Recently I installed Nepenthes on one of my machines. Just so I can capture some malware, reverse engineer it and fun stuff like that. (It's fun, really)..
However, Being that WINS is one of the exploitable things in nepenthes, and that apparently some host on my ISP is infected with some sort of auto-spreading WINS exploit. Nepenthes is even able to emulate reverse shells.
So apparently, whatever host tried to infect me, apparently is running Windows 2000. and if I really wanted to, I could control that machine. However.. I'll just have pity on him for running Windows.
No, I will not post his IP.
Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people so...
Let me start off by saying I'm not bashing the writer of this article, and I'm trying not to be super critical. I don't want to...