Quote:
Originally Posted by //////
No, it doesnt matter, its not the reason, the reason seems to be host firewall.
Have you opened your ports? If you have opened those try doing a service scan so you can be sure of it.
http://centralops.net/co/DomainDossier.aspx
You should see something like this:
(I opened ftp port for example)
Code:
Address lookup
canonical name yycccxxii.gprs.sl-laajakaista.fi.
aliases
addresses 85.76.221.xx
Service scan
FTP - 21 220 ---freeFTPd 1.0---warFTPd 1.65---
SMTP - 25 Error: TimedOut
HTTP - 80 Error: TimedOut
POP3 - 110 Error: TimedOut
IMAP - 143 Error: TimedOut
-- end --
And in nepenthes you should see this:
Code:
[ warn module ] Unknown exploit 0 bytes
screenshot
|
Thank you for your precious time. However, there is still nothing in logged_downloads and logged_submissions ,I think there may be something wrong with my config file,the following is from /etc/nepenthes/nepenthes.conf , I hope you could have a look at it and see if there is something wrong with it,thank you!
// main configuration file for nepenthes
// see also configuration files for modules (second row in the modules section)
nepenthes
{
moduledir "/usr/lib/nepenthes"; // relative to workdir
moduleconfigdir "/etc/nepenthes"; // relative to workdir
modules(
// module name (in moduledir) config file (in moduleconfigdir)
// dns handling modules, load only one
"dnsresolveadns.so" "" ""
// geolocation resolver modules, load only one, disabled by default
// "geolocationhostip.so" "" ""
// "geolocationgeoip.so" "" ""
// download handler for various protocols
"downloadcsend.so", "download-csend.conf", ""
"downloadcreceive.so", "", ""
// "downloadcurl.so", "download-curl.conf", ""
"downloadftp.so", "download-ftp.conf", ""
"downloadhttp.so", "", ""
"downloadlink.so", "download-link.conf", ""
// "downloadnepenthes.so", "download-nepenthes.conf", "" // get data from others via submit-nepenthes
"downloadtftp.so", "download-tftp.conf", ""
"downloadrcp.so", "" ""
// submission handler
"submitfile.so", "submit-file.conf", "" // save to disk
"submitnorman.so", "submit-norman.conf", ""
// "submitnepenthes.so", "submit-nepenthes.conf", "" // send to download-nepenthes in other nepenthes instances
// "submitxmlrpc.so", "submit-xmlrpc.conf", "" // submit files to a xmlrpc server
// "submithttp.so", "submit-http.conf", "" // submit files to a web server
// logging
"logdownload.so", "log-download.conf", ""
// "logirc.so", "log-irc.conf", "" // needs configuration
// "logprelude.so", "log-prelude.conf", ""
// "loghexdump.so" "" ""
// dumping and logging
"moduleportwatch.so", "module-portwatch.conf", ""
// cmd.exe simulation
"shellemuwinnt.so" "", ""
// single shellcodehandler modules
"shellcodesignatures.so", "", ""
"shellcodegeneric.so", "shellcode-generic.conf", ""
// vulnerability modules
"vulnbagle.so", "vuln-bagle.conf", ""
"vulndameware.so", "vuln-dameware.conf", ""
"vulndcom.so", "vuln-dcom.conf", ""
"vulnftpd.so", "vuln-ftpd.conf", ""
"vulniis.so", "vuln-iis.conf", ""
"vulnkuang2.so", "vuln-kuang2.conf", ""
"vulnlsass.so", "vuln-lsass.conf", ""
"vulnmsmq.so", "vuln-msmq.conf", ""
"vulnmsdtc.so", "vuln-msdtc.conf", ""
"vulnmssql.so", "vuln-mssql.conf", ""
"vulnmydoom.so", "vuln-mydoom.conf", ""
"vulnnetbiosname.so", "vuln-netbiosname.conf", ""
"vulnnetdde.so", "vuln-netdde.conf", ""
"vulnoptix.so", "vuln-optix.conf", ""
"vulnpnp.so", "vuln-pnp.conf", ""
"vulnsasserftpd.so", "vuln-sasserftpd.conf", ""
"vulnsub7.so", "vuln-sub7.conf", ""
"vulnupnp.so", "vuln-upnp.conf", ""
"vulnveritas.so", "vuln-veritas.conf", ""
"vulnwins.so", "vuln-wins.conf", ""
"vulnasn1.so", "vuln-asn1.conf", ""
"vulnms08067.so", "vuln-ms08067.conf", ""
// eXample modules for testing - disabled by default
// "x1.so", "x-1.conf", "",
// "x2.so", "x-2.conf", "",
// "x3.so", "", "",
// "x4.so", "", "",
// "x5.so", "", "",
// "x6.so", "", "",
// "x7.so", "", "",
);
logmanager
{
ring_logging_file "/var/log/nepenthes.%d.log";
file_logging_file "/var/log/nepenthes.log";
};
modulemanager
{
exit_on_broken_moduleload "1";
};
submitmanager
{
strictfiletype "1";
// where does submit-file write to? set this to the same dir
filesdir "/var/lib/nepenthes/binaries/";
};
downloadmanager
{
replace_local_ips "1";
};
socketmanager
{
use_rawsockets "0"; // unstable feature
bind_address "0.0.0.0";
// specify "if:ethX" to get the ip from an interface at startup,
// only works on linux!
};
utilities
{
hexdump_path "/var/lib/nepenthes/hexdumps/";
};
// geolocationmanager
// {
// cache_path "var/cache/nepenthes/geolocation/";
// };
};
Thank you for your precious time again.
glg