[Gllug] Forensics On a Cracked Linux Server

[Pete Stean]

I would like to see a bit more speculating on how the server was comprised
in the first place - what vectors could have been used to infect it for
instance... ?

Pete


On 28/08/07, Alexandre de Abreu <alexandre.abreu at gmail.com> wrote:
>
> Hi Peter,
>
> Great article, very well detailed, but nothing new. It could be a great
> paper for GIAC GCIA SANS certification.
>
> Cheers
>
> Alexandre
>
> On 28/08/07, Peter Cannon <peter at cannon-linux.co.uk> wrote:
> >
> > Hi All
> >
> > I read this post which was originally on slashdot, I have to say I found
> > it very interesting even if I only understood a quarter of it (Note to
> > self, you need to learn more). For anyone that has been cracked or
> > suspect they have been then maybe you should read this, I'm fairly
> > certain you could use bits and pieces to carry out your own
> > investigations.
> >
> > http://blog.gnist.org/article.php?story=HollidayCracking
> >
> > Typically the miscreant cant be caught or at least hasn't been yet I was
> > hoping it would end up with the guy tracking him down. :-(
> >
> > --
> > Regards
> >
> > Peter cannon
> >
> > "There is every excuse for not knowing
> > There is no excuse for not asking"
> > --
> > Gllug mailing list  -  Gllug at gllug.org.uk
> > http://lists.gllug.org.uk/mailman/listinfo/gllug
> >
>
>
>
> --
> Alexandre de Abreu
> --
> Gllug mailing list  -  Gllug at gllug.org.uk
> http://lists.gllug.org.uk/mailman/listinfo/gllug
>
>


-- 
'In letters of gold, on a snow-white kite, I will write "I Love You!"
And send it soaring high above you, for all to read!'

RIP Billy M 1957-1997
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20070828/04d42071/attachment.html>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug