s25

Terminal

ox

File Edit View lerminal Tabs Help

root@honeypot honeyd# arpd -d 10.0.0.4-10.0.0.254

arpd[6539): listening on ethO: arp and (dst net 10.0.0.4/30 or dst net 10.0.0.8/29 or dst net 10.0.0.16/28 or dst net 10.0.0.32/27 or dst net 10.0.0.64/26 or dst net 10.0.0.128/26 or dst net 10.0.0.192/27 or dst net 10.0.0.224/28 or dst net 10.0.0.240/29 or dst net 10.0.0.248/30 or dst net 10.0.0.252/31 or dst net 10.0.0.254/32) and not ether src 00:00:39:af:68:f7

□



File Edit View lerminal Tabs Help

honeyd!6536]: started with -d -u O -g O -f config3 10.0.0.4-10.0.0.254 Warning: Impossible SI rangę in Class fingerprint "IBM 0S/400 V4R2M0"

Warning: Impossible SI rangę in Class fingerprint "Microsoft Windows NT 4.0 SP3"

honeyd!6536]: listening promiscuously on ethO: (arp or ip proto 47 or (ip and (dst net 10.0.0.4/30 or dst net 10.0.0.8/29 or dst net 10.0.0.1

6/28 or dst net 10.0.0.32/27 or dst net 10.0.0.64/26 or dst net 10.0.0.128/26 or dst net 10.0.0.192/27 or dst net 10.0.0.224/28 or dst net 10

.0.0.240/29 or dst net 10.0.0.248/30 or dst net 10.0.0.252/31 or dst net 10.0.0.254/32))) and not ether src 00:00:39:af:68:f7

honeyd!6536]: Demoting process privileges to uid O, gid O

honeyd!6536]: Connection request: tcp (10.0.0.3:32808 - 10.0.0.200:9996)

honeyd!6536]: Connection established: tcp (10.0.0.3:32808 - 10.0.0.200:9996) <-> /bin/sh scripts/Sasser_Catcher.sh 10.0.0.3 10.0.0.200 honeyd!6536]: E(10.O.O.3:32808 - 10.0.0.200:9996): 1234_up.exe:

1234_up.exe: ETA: 0:00 13.24/ 50.00 kB 5.95 MB/s

1234_up.exe: ETA: 0:00 50.00/ 50.00 kB 7.84 MB/s

1234_up.exe: 50.00 kB 7.84 MB/s

honeyd!6536]: Expiring TCP (10.0.0.3:32808 - 10.0.0.200:9996) (0x832ale0) in state 7 honeyd!6536]: exiting on signal 2 root@honeypot honeyd# Is -1 /worms/Sasser/ total 4

drwxr-xr-x 2 root root 4096 Feb 23 18:43 10.0.0.3-10.0.0.200-1109180623 root@honeypot honeyd# Is -1 /worms/Sasser/10.O.O.3-10.O.O.200-1109180623/ total 56

-rw-r--r-- 1 root root 51200 Feb 23 18:08 1234_up.exe

root@honeypot honeyd# [