Re: digital surveillance techniques for forensics/penetration

From: John Daniele (johnd_at_tsintel.com)
Date: 01/28/04

  • Next message: m e: "Re: Hacking USB Thumbdrives, Thumprint authentication"
    Date: Wed, 28 Jan 2004 17:44:15 -0500 (EST)
    To: Don Parker <dparker@rigelksecurity.com>
    
    

    Well, Silent Runner was already mentioned.. other commercially
    available products include:

    ContExt (www.inetd.com),
    SessionWall (www.e92plus.com)

    A less expensive approach, albeit more manual would be to script the
    interception with Jordan Ritter's ngrep (ngrep.sourceforge.net).

    Also, don't forget that tcpdump -x is your friend.

    For general packet reassembly tools, search sourceforge or freshmeat!

    ttyl,

    _________________________________________
    John Daniele
    President and CEO
    Technical Security & Intelligence Inc.
    Toronto, ON
    Voice: (416) 684-3627
    E-mail: johnd@tsintel.com
    Web: http://www.tsintel.com

    On Fri, 23 Jan 2004, Don Parker wrote:

    > Hello there, well any old packet sniffer will intercept the data you are looking for
    > really. Are you asking if it is possible to rebuild the captured binary transfer of say
    > a jpeg, avi, and the such back to it's original form? If so then there is no such tool
    > to my knowledge which will do that for you.
    >
    > Cheers
    >
    > -------------------------------------------
    > Don Parker, GCIA
    > Intrusion Detection Specialist
    > Rigel Kent Security & Advisory Services Inc
    > www.rigelksecurity.com
    > ph :613.249.8340
    > fax:613.249.8319
    > --------------------------------------------
    >
    > On Jan 23, sil <jesus@resurrected.us> wrote:
    >
    >
    > Many commercial packet sniffers can reconstruct packet dumps, sniffit,
    > NAI's Sniffer, etc. There was a product out a few years back called
    > Hailstorm which offered pretty neat features, I used the beta for about a
    > month testing it, but don't recall who made it, nor have I seen any more
    > information on it. Iris from eEye also does reconstruction, but haven't
    > used it in recent months.
    >
    > If you're looking for some hardware based boxes that can do the job and
    > then some check out Niksun's NetDetector (<a
    > href='http://www.niksun.com/'>http://www.niksun.com/>), or
    > Sandstorm's NetIntercept (<a
    > href='
    http://www.sandstorm.com/'>http://www.sandstorm.com/>). But if you're just
    > looking for general information on reconstruction, you could probably
    > google +"packet sniffer" +reconstruct or any combination of that.
    >
    > NANOG just had a thread that might have interested you this week: "What's
    > the best way to wiretap a network?" which would likely give you a ton of
    > ideas of what those in the networking industry are using/doing. Merit.edu
    > has the archives somewhere in there (too tired to open a browser sorry.)
    >
    >
    > > Hi List
    > >
    > > Anyone know of the tool which reconstructs captured data?? For example
    > > intercepted email with attachments or ftp data.
    > >
    > > I saw a flash demo sometime ago at www.sainstitute.org about digital
    > > surveillance techniques which they cover in DefensiveForensics and
    > > DefensiveHacking. This demo has since been
    > > removed :-( any ideas anyone?
    > >
    > > Thx
    > > Kerri
    > >
    >
    > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
    > Quis custodiet ipsos custodes? - Juvenal
    >
    > J. Oquendo / sil
    > GPG Key ID 0x51F9D78D
    > Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D
    > <a href='
    http://pgp.mit.edu:11371/pks/lookup?
    > op=get&search=0x51F9D78D'>http://pgp.mit.edu:11371/pks/lookup?
    > op=get&search=0x51F9D78D</a>
    >
    > sil @ politrix . org <a href='http://www.politrix.org'>http://www.politrix.org>
    > sil @ infiltrated . net <a
    > href='
    http://www.infiltrated.net'>http://www.infiltrated.net>
    >
    > ---------------------------------------------------------------------------
    > ----------------------------------------------------------------------------
    >
    >
    >
    > -----------------------------------------------------------------
    > This list is provided by the SecurityFocus ARIS analyzer service.
    > For more information on this free incident handling, management
    > and tracking system please see:
    http://aris.securityfocus.com
    >
    >

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: m e: "Re: Hacking USB Thumbdrives, Thumprint authentication"

    Relevant Pages