Back on the VAX (nmtvax, if anyone still has an old arpanet hosts file) we used to play a game (in the middle of the night when no important users were online). The game was called "wheelwars". The object was for one sysadmin to reign supreme (be the only one logged in). You might consider such a game as part of your lab. I think it would certainly work for part of the "bobbytrap" host. You will need to develop a few rules. I think our rules included no ready-made programs or scripts (you had to write them during the game), no file or account deletions (since it was a production system), and no messing with the hardware. One thing that comes out of playing a game like this is that people tend to become really aware of the system, and will start to notice things that unusual. On Thu, Nov 29, 2001 at 10:59:48AM -0500, Darren Welch wrote: > Hi Everyone, > > I want to set up a pc in my lab that has boobytraps and/ or logic > bombs set (for boot or shut down). The intent is to design several traps > that an investigator may encounter when making an acquisition in the > field. The purpose is to recreate practical scenarios so that examiners > have had face time with one of these types of traps, will recognize it > working, and will follow proper procedure in order to preserve > evidence. Does anyone know of canned scripts or software that can be > install that will set up the above environment and/or written procedures > for handling logic bombs aside from pulling the plug? Appreciate the > help. -- William Colburn, "Sysprog" <wcolburnat_private> Computer Center, New Mexico Institute of Mining and Technology http://www.nmt.edu/tcc/ http://www.nmt.edu/~wcolburn ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Nov 29 2001 - 09:05:42 PST