[Dshield] Classic hacks

jayjwa jayjwa at atr2.ath.cx
Tue Jan 27 06:08:03 GMT 2004



On Mon, 26 Jan 2004, Pete Cap wrote:


> For the purposes of studying / explaining forensics and network traffic analysis (tcpdump, snort, etc.) it would be great if anyone had any complete records of common compromises (real or laboratory-generated).
>
> Anyone know where I could find such a resource?
>
> It would be great to point and say "*Here* he caused a buffer overrun...*this* is the code which was exectuted...*this* is what it did...now *here* you can see him setting up a user account..." etc.


You may try a search for "Honey Pots" and such, unless you get a better
link. I've grabbed whole tarred files of raw "evidence" like this, but be
prepared to swim thru megabytes of stuff before finding anything good.


[jayjwa]RLF#37






More information about the list mailing list