Last post Sep 24, 2010 10:04 AM by KristoferA
Sep 21, 2010 11:45 AM|KristoferA|LINK
I put together a small simple (experimental) windows service that keeps an eye on the event log for the kind of CryptographicException errors generated by POET attacks. If a given remote IP address generates a large number of those exceptions, the service
can block that IP in the windows firewall and/or send an email to an administrator. It is still just a proof-of-concept / experimental thingie, but hopefully it can be used as an additional layer of security to protect against POET-based attacks...
More info here:
...and the service itself (including source code) can be downloaded from:
If you have any feedback regarding the service, please submit as comments in
Update: I just posted some installation instructions here for anyone brave enough to try it out:
Sep 24, 2010 10:04 AM|KristoferA|LINK
Update: just released a new version of the 'POET sniffer' service, and blogged about some of the changes made in the latest version (caused by the outcome of some POET attack simulations I have done).