[logs] Solaris syslog output from PROTOS tool

From: Tina Bird (tbird@precision-guesswork.com)
Date: Wed Feb 13 2002 - 11:46:01 PST

Next message: Wyatt, Kenny, ITS: "[logs] NT/WT Log Synch?"

Previous message: jamie rishaw: "Re: [logs] syslogd recommendations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Counterpane has begun testing vulnerable systems
for evidence of the PROTOS tool in use.  So far,
we've learned that snmpdx will produce the following
message >after< a crafted packet has caused 
problems:

Feb 12 23:25:48 mordor snmpdx: agent snmpd not responding
Feb 13 00:03:24 mordor snmpdx: agent snmpd not responding

We are continuing testing and will publish forensic
evidence on the Log Analysis Web site as we collect
it.

Contributions gratefully accepted, too.  I will follow
this up with a list of IDS signatures that are specific
to the PROTOS tool.

Tina Bird
Log Analysis: http://www.counterpane.com/log-analysis.html


---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Wyatt, Kenny, ITS: "[logs] NT/WT Log Synch?"
Previous message: jamie rishaw: "Re: [logs] syslogd recommendations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Feb 13 2002 - 14:47:45 PST