B27; Tue, 4 Mar 2003 14:11:25 +0100 (CET)
Received: by altfrangg.fortytwo.ch (Postfix, from userid 1000)
id ABAAA8B9CA; Tue, 4 Mar 2003 14:11:24 +0100 (CET)
From: "Adrian 'Dagurashibanipal' von Bidder" <avbidder@fortytwo.ch>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: RFP: earlybird -- Realtime HTTP worm intrusion attempt notification
X-Mailer: reportbug 1.50
Date: Tue, 04 Mar 2003 14:11:19 +0100
Message-Id: <20030304131124.ABAAA8B9CA@altfrangg.fortytwo.ch>
Delivered-To: submit@bugs.debian.org
X-Spam-Status: No, hits=-0.7 required=4.0
tests=HAS_PACKAGE,PGP_SIGNATURE,SPAM_PHRASE_00_01
version=2.44
X-Spam-Level:
Package: wnpp
Version: N/A; reported 2003-03-04
Severity: wishlist
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
* Package name : earlybird
Version : 2.6 (3.0 soon to be released)
Upstream Author : Jay D. Dyson <jdyson@treachery.net>
* URL : http://treachery.net/~jdyson/earlybird/
* License : GPL
Description : Realtime HTTP worm intrusion attempt notification tool
Early Bird is a realtime HTTP worm intrusion attempt reporting utility.
Originally written to combat only Code Red, Early Bird originally
functioned simply as a decoy by living under the name of 'default.ida'.
Over time, Early Bird was altered to handle other worm attack
signatures. When the HTTP worm attempts to exploit a known buffer
overflow (usually in IIS), Early Bird captures the attacking IP, the
request string sent, and composes an email to the offending network
contact to alert them to their problem.
(taken from the earlybird FAQ)
IANADD - but if I ever get some more free time, this would be candidate
for a first package, I think.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: get my key from http://fortytwo.ch/gpg/92082481
iKcEARECAGcFAj5kpfxgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjMmbWQ1c3VtPTE0Y2E2MTZmMTQ2ODJhODJj
YjljYzI1YzliMzRhMTBkAAoJEIukMYvlp/fWRMkAoIR2qIK/iZB/uKJWTu/w1HJI
/VQ5AJ0Ql2tDzQY9EkDd7k8C49MLRlqRGg==
=wqU4
-----END PGP SIGNATURE-----
---------------------------------------
Received: (at 183387-done) by bugs.debian.org; 4 Jul 2003 12:04:09 +0000
>From vbi@fortytwo.ch Fri Jul 04 07:03:59 2003
Return-path: <vbi@fortytwo.ch>
Received: from zux006-013-242.adsl.green.ch (gluggsi.fortytwo.ch) [81.6.13.242]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 19YPIF-0001Zh-00; Fri, 04 Jul 2003 07:03:59 -0500
Received: from altfrangg.fortytwo.ch (altfrangg.fortytwo.ch [192.168.1.17])
by gluggsi.fortytwo.ch (Postfix) with ESMTP id 77E523E4C
for <183387-done@bugs.debian.org>; Fri, 4 Jul 2003 14:03:57 +0200 (CEST)
Received: by altfrangg.fortytwo.ch (Postfix, from userid 1002)
id 5227D1EF21; Fri, 4 Jul 2003 14:03:56 +0200 (CEST)
From: Adrian 'Dagurashibanipal' von Bidder <avbidder@fortytwo.ch>
To: 183387-done@bugs.debian.org
Subject: earlybird is obsolete
Date: Fri, 4 Jul 2003 14:03:45 +0200
User-Agent: KMail/1.5.1
MIME-Version: 1.0
Content-Type: multipart/signed;
protocol="application/pgp-signature";
micalg=pgp-sha1;
boundary="Boundary-02=_r0WB/ZUA/h4/mcH";
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <200307041403.55788@fortytwo.ch>
Delivered-To: 183387-done@bugs.debian.org
X-Spam-Status: No, hits=-8.3 required=4.0
tests=BAYES_30,PGP_SIGNATURE_2,USER_AGENT_KMAIL
version=2.53-bugs.debian.org_2003_06_27
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_06_27 (1.174.2.15-2003-03-30-exp)
--Boundary-02=_r0WB/ZUA/h4/mcH
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline
After some time running earlybird, I saw that=20
+ it is not possible to automated notify admins, as whois is not useable i=
n=20
an automated way
+ there is a race that causes earlybird to sometimes send 3 or 4 emails=20
because of one attacker
+ I did not receive any answer from the upstream author, I guess the progr=
am=20
is dead.
cheers
=2D- vbi
=2D-=20
Debian is the Jedi operating system: "Always two there are, a master and
an apprentice".
-- Simon Richter on debian-devel
--Boundary-02=_r0WB/ZUA/h4/mcH
Content-Type: application/pgp-signature
Content-Description: signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iKcEABECAGcFAj8FbStgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw
NzFiMjVlYjcwMDZkYTNlAAoJEIukMYvlp/fWZa4Anioc3IT1312tXWSvksZfkeZ4
ghcNAKCTtynnFi5hJn6X3Js0tqfasGHUkg==
=eXNK
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.5&md5sum=5dff868d11843276071b25eb7006da3e
--Boundary-02=_r0WB/ZUA/h4/mcH--
Reply to: