Around midnight of November 7, 2000, a Linux server was broken into. In and of itself, this event was nothing special -- systems get hacked all the time. What made this attack different were the forensic dissections that followed.
The Linux system in question had been setup by the Honeynet Project, a coalition of security professionals interested in learning and in sharing what they learn about scanning and attacks. To this end, an ID (Intrusion Detection) system was set up to collect network traces of scans and attacks, and monthly challenges, along the lines of "identify the scanning tool" or "name that hack". When a Linux system was attacked and thoroughly subverted only two and a half days after it was installed, the system itself became The Forensic Challenge.
The official results of the challenge can be viewed at the Honeynet Project Web site (see Resources). In this article, I go through my own process of analysis of the attack, and what the attacked installed or otherwise modified the victim system, with the added insights of Dave Dittrich, the Senior Security Engineer at the University of Washington. What the attacker did after the initial exploit is even more interesting than the attack itself.
Did you find this white paper useful?
12 out of 27 users found this white paper useful
Related white papers
Desktop TCO Update 2003
Gartner's total cost of ownership update reinforces that switching operating systems generally results in minor changes to TCO. Enterprises should focus on improving manageability to achieve bigger TCO reductions. ...
White paper: The Future of Software Delivery
This paper provides a brief description of past software delivery issues that have contributed to the current environment; identification of key trends that drive our industry today; and an outline...
Linux - Advanced Networking Overview
Linux, a shareware operating system, supports a number of advanced networking features, thanks largely to the huge linux networking community. Besides the reliable TCP/UDP/IP protocol suite, a number of new...
Preparing Your Linux Box for the Internet - Armoring Linux
Organizations throughout the world are adopting Linux as their production platform. By connecting to the Internet to provide critical services, they also become targets of opportunity. To help protect these...
3-D Look at the IBM Software Development Platform for Linux
This webcast explains how the IBM Software Development Platform supports development teams in a Linux environment. This event covers the 3-D aspect of the IBM SDP for Linux: Discovery, Development...
Making Cents of the Open-Source Movement
In open source development, code is freely available, so those who know how to modify and extend code are able to fix bugs and add features without having to depend...
Intel Tools for Thread-Oriented Development on Linux
During the early years of Linux, when it was gaining traction through the work of evangelists, the operating system did not offer significant functionality in support of threading. In part,...
