Early Bird
Platforms:
UNIX
Categories:
Intrusion Detection,
Network Monitoring,
Web
Version: v2.5
URL: http://www.treachery.net/~jdyson/earlybird/
This utility is designed around the notion of setting up a decoy 'default.ida' executable on a UNIX system. When the worm (code red) hits this decoy script, a quick note is made as to the version of the worm (v1 or v2), and a lookup is performed via ARIN on the connecting IP address to determine the parent netblock owner. (Starting with Early Bird v2.1, the APNIC and RIPE databases are also consulted based on the IANA designations for Class A networks.) An e-mail is then composed with those details and sent off to said contact.
