Re: Hackers in the House

[Manuel Arostegui Ramirez <manuel () todo-linux com>]

El Jueves, 21 de Septiembre de 2006 15:39, Mark Ryan del Moral Talabis 
escribió:
> This is a step by step analysis of an actual "break-in" in one of our
> honeypots. The case exemplifies the typical hacker methodology /
> behaviour in the first phases of a
> compromise.
>
> http://www.philippinehoneynet.org/dataarchive.php?date=2006-07-24
>
> Regards,
> Ryan

Great document :-)
I'm writting down one similar document, but this is a Linux based scenery, 
wireless one :-)

Hope to upload it in about one week :-)
It's quite interesentig to see how script-kiddies uses honeypots to connect 
private IRC networks ( i allowed them to use irsii on the honeypot) and it's 
much more fun how they keep logs on the machine :-).

Furthermore, I've realized that they also wanted to break into my network 
either my neighbours' wireless (I allowed script-kiddies to use kismet, and 
they uploaded aircrack).

First days some of them owned one user account on the system, and after they 
realized wget wasn't on the system they left the honeypot. So I decided to 
install wget, because it seemed to me that they don't know so much more about 
uuencode and uudecode. Little bit frustation about it.

Stay tuned.

Kind regards

Manuel.
-- 
Manuel Arostegui Ramirez.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------