Hey Folks, IDS Logs in Forensics Investigations: An Analysis of a Compromised Honeypot by Alan Neville This paper will deconstruct the steps taken to conduct a full analysis of a compromised machine. In particular, we will be examining the tool that was used to exploit a dtspcd buffer overflow vulnerability, which allows remote root access to the system. The objective of this paper is to show the value of IDS logs in conducting forensics investigations. http://www.securityfocus.com/infocus/1676 Alfred Huger Symantec Corp. ---------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes now! Download a free 15-day trial of VAM: http://www2.stillsecure.com/download/sf_vuln_list.html
This archive was generated by hypermail 2b30 : Mon Mar 24 2003 - 08:45:05 PST