[Snort-users] Decoding snort capture of Win98 compromise

Lance Spitzner lance at ...185...
Sun Nov 5 12:24:09 EST 2000


One of my Win98 honeypots was compromised last night,
including the installation of a Trojan.  The entire
process was captured by snort.  However, I'm a Unix
weenie, not a Windows weenie. Can anyone help me decode
the attack by analyzing the snort capture?

If you are interested, let me know and I will send you
the snort binary capture (500K).  I'm attempting to
develop forensic skill in the Windows environment.
Any help appreciated :)

thanks ...

-- 
Lance Spitzner
http://www.enteract.com/~lspitz




More information about the Snort-users mailing list