Security Basics mailing list archives

Re: Hackers in the House

From: badz <smanaois3 () gmail com>
Date: Fri, 22 Sep 2006 00:59:33 +0800

A very interesting read... If I may, how did the attacker manage to get in?

The script seems to be a very favored tool for some hackers (more like
skiddies in my book =)) to download "tools" from http sites onto their
targets. It would have been fun to get hold of those executables the
attacker tried to copy over and "disembowel" 'em hehe.

Gut feel, what occurred on your honeypot was an automated attack (why
run an executable when it failed to get tftp'd over in the first
place?). Most likely not done by a pro; prolly a student on sem break.
=)

Great work on the project, good luck... ;-)

On 9/21/06, Mark Ryan del Moral Talabis <talabis () gmail com> wrote:

This is a step by step analysis of an actual "break-in" in one of our
honeypots. The case exemplifies the typical hacker methodology /
behaviour in the first phases of a
compromise.

http://www.philippinehoneynet.org/dataarchive.php?date=2006-07-24

Regards,
Ryan

--
Mark Ryan del Moral Talabis
MS GSEC MCP PTRP

The Philippine Honeynet Project
http://www.philippinehoneynet.org

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



--
...badz...
Linux Registered User 373124
Salvador.Manaois.III

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE

The NSA has designated Norwich University a center of Academic Excellencein Information Security. Our program offers unparalleled Infosec managementeducation and the case study affords you unmatched consulting experience.Using interactive e-Learning technology, you can earn this esteemed degree,without disrupting your career or home life.


http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Hackers in the House Mark Ryan del Moral Talabis (Sep 21)
- Re: Hackers in the House Manuel Arostegui Ramirez (Sep 21)
- Re: Hackers in the House badz (Sep 21)
- Re: Hackers in the House Alexander Bolante (Sep 21)
  - RE: Hackers in the House Don Parker (Sep 22)
- Re: Hackers in the House intel96 (Sep 22)