First page Back Continue Last page Summary Graphics

The HoneyNet Forensic Challenge --Analysis & Findings

The Compromise
Used the rootshell listening on port 4545 to gain access
$ telnet compromised_IP_ADDR 4545
Patched compromised system to protect it from other intruders

Notes:

The intruder used the rootshell to gain access to the subject computer. Because the rootshell is runs as a standalone daemon, it avoids host-based logging.

Patched compromised system to protect it from other intruders. Patches for wuftpd, named and nfs-utils (which includes rpc.stat)

The HoneyNet Forensic Challenge --Analysis & Findings

The Compromise

Used the rootshell listening on port 4545 to gain access

$ telnet compromised_IP_ADDR 4545

Patched compromised system to protect it from other intruders

Notes: