[Dshield] Classic hacks
jayjwa at atr2.ath.cx
Tue Jan 27 06:08:03 GMT 2004
On Mon, 26 Jan 2004, Pete Cap wrote:
> For the purposes of studying / explaining forensics and network traffic analysis (tcpdump, snort, etc.) it would be great if anyone had any complete records of common compromises (real or laboratory-generated).
> Anyone know where I could find such a resource?
> It would be great to point and say "*Here* he caused a buffer overrun...*this* is the code which was exectuted...*this* is what it did...now *here* you can see him setting up a user account..." etc.
You may try a search for "Honey Pots" and such, unless you get a better
link. I've grabbed whole tarred files of raw "evidence" like this, but be
prepared to swim thru megabytes of stuff before finding anything good.
More information about the list