[Dshield] Classic hacks

Mark Squire msquire at lagraphico.com
Mon Jan 26 21:50:13 GMT 2004


Couldn't you just reproduce them with something like Nessus?

> -----Original Message-----
> From: Johannes B. Ullrich [mailto:jullrich at sans.org] 
> Sent: Monday, January 26, 2004 10:52 AM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Classic hacks
> 
> 
> 
> you may want to check the SANS reading room, in particular 
> any GCIA papers you may find. They frequently include packet 
> traces. Another good sourse is the intrusions list 
> (intrusions at sans.org)
> 
> 
> 
> On Mon, 2004-01-26 at 11:29, Pete Cap wrote:
> > Greetings all,
> >  
> > For the purposes of studying / explaining forensics and network 
> > traffic analysis (tcpdump, snort, etc.) it would be great if anyone 
> > had any complete records of common compromises (real or 
> > laboratory-generated).
> > 
> > Anyone know where I could find such a resource?
> >  
> > It would be great to point and say "*Here* he caused a buffer 
> > overrun...*this* is the code which was exectuted...*this* 
> is what it did...now *here* you can see him setting up a user 
> account..." etc.
> >  
> > Just a thought,
> >  
> > Regards,
> >  
> > Pete
> > 
> > 
> > ---------------------------------
> > Do you Yahoo!?
> > Yahoo! SiteBuilder - Free web site building tool. Try it! 
> > _______________________________________________
> > list mailing list
> > list at dshield.org
> > To change your subscription options (or unsubscribe), see: 
> > http://www.dshield.org/mailman/listinfo/list
> -- 
> CTO SANS Internet Storm Center               http://isc.sans.org
> phone: (617) 837 2807                          jullrich at sans.org 
> 
> contact details: http://johannes.homepc.org/contact.htm
> 




More information about the list mailing list