[Dshield] Classic hacks
msquire at lagraphico.com
Mon Jan 26 21:50:13 GMT 2004
Couldn't you just reproduce them with something like Nessus?
> -----Original Message-----
> From: Johannes B. Ullrich [mailto:jullrich at sans.org]
> Sent: Monday, January 26, 2004 10:52 AM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Classic hacks
> you may want to check the SANS reading room, in particular
> any GCIA papers you may find. They frequently include packet
> traces. Another good sourse is the intrusions list
> (intrusions at sans.org)
> On Mon, 2004-01-26 at 11:29, Pete Cap wrote:
> > Greetings all,
> > For the purposes of studying / explaining forensics and network
> > traffic analysis (tcpdump, snort, etc.) it would be great if anyone
> > had any complete records of common compromises (real or
> > laboratory-generated).
> > Anyone know where I could find such a resource?
> > It would be great to point and say "*Here* he caused a buffer
> > overrun...*this* is the code which was exectuted...*this*
> is what it did...now *here* you can see him setting up a user
> account..." etc.
> > Just a thought,
> > Regards,
> > Pete
> > ---------------------------------
> > Do you Yahoo!?
> > Yahoo! SiteBuilder - Free web site building tool. Try it!
> > _______________________________________________
> > list mailing list
> > list at dshield.org
> > To change your subscription options (or unsubscribe), see:
> > http://www.dshield.org/mailman/listinfo/list
> CTO SANS Internet Storm Center http://isc.sans.org
> phone: (617) 837 2807 jullrich at sans.org
> contact details: http://johannes.homepc.org/contact.htm
More information about the list