Security Basics mailing list archives

RE: DOS attacks

From: "Michael Shirk" <shirkdog () cryptomail org>
Date: Fri Aug 06 13:22:02 EDT 2004

This probaly should be sent to the forensics mailing list.
However, you need to investigate just what happened. Was there a vulnerable service?? did they compromise root?
There are forensics tools like sleuthkit and the webfront to those tools called autopsy. But you need to first figure 
out how you want to respond to the incident, and perserve the evidence as best you can.
This is in case the server is production and can not be disconnected.
Shirkdog
-----Original Message-----
From: pryan () rogers wave ca [mailto:pryan () rogers wave ca]
Sent: Friday, August 06, 2004 12:27 PM
To: security-basics () securityfocus com
Subject: DOS attacks
Importance: High
Are there any forensic type tools to assist me in the following situation.

I have a small group of my Internet customers attacking an external web
server. Rather than just cut them off - I've spoken to the server admin and
received his syslogs.. what I would like to do is to get to the root cause -
whether it be purposely or a worm/Trojan..
Thus far - I've retina/nessus scanned, profiled the traffic to the server
(to get a packet/ bandwidth total) .is there anything else you can recommend
?
Any comments will be greatly appreciated .
 Regards,

paul

!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+
CryptoMail provides free end-to-end message encryption.  
http://www.cryptomail.org/   Ensure your right to privacy.
Traditional email messages are not secure.  They are sent as
clear-text and thus are readable by anyone with the motivation
to acquire a copy.
!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

DOS attacks Paul Ryan (Aug 06)
- Re: DOS attacks Miles Stevenson (Aug 09)
- <Possible follow-ups>
- RE: DOS attacks Michael Shirk (Aug 06)
- RE: DOS attacks Gary Freeman (Aug 09)