Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: HailStorm - was digital surveillance techniques for forensics/penetration
From: "DaemonLabs.com Support (MLM)" <Lists () DaemonLabs com>
Date: Thu, 29 Jan 2004 15:47:42 +0100

FYI,

HailStorm at the time was created by Greg Hoglund - writer of the NTRootkit.
HailStorm is being promoted these days by the same team, called Cenzic
(www.cenzic.com), formerly known as "ClickToSecure". HailStorm is still (in
much improved form) there, FYI.

Cheers - Marnix Petrarca

----- Original Message ----- 
From: "sil" <jesus () resurrected us>
To: "Kerri Sharp" <kerri () dancetonight com>
Cc: <forensics () securityfocus com>; <pen-test () securityfocus com>
Sent: Friday, January 23, 2004 09:07
Subject: Re: digital surveillance techniques for forensics/penetration



Many commercial packet sniffers can reconstruct packet dumps, sniffit,
NAI's Sniffer, etc. There was a product out a few years back called
Hailstorm which offered pretty neat features, I used the beta for about a
month testing it, but don't recall who made it, nor have I seen any more
information on it. Iris from eEye also does reconstruction, but haven't
used it in recent months.

If you're looking for some hardware based boxes that can do the job and
then some check out Niksun's NetDetector (http://www.niksun.com/), or
Sandstorm's NetIntercept (http://www.sandstorm.com/). But if you're just
looking for general information on reconstruction, you could probably
google +"packet sniffer" +reconstruct or any combination of that.

NANOG just had a thread that might have interested you this week: "What's
the best way to wiretap a network?" which would likely give you a ton of
ideas of what those in the networking industry are using/doing. Merit.edu
has the archives somewhere in there (too tired to open a browser sorry.)


Hi List

Anyone know of the tool which reconstructs captured data?? For example
intercepted email with attachments or ftp data.

I saw a flash demo sometime ago at www.sainstitute.org about digital
surveillance techniques which they cover in DefensiveForensics and
DefensiveHacking. This demo has since been
removed :-( any ideas anyone?

Thx
Kerri


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Quis custodiet ipsos custodes? - Juvenal

J. Oquendo / sil
GPG Key ID 0x51F9D78D
Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D

sil @ politrix . org    http://www.politrix.org
sil @ infiltrated . net http://www.infiltrated.net

--------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--



---
Outgoing DaemonLabs.com E-Mail is AVG 2004 Certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.572 / Virus Database: 362 - Release Date: 27-Jan-04


---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]