[Snort-users] Decoding snort capture of Win98 compromise
lance at ...185...
Sun Nov 5 12:24:09 EST 2000
One of my Win98 honeypots was compromised last night,
including the installation of a Trojan. The entire
process was captured by snort. However, I'm a Unix
weenie, not a Windows weenie. Can anyone help me decode
the attack by analyzing the snort capture?
If you are interested, let me know and I will send you
the snort binary capture (500K). I'm attempting to
develop forensic skill in the Windows environment.
Any help appreciated :)
More information about the Snort-users