[Dshield] Classic hacks

jayjwa jayjwa at atr2.ath.cx
Tue Jan 27 06:08:03 GMT 2004

On Mon, 26 Jan 2004, Pete Cap wrote:

> For the purposes of studying / explaining forensics and network traffic analysis (tcpdump, snort, etc.) it would be great if anyone had any complete records of common compromises (real or laboratory-generated).
> Anyone know where I could find such a resource?
> It would be great to point and say "*Here* he caused a buffer overrun...*this* is the code which was exectuted...*this* is what it did...now *here* you can see him setting up a user account..." etc.

You may try a search for "Honey Pots" and such, unless you get a better
link. I've grabbed whole tarred files of raw "evidence" like this, but be
prepared to swim thru megabytes of stuff before finding anything good.


More information about the list mailing list