Home page logo

basics logo Security Basics mailing list archives

RE: tools used to examine a computer
From: "Trevor Cushen" <Trevor.Cushen () sysnet ie>
Date: Tue, 18 Feb 2003 17:38:52 -0000

Your spelt it wrong is all Ivan, Biatchux lives on (renamed to FIRE as
well, which doesn't help)


Download at http://fire.dmzs.com/ or http://biatchux.sourceforge.net but
it will redirect you to the first URL

Also look at


Which might be interesting to you

Hope this helps and reunites you with an excellent product

Trevor Cushen
Sysnet Ltd

Tel: +353 1 2983000
Fax: +353 1 2960499

-----Original Message-----
From: Ivan Hernandez [mailto:ivan.hernandez () globalsis com ar] 
Sent: 17 February 2003 19:04
To: Hopkins, Joshua
Cc: security-basics () securityfocus com
Subject: Re: tools used to examine a computer

There was a very interesting linux distro called bitchux oriented in 
forensic work. I had a very first version and worked fine. The problem 
is that i now try google and can't find the info !
Ivan Hernandez

Hopkins, Joshua wrote:

I could really use some help in finding a tool that will be used when 
and employee gets terminated or when a computer gets broken into.  I 
had a network breach happen from the inside and when I went and took 
the machine back to the operation center I found that a login script 
was placed into the admin account for that machine and the script 
erased the evidence.  I was able to copy some files over the network 
before I took the computer into custody. What tools are out there that 
can really be helpful in monitoring/forensics.

Joshua R. Hopkins
Information Security Analyst
ARUP Laboratories
Salt Lake City, UT
tel.  801.583.2787 ext 3110
fax. 801.584.5108
josh.hopkins () aruplab com
-----Original Message-----
From:  James Taylor [mailto:james_n_taylor () yahoo com] 
Sent:  Wednesday, February 12, 2003 7:56 PM
To:    Naman Latif
Cc:    security-basics () securityfocus com
Subject:       Re: Read Only Ethernet Cable

From google...



http://www.robertgraham.com/pubs/sniffing-faq.html - 3.6
How can I create a receive-only Ethernet adapter?

You use 2 cards, one in 'read-only' promiscous mode
sniffing the wire, the other connected to the management network (& 
severly restricted) to communicate with the sensor.


--- Rory <nazgul () csn ul ie> wrote:

I'm assuming here by the information you've given so if
i'm wrong please
correct me. You want to make a cable that allows the
traffic to go in one
direction. the idea being that your snort box does not
send information
just receives it. I don't think you can do this with a special cable 
as ethernet need to be able to send acks back to let the
sending side know
that it received that data. So you will need to do this
at OS level not
with a special cable. If you were to do what you were
suggesting the
sending box would send only the number of packets in the
TCP window and
that would be it (it mayt resend them but in the end it
will just be a
small set of information ). you will need to do this with
chain rules.

If my assumptions were totally wrong sorry.


On Tue, 11 Feb 2003, Naman Latif wrote:

Can anyone tell me how to make a Read-Only Ethernet

Cable to be used

with Snort\Sniffer

IS this correct

LAN          Snort\Switch
1          1
2          2

Then on both sides, connect 1&2 to eachother ?

\\ Naman

Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day 


This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 

If you have received this message in error please notify SYSNET Ltd., at
telephone no: +353-1-2983000 or postmaster () sysnet ie


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]