[Dshield] Classic hacks

Johannes B. Ullrich jullrich at sans.org
Mon Jan 26 18:51:40 GMT 2004


you may want to check the SANS reading room, in particular any GCIA
papers you may find. They frequently include packet traces. Another good
sourse is the intrusions list (intrusions at sans.org)



On Mon, 2004-01-26 at 11:29, Pete Cap wrote:
> Greetings all,
>  
> For the purposes of studying / explaining forensics and network traffic analysis (tcpdump, snort, etc.) it would be great if anyone had any complete records of common compromises (real or laboratory-generated).
> 
> Anyone know where I could find such a resource?
>  
> It would be great to point and say "*Here* he caused a buffer overrun...*this* is the code which was exectuted...*this* is what it did...now *here* you can see him setting up a user account..." etc.
>  
> Just a thought,
>  
> Regards,
>  
> Pete
> 
> 
> ---------------------------------
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free web site building tool. Try it!
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040126/cb24a61f/attachment.bin


More information about the list mailing list