In this topic I enjoyed a lot Honeynet Project's "Scan of the month" contests : http://project.honeynet.org/scans/ There, you get traces from attacks and you have to discover what happened. Old contests have the solution online. Very instructing for forensics. Jacques THOMAS Tina Bird wrote: > > Author Mike Schiffman released a book called "Hacker's Challenge: Test Your > Incident Response Skills Using 20 Scenarios" last October. The book > consists of 20 real-life intrusions from a variety of corporate and > university environments, and invites the reader to figure out how > machines were compromised, as well as any actions taken by the attacker > once they were in. Incidents are rated (somewhat randomly) by difficulty > of accomplishment and mitigation. > > I got all excited about this when I read about it, 'cos it sounded like > a great place to go trolling for attack data. Sadly, the majority of the > incidents are first detected either because a Web site was defaced, > the attacker sent an e-mail to the victim talking about how el33t he > was, or because a high-visibility service (like corporate e-mail) became > unavailable. Only 2 of the 20 incidents are discovered because of IDS > alarms; none are discovered in OS logs; and most of the forensic work > uses lots of info other than syslog. > > It's a really good read (kind of like Agatha Christie for geeks, and > about that level of complexity), and a great insight into what goes on > >after< the first bit of discovery is done. I do recommend it highly. > > tbird > full of spam today --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Wed Jan 16 2002 - 06:39:49 PST