I wrote a distributed port scanner in php a few months back: http://www.digitaloffense.net/phpDistributedPortScanner/ The public version supports unlimited nodes and a primitive form of authentication. It can be fairly hard to trace the source of the scan because the master can be accessed via one or more proxies and the connection attempts only occur from the slave nodes. The communication protocol is really simply and it would be trivial to add timing options and a much more random port->node dispersal. The development (aka nonpublic) version uses encrypted comms (shared secret for now) and the 'agent' code consists of a wrapper which decrypt's and eval()'s the code sent by the master. Master agents can be chained together to transparently spread a scan across dozens of systems. In short, the agent is only responsilble for authenticating code from a master system, just viewing the source of the agent will not disclose the purpose of the script. I have some other projects in the works which perform some much more interesting tasks using the same distributed architecture. Think of an attack-proxy system which uses randomly chained multiple relayers capable of transforming the data as it passes through. The agent code is going to be slimmed down enough so that it can be "injected" into any arbitrary php script transforming it into a slave node on the fly. I am looking for experienced php developers to help on this project, so if anyone is interested... -- H D Moore http://www.digitaldefense.net - work http://www.digitaloffense.net - play ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Oct 15 2001 - 21:34:01 PDT