Honeypots mailing list archives
RE: Honeypot article
From: Tom McLaughlin <tmclaugh () sdf lonestar org>
Date: 16 Jan 2003 00:54:13 -0500
From http://www.geocities.com/shellmaniac/su.c:
/* su.c by xp, modified by logikal@efnet - tested on redhat 5 -> 7 */ Has anyone gone beyond looking at technical clues in investigating and looked at "social" means of doing it? Take the nick from IRC in the above code comment. Look for their presence online. We don't know how that nick is connected to what happened if at all, but it does give us a starting point. Find their channels, see who comes and goes, look at what they talk about. Wait for a script kiddie to boast or find possibly where else one could look for the intruder... Hackers have decent social networks. Damn I wish I could remember the link to the article I read recently mentioning hacker social structure. Police don't rely on forensics alone and IRC did help catch Mafia Boy. Just a thought... I was a liberal arts major. :) Tom -- Mandrake Cooker + Honeypot = http://cookerpot.linsec.ca On Wed, 2003-01-15 at 17:15, Spikeman wrote:
added google search bonus. (search string, xeocage123) http://eridex.org/journal-archive/000035.html http://www.geocities.com/shellmaniac/
<snip>
Current thread:
- Honeypot article Lance Spitzner (Jan 15)
- Re: Honeypot article Ing. Bernardo Lopez (Jan 15)
- Re: Honeypot article R. Anthony Kolstee (Jan 24)
- Re: Honeypot article Jon (Jan 25)
- Complete Honeynet zeal0t (Jan 25)
- Re: Complete Honeynet rewt (Jan 25)
- Re: Complete Honeynet Valdis . Kletnieks (Jan 26)
- <Possible follow-ups>
- RE: Honeypot article Keith Bruss (Jan 15)
- RE: Honeypot article Spikeman (Jan 15)
- RE: Honeypot article Grégoire Welraeds (Jan 15)
- RE: Honeypot article Tom McLaughlin (Jan 16)
- RE: Honeypot article Spikeman (Jan 15)
- Re: Honeypot Article Roland Venter (Jan 15)
- RE: Honeypot article Bosschert, B. (is-ks) (Jan 16)
- RE: Honeypot article Valter Santos (Jan 16)