netsecurity database

# everyone has been asking for it -- parsing the RPSL format (RIPE/APNIC/JPNIC, etc.)
# read a RPSL formatted whois dump file and import it into the database
# ripe.db.inetnum
# apnic.db.inetnum
# jpnic.db.long
# hacked together by <>

and yes, I'm not quite innocent of it :D

Log from sniffernode generated 4807 tickets to be checked.

2009/02/23 3568 still open.

2010/03/11 Update: Tested with MS Exchange 2007 32Bit both generated versions successfully. Released eval versions to registrated users.

Unfortunately we still have no progress on MS Server cmdlets.
The example with ECB shows, that they would badly need it.

I wrote the following mail to

Norman Scharpff,
Technology consultant Hosting@Microsoft Germany

mail.vbcl.de - - [28/Aug/2008:22:38:28 +0200] "GET / HTTP/1.0" 200 60081 "-" "Wget/1.10.2"
no.mps-ng.de - - [28/Aug/2008:22:39:10 +0200] "GET / HTTP/1.0" 403 38 "-" "Wget/1.10.2"
kl.mps-ng.de - - [28/Aug/2008:22:39:48 +0200] "GET / HTTP/1.0" 200 60082 "-" "Wget/1.10.2"

The moment, we have visitors without referrer
we will kick any RSS-Feed, that guides them.

This page is not meant for end-users, but for administrators,
ISP's and people that try to get a little bit safety into
internet traffic.

Within the last monthes it served as spammer - and the last 4 weeks as hacker's honeypot. All contacts were asked to keep their mouth shut - and it worked - thanks to all.

Thanks again to webmaster from heise.de for his IP-blacklist (see article regarding NIX-SPAM).

If you want to take the RSS-Feed for servers and you are NOT an ISP, police, government or similar, please get in contact with us.

Regards,

Claus

German:

'Wenn wir die netsecdb weltweit zum Einsatz bringen, isolieren wir die Spammer und Kriminellen und die Resourcen können wieder für ihren eigentlichen Zweck verwendet werden.'

Ein Blick auf die netsecdb-STATS zeigt: weniger als 50.000 halten mehr als 3.5 Millionen Netze "als Geisel".

Hier ist jeder gefragt - grosse Konzerne, kleine Firmen sowie der Otto-Normal-User.

Die Anzahl der Trojaner-'Gruss-Karten', die hier aufschlagen und die Angriffe von aussen zeigen mir: so falsch liege ich damit nicht.

English:

'If we can establish netsecdb worldwide, we isolate spammers and criminals and the resources will return to their original purpose.'

Take a look at netsecdb-STATS: less than 50.000 'take more than 3.5 million nets hostage'.

It's on everyone now - big companies, small businesses and end users.

the number of 'greeting cards' poisened with trojans and attacks from outside show me: i'm not that wrong with it.

Updated to current values on: Fri Sep 12 11:46:40 CEST 2008

Like Tino does it for switzerland, we look out for partners in foreign countries to build stats-POINT with TOP25 Spammer stats.

And, of cause, ISP's and clients from this country can check their status faster this way.

We provide full version of hosts.deny or evil-client.cidr with auto-update option in exchange.

In addition, STATS nodes receive full version of htaccess and access to iptables-scripts for their server-protection.

I'm a fan of American Football, so let me express it this way:

I would like to thank the "defense" on the sideline for keeping an eye on us and prevent scoring, when needed:

Patrick Kambach
Mesh Solutions
Level3
VeriSign Infrastructure & Operations

Hope, we make it to the Finals.

Currently, we import a trusted blacklist from the german computer magazine IX, from their NiX SPAM-project.

The imported data does not influence our TOP25 and blocking stats, cause it's not rated.

Currently, this list contains a list of 39.977 unique IPs.

Now what does mapping mean?

• Angel from Argentina (structuring potential markets and usage) I enjoyed our skype-sessions.
• Hans from Germany (planning business models)
• Nico from Germany (what's that? and simple! - guide)
• Paul from U.K. (esp. for checking the grammar)
• Tino from switzerland (giving productive feedbacks)
• Yaya from Germany (esp. discussing terms-of-use and disclaimers over and over again)

Thanks for your patience with me.

Thanks to my children - we have a new intropage for netsecdb which simply explains the concept.

After talking to them, they took the pictures and a few minutes later we moved the technical article to blog-area and replaced it with the new one.