[PCBSD-malaysia] Fwd: [Nepenthes-devel] Distributed Nepenthes - PHARM

Muhammad Najmi Ahmad Zabidi najmi.zabidi at gmail.com
Sun Nov 22 18:02:56 PST 2009


---------- Forwarded message ----------
From: Nepenthes Development Team <nepenthesdev at gmail.com>
Date: Mon, Nov 23, 2009 at 8:19 AM
Subject: [Nepenthes-devel] Distributed Nepenthes - PHARM
To: nepenthes-devel <nepenthes-devel at lists.sourceforge.net>
Cc: parvinder.bhasin at gmail.com


Hi,

Parvinder Bhasin created a webinterface for a distributed nepenthes setup.
>From what I saw it parses the logfiles and uploads the data
-unencrypted, unauthenticated- to a central service where you get a
webinterface.
He asked me to let users know about the software.

--------
Just wanted to update you guys on Nepenthes PHARM.  I am done with
development and testing.    Pharm is now available for download  at
http://www.nepenthespharm.com
I would really appreciate it  if you guys can announce to your
respected groups and would be great if you can provide link to the
nepenthespharm.com site from your websites.
Additionaly I would really appreciate some feedback on the site and pharm.
Thanks a bunch for all your help.  Hopefully this tool will aid
security researchers in their field :)

-Parvinder Bhasin
--------


I really appreciate people contributing, but let me be honest ...

PHARM demonstrates some problems:
 * you don't have to parse the logfiles
 * you should authenticate clients sending messages to the server
 * development without contact with other users/developers
 * mysql is a bad choice

each of the problems could have been resolved by joining the ml,
explain the plan, and wait for feedback.
I'd have objected to use mysql to store data, where postgres INET is
great datatype for ip addresses.
I'd have objected not to use autentication for clients, authentication
using ips is no choice for most setups.
I'd have objected to parse logfiles.

I'd have proposed to use nepenthes EventHandlers instead of parsing,
xmpp for communication, and postgres as database backend.
With xmpp, you get authentication, authorization and encryption for
free, and all you have to do is get the clients in a shared channel
and have them reporting.
Parse the proper formatted xml data, store in a postgres database, and
start thinking about the webinterface.
if you want to avoid inter-sensor-message sharing, hack the xmpp
service to relay messages from normal channel user to channel
moderators only.

If you grant sensors direct write access to the database, you can use
log-surfnet and the surfnet webinterface, getting cool reporting -
without writing a line of coding at all.

But, obviously it was more comfortable not hit the ml, and ask me to
announce it on the ml when it was finished.
That is sad, as it helps nobody.
I feel rude, criticizing your work, due to design decisions I do
share, and see resources wasted.
In reaction, you could feel offended, maybe you take it sportive and start
over.
And if things go bad, there is one person less to have a beer with.


Nevertheless, I did not have the time to test/install nepenthesPHARM,
so I do not criticize the function, just the creation-process.
Maybe it does an awesome job, and fits your requirements, if you gave
it a shot, please share the experience.


Markus

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus
on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Nepenthes-devel mailing list
Nepenthes-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nepenthes-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.pcbsd.org/pipermail/pcbsd-malaysia/attachments/20091123/e4a449c3/attachment.html 


More information about the PCBSD-malaysia mailing list