> - sometimes checking failed script-kiddies can be entertaining if time > permits to look around for any funny stuff I had one incident that I investigated for a client recently. It was the usual: gain entry, install rootkit, install password scanner, etc. Except he did it in the wrong order, so that his password scanner caught his own connection back to his rootkit archive; so when I started my investigation I was able to log in to his archive and pick up his entire stash of tools. -- Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647 Taygeta Scientific Inc. INTERNET: skipat_private 1340 Munras Ave., Suite 314 WWW: http://www.taygeta.com Monterey, CA. 93940 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Mar 25 2002 - 15:16:33 PST