SecurityFocus Article Announcement

From: Hal Flynn (flynn@securityfocus.com)
Date: 03/21/03

  • Next message: Ivanov, Vladimir: "RE: Better Syslog server"
    Date: Fri, 21 Mar 2003 09:23:13 -0700 (MST)
    From: Hal Flynn <flynn@securityfocus.com>
    To: focus-sun@securityfocus.com
    
    

    IDS Logs in Forensics Investigations: An Analysis of a Compromised
    Honeypot
    by Alan Neville

    This paper will deconstruct the steps taken to conduct a full analysis of
    a compromised machine. In particular, we will be examining the tool that
    was used to exploit a dtspcd buffer overflow vulnerability, which allows
    remote root access to the system. The objective of this paper is to show
    the value of IDS logs in conducting forensics investigations.

    http://www.securityfocus.com/infocus/1676

    Hal Flynn
    Symantec Corp.

    "....You guys are the Marine's doctors; There's no better in the business
    than a Navy Corpsman...."
      -- Lieutenant General Lewis B. "Chesty" Puller, U.S.M.C.


  • Next message: Ivanov, Vladimir: "RE: Better Syslog server"

    Relevant Pages

    • Post break-in forensics
      ... IDS Logs in Forensics Investigations: ... by Alan Neville ... This paper will deconstruct the steps taken to conduct a full analysis of ...
      (Pen-Test)
    • SecurityFocus Article Announcement
      ... IDS Logs in Forensics Investigations: ... by Alan Neville ... This paper will deconstruct the steps taken to conduct a full analysis of ...
      (Security-Basics)