First page Back Continue Last page Summary Graphics
The HoneyNet Forensic Challenge --Conclusions
The intruder used a scripted attack against a known vulnerability in rpc.stat
- Gained root access via a rootshell payload.
Returned eight hours later
- Patched to prevent further compromise
Installed a rootkit consisting of:
- Replacement binaries for several O/S programs.
- Hide the intruders activity from casual inspection.
A trojan Secure Shell
A log file cleanser
- Remove traces of the intruders activity from the system.
Notes: