Ztraceni klienti¶
Klienti registrovaní na serveru Warden 1.x¶
Seznam klientu zaregistrovanych u Warden 1.x serveru. V poli lost? je popsano, zda je klient zaregistrovan i na serveru Warden 2.0.
| client ID | hostname | registered | requestor | service | client type | type | receive own events | description tags | ip net client | lost? |
|---|---|---|---|---|---|---|---|---|---|---|
| 1 | warden.cesnet.cz | 2011-11-21T14:57:46 | plesnik | ScanDetector | s | - | - | testing | 195.113.0.0/16 | - |
| 2 | warden.cesnet.cz | 2011-11-21T14:58:28 | plesnik | HoneyScan | s | - | - | testing | 195.113.0.0/16 | - |
| 3 | warden.cesnet.cz | 2011-11-21T14:59:07 | plesnik | PhiGaro | s | - | - | testing | 195.113.0.0/16 | - |
| 4 | nfsen.ics.muni.cz | 2011-11-21T15:34:13 | drasar | ScanDetector_1.0 | s | - | - | Network, Flow, ScanDetector | 147.251.0.0/16 | - |
| 5 | nfsen-devel.ics.muni.cz | 2011-11-22T08:54:20 | husak | honeyscan | s | - | - | Network, Flow, honeyscan | 147.251.0.0/16 | - |
| 6 | au1.cesnet.cz | 2011-11-23T10:06:05 | vachek | CESNET_IDS | s | - | - | Network, Connection, Honeypot, LaBrea | 195.113.205.178/32 | - |
| 7 | au2.cesnet.cz | 2011-11-23T10:06:48 | vachek | IDS.CZ | s | - | - | Network, Connection, Honeypot, LaBrea | 195.113.205.179/32 | - |
| 8 | netis.vsb.cz | 2011-11-25T11:42:15 | orkac | PhishReport | s | - | - | Network, Phishing, PhishReport | 158.196.149.48/32 | YES |
| 9 | buldog.vsb.cz | 2011-11-25T11:44:23 | orkac | - | r | phishing | t | - | 158.196.158.78/32 | YES |
| 10 | buldog.vsb.cz | 2011-11-25T11:45:04 | orkac | - | r | bruteforce | t | - | 158.196.158.78/32 | YES |
| 11 | nfsen.ics.muni.cz | 2011-11-28T11:23:35 | vykopal | SSHBruteForce-1_N | s | - | - | Network, NetFlow, SSH | 147.251.14.40/32 | - |
| 12 | holly.cesnet.cz | 2011-11-29T15:43:31 | kostenec | KippoHoneypot | s | - | - | Network, Honeypot, SSH | 195.113.187.243/32 | - |
| 13 | queeg.cesnet.cz | 2011-11-29T15:44:53 | kostenec | DionaeaHoneypot | s | - | - | Network, Honeypot | 195.113.187.242/32 | - |
| 14 | bee.net.vutbr.cz | 2011-12-02T08:44:51 | slama | HPScan | s | - | - | Network, Honeypot, Scan | 147.229.0.0/16 | - |
| 15 | bee.net.vutbr.cz | 2011-12-02T08:49:02 | slama | - | r | portscan | t | - | 147.229.0.0/16 | - |
| 16 | bee.net.vutbr.cz | 2011-12-02T08:49:18 | slama | - | r | bruteforce | t | - | 147.229.0.0/16 | - |
| 17 | netis.vsb.cz | 2011-12-02T09:30:28 | orkac | BruteForceDetector | s | - | - | Network, bruteforce | 158.196.149.48/32 | YES |
| 18 | au1.cesnet.cz | 2011-12-12T12:55:39 | vachek | CESNET_SSERV | s | - | - | External, SServ | 195.113.205.178/32 | - |
| 19 | nfsen.ics.muni.cz | 2012-04-15T16:34:53 | cegan | - | r | darkspace | f | - | 147.251.14.40/32 | - |
| 20 | nfsen.ics.muni.cz | 2012-04-15T16:35:20 | cegan | - | r | portscan | f | - | 147.251.14.40/32 | - |
| 21 | buldog.vsb.cz | 2012-05-11T07:40:48 | orkac | bruteforce | s | - | - | Network, Bruteforce, SSH | 158.196.158.78/32 | YES |
| 22 | warden.cesnet.cz | 2012-06-07T14:04:19 | mach | test | s | - | - | test | 195.113.161.41/32 | YES |
Klienti registrovaní na serveru Warden 2.0¶
- Seznam klientu zaregistrovanych na Warden 2.0 serveru.
- Pole new? oznacuje, zda je klient novy (tedy ze nebyl vyuzit ve drivejsich verzich Warden serveru).
- Pole alive? je odhad, zda je klient funkcni a aktivni:
- ? (NO) znaci, ze klient nekomunikuje se serverem, ale neni patrne, zda je zivy nebo ne,
- YES znamena, ze klient aktivne komunikuje,
- REMOVED znamena, ze v logu je informace o odstraneni (zneplatneni) klienta
- stav k 06/15/2012 03:36 pm
| client ID | hostname | registered | requestor | service | client type | type | receive own events | description tags | ip net client | stored events | last insertion | new? | alive? |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | warden.cesnet.cz | 2011-11-21 14:57:46 | plesnik | ScanDetector | s | - | - | testing | 195.113.0.0/16 | 0 | none | - | ? (NO) |
| 2 | warden.cesnet.cz | 2011-11-21 14:58:28 | plesnik | HoneyScan | s | - | - | testing | 195.113.0.0/16 | 0 | none | - | ? (NO) |
| 3 | warden.cesnet.cz | 2011-11-21 14:59:07 | plesnik | PhiGaro | s | - | - | testing | 195.113.0.0/16 | 0 | none | - | ? (NO) |
| 4 | nfsen.ics.muni.cz | 2011-11-21 15:34:13 | drasar | ScanDetector_1.0 | s | - | - | Network, Flow, ScanDetector | 147.251.0.0/16 | 0 | none | - | ? (NO) |
| 5 | nfsen-devel.ics.muni.cz | 2011-11-22 08:54:20 | husak | honeyscan | s | - | - | Network, Flow, honeyscan | 147.251.0.0/16 | 108 | 2012-06-12 12:00:56 | - | YES |
| 6 | au1.cesnet.cz | 2011-11-23 10:06:05 | vachek | CESNET_IDS | s | - | - | Network, Connection, Honeypot, LaBrea | 195.113.205.178/32 | 0 | none | - | ? (NO) |
| 7 | au2.cesnet.cz | 2011-11-23 10:06:48 | vachek | IDS.CZ | s | - | - | Network, Connection, Honeypot, LaBrea | 195.113.205.179/32 | 333 | 2012-06-15 12:15:02 | - | YES |
| 11 | nfsen.ics.muni.cz | 2011-11-28 11:23:35 | vykopal | SSHBruteForce-1_N | s | - | - | Network, NetFlow, SSH | 147.251.14.40/32 | 0 | none | - | ? (NO) |
| 12 | holly.cesnet.cz | 2011-11-29 15:43:31 | kostenec | KippoHoneypot | s | - | - | Network, Honeypot, SSH | 195.113.187.243/32 | 36 | 2012-06-15 11:15:02 | - | YES |
| 13 | queeg.cesnet.cz | 2011-11-29 15:44:53 | kostenec | DionaeaHoneypot | s | - | - | Network, Honeypot | 195.113.187.242/32 | 0 | none | - | ? (NO) |
| 14 | bee.net.vutbr.cz | 2011-12-02 08:44:51 | slama | HPScan | s | - | - | Network, Honeypot, Scan | 147.229.0.0/16 | 0 | none | - | ? (NO) |
| 15 | bee.net.vutbr.cz | 2011-12-02 08:49:02 | slama | - | r | portscan | t | - | 147.229.0.0/16 | - | - | - | ? (NO) |
| 16 | bee.net.vutbr.cz | 2011-12-02 08:49:18 | slama | - | r | bruteforce | t | - | 147.229.0.0/16 | - | - | - | ? (NO) |
| 18 | au1.cesnet.cz | 2011-12-12 12:55:39 | vachek | CESNET_SSERV | s | - | - | External, SServ | 195.113.205.178/32 | 95 | 2012-06-14 18:13:08 | - | YES |
| 19 | nfsen.ics.muni.cz | 2012-04-15 16:34:53 | cegan | - | r | darkspace | f | - | 147.251.14.40/32 | - | - | - | ? (NO) |
| 20 | nfsen.ics.muni.cz | 2012-04-15 16:35:20 | cegan | - | r | portscan | f | - | 147.251.14.40/32 | - | - | - | ? (NO) |
| 23 | afrodita.civ.zcu.cz | 2012-06-13 14:31:03 | Bodik | labrea | s | - | - | Network, IDS, Labrea | 147.228.52.15/32 | 84718 | 2012-06-15 12:20:18 | YES | YES |
| 24 | buldocek.vsb.cz | 2012-06-11 08:03:27 | orkac | cz.vsb.buldocek.kippo | s | - | - | Network, Honeypot, SSH | 158.196.158.115/32 | 0 | none | YES | REMOVED |
| 25 | buldocek.vsb.cz | 2012-06-11 08:04:05 | orkac | cz.vsb.buldocek.fail2ban | s | - | - | 158.196.158.115/32 | 0 | none | YES | REMOVED | |
| 26 | kryten.cesnet.cz | 2012-06-11 09:00:57 | kostenec | DionaeaHoneypot | s | - | - | Network, Honeypot, Dionaea | 195.113.161.12/32 | 759 | 2012-06-15 12:05:02 | YES | YES |
| 27 | afrodita.civ.zcu.cz | 2012-06-14 08:40:02 | bodik | - | r | bruteforce | t | - | 147.228.52.15/32 | - | - | YES | YES |
| 28 | afrodita.civ.zcu.cz | 2012-06-14 08:40:02 | bodik | - | r | darkspace | t | - | 147.228.52.15/32 | - | - | YES | YES |
| 29 | afrodita.civ.zcu.cz | 2012-06-14 08:40:02 | bodik | - | r | malware | t | - | 147.228.52.15/32 | - | - | YES | YES |
| 30 | afrodita.civ.zcu.cz | 2012-06-14 08:40:02 | bodik | - | r | other | t | - | 147.228.52.15/32 | - | - | YES | YES |
| 31 | afrodita.civ.zcu.cz | 2012-06-14 08:40:02 | bodik | - | r | portscan | t | - | 147.228.52.15/32 | - | - | YES | YES |
| 32 | afrodita.civ.zcu.cz | 2012-06-14 08:40:02 | bodik | - | r | tarpit | t | - | 147.228.52.15/32 | - | - | YES | YES |
| 33 | afrodita.civ.zcu.cz | 2012-06-14 08:40:02 | bodik | - | r | TEST | t | - | 147.228.52.15/32 | - | - | YES | ? (NO) |
| 34 | afrodita.civ.zcu.cz | 2012-06-14 08:40:02 | bodik | - | r | webattack | t | - | 147.228.52.15/32 | - | - | YES | YES |