Solaris syslog output from PROTOS tool (fwd)

[Tina Bird <tbird () precision-guesswork com>]

Counterpane has begun testing vulnerable systems
for evidence of the PROTOS tool in use.  So far,
we've learned that snmpdx will produce the following
message >after< a crafted packet has caused 
problems:

Feb 12 23:25:48 mordor snmpdx: agent snmpd not responding
Feb 13 00:03:24 mordor snmpdx: agent snmpd not responding

We are continuing testing and will publish forensic
evidence on the Log Analysis Web site as we collect
it.

Contributions gratefully accepted, too.  I will follow
this up with a list of IDS signatures that are specific
to the PROTOS tool.

Tina Bird
Log Analysis: http://www.counterpane.com/log-analysis.html


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com