Top
Search
Subscribe
Social Media - Mubix
Login
Archives
« Jailbreak SSH horrors strike back | Main | resources for railgun development »
Tuesday
Aug032010

AV Tracker

DateTuesday, August 3, 2010 at 12:00PM

Ever set up a multi/handler and get an odd IP hitting it? Probably forgot about it as internet chatter? Think again, you might have just been caught

AV Tracker – ( http://avtracker.info/ ) is a site that tracks the different IP addresses, hostnames, computer names and user agents that AV and other “Submit-your-malware-here” drop boxes use.

Peter Kleissner and his team provide

  • ranges that the hosts use
  • a dynamic text file with the IP addresses listed if you want to add it to some auto updating block list
  • a line by line IPTABLES block config
  • and even C code to add into your binary to make sure it doesn’t talk out from one of those addresses (I could be reading it wrong, still a beginner in C)

The team has been criticized a lot by AV vendors, enough so the took down the site in January of this year. But it came back June 5th.

I use this site to help me know when the Incident Responders are on to me for my pen testing jobs. I do not wish to get in the debate of how a tool could be used.

AuthorRob Fuller | Comment1 Comment |
tagged

Reader Comments (1)

It seems my AV (Avast) goes crazy with popups every time I come across this site, classing it as a "URL:Mal" (Malicious URL). Is this because it's malicious to me or Avast?

August 3, 2010 | Unregistered CommenterAd P

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>
Alert
Comment Moderation Enabled
Your comment will not appear until it has been cleared by a website editor.

Notify me of follow-up comments via email.