You could grab one of the old 'scans of the month' from the honeynet project. http://project.honeynet.org/misc/chall.html mike At 08:39 AM 9/18/2002 -0700, Mark Morrissey wrote: >I am teaching a class in computer forensics this fall term and want to >give an assignment for students to investigate a machine that has been >compromised. I would like the machine to have been compromised by me using >a rootkit that includes at least some source. I have an image of a system >that was compromised with t0rn, but the images are all too large to be >easily used. > >My plan is to build a linux system using very small (about 200 MB) disks. >The idea is then to rootkit this machine from another box. I'll put them >on a private network so that I can be sure it was me who did the >compromising. I'll then make the hard drives available on a different >machine (unmounted) and let the students begin with imaging drives and go >all the way through report writing. > >Does anyone know of a rootkit that has at least some source that would be >good for this. I can build the machine from any version linux 6.0 or >above. The reason for the source code is that I intend to shut down the >compromised machine after deleting the source tree so that there is source >code as well as binaries in the deleted space. > >Of course, I could be slightly insane, but that's another issue... > >--mark >--- >Mark Morrissey markemat_private >Lecturer in Computer Science www.cs.pdx.edu/~markem > > >----------------------------------------------------------------- >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management >and tracking system please see: http://aris.securityfocus.com --------------------------------------------------------------------- www.webfargo.com CCDA CCNA CCSA CCSE MCP+I MCSE PGP key available ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Sep 23 2002 - 08:27:22 PDT