Security Basics mailing list archives

SecurityFocus Article Announcement

From: Stephen Entwisle <se () securityfocus com>
Date: Fri, 21 Mar 2003 09:25:41 -0700 (MST)

IDS Logs in Forensics Investigations: An Analysis of a Compromised
Honeypot
by Alan Neville

This paper will deconstruct the steps taken to conduct a full analysis of
a compromised machine. In particular, we will be examining the tool that
was used to exploit a dtspcd buffer overflow vulnerability, which allows
remote root access to the system. The objective of this paper is to show
the value of IDS logs in conducting forensics investigations.

http://www.securityfocus.com/infocus/1676

Stephen Entwisle
Moderator, Security-Basics
SecurityFocus
http://www.securityfocus.com
(403) 213 3939 ext. 235

Current thread:

SecurityFocus Article Announcement Stephen Entwisle (Mar 07)
- <Possible follow-ups>
- SecurityFocus Article Announcement Stephen Entwisle (Mar 13)
- SecurityFocus Article Announcement Stephen Entwisle (Mar 18)
- SecurityFocus Article Announcement Stephen Entwisle (Mar 21)
- SecurityFocus Article Announcement Stephen Entwisle (Mar 25)
- SecurityFocus Article Announcement Stephen Entwisle (Mar 25)
  - Re: SecurityFocus Article Announcement Times Enemy (Mar 26)
- RE: Re: SecurityFocus Article Announcement Stephen Entwisle (Mar 26)
- SecurityFocus Article Announcement Stephen Entwisle (Mar 28)