Re: Keylogger Needed Quick!

From: J Jewitt (jjewitt2001at_private)
Date: Tue Mar 12 2002 - 09:20:41 PST

Next message: Matthew.Brownat_private: "Re: Encase and data recovery"

Previous message: Young, Brandon: "Encase and data recovery"
In reply to: Marlon Jabbur: "Re: Keylogger Needed Quick!"
Next in thread: Andrew Falanga: "Re: Keylogger Needed Quick!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

   If you're perp has installed a rootkit, then
patching your shell may give you away, especially if
his kit modified bash already. However, this is the
best solution if your perp is connecting via an
encrypted session.
   Consider also sniffing the connection from another
system. It's more stealthy and cannot be affected by
the perp without him breaking into the sniffer box.
Any sniffer will do. Telnet commands will show up in
clear text to port 23.

  good luck.
       J Jewitt



--- Marlon Jabbur <mjabburat_private> wrote:
> Take a look at
>
http://project.honeynet.org/papers/honeynet/bash.patch
>  it's
> a bash patch that allows you to record the history
> in a syslog server.
> 
> Hope this help.
> Marlon
> ----- Original Message -----
> From: "Tom Kapanka" <tomat_private>
> To: <forensicsat_private>;
> <incidentsat_private>
> Sent: Monday, March 11, 2002 9:00 PM
> Subject: Keylogger Needed Quick!
> 
> 
> > We got a intruder cornered and need to install a
> keylogger quick!  Anyone
> > got a good one that I can drop in real easy and
> quiet-like to nab this
> guy?
> > He comes in right around the same time and that
> time draws near.
> >
> > OS: RedHat Linux 7.1
> >
> > I was confused by the ones listed at PacketStorm,
> most of them are for
> > Windoze.  Any help getting this installed would be
> appreciated!
> >
> > -t
> >
> >
> >
>
-----------------------------------------------------------------
> > This list is provided by the SecurityFocus ARIS
> analyzer service.
> > For more information on this free incident
> handling, management
> > and tracking system please see:
> http://aris.securityfocus.com
> >
> >
> 
> 
>
-----------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS
> analyzer service.
> For more information on this free incident handling,
> management 
> and tracking system please see:
> http://aris.securityfocus.com
> 


__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Matthew.Brownat_private: "Re: Encase and data recovery"
Previous message: Young, Brandon: "Encase and data recovery"
In reply to: Marlon Jabbur: "Re: Keylogger Needed Quick!"
Next in thread: Andrew Falanga: "Re: Keylogger Needed Quick!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Mar 12 2002 - 10:19:37 PST