Incident Analysis of Compromised OpenBSD3.0 Honeypot

["Michael Anuzis" <michael_anuzis () hotmail com>]

Many scripts have been released lately targeting OpenBSD (the Apache/OpenSSH 
ones to be more specific). I was curious to find who would actually attack 
an OpenBSD system and what types of rootkits would be used if any since 
OpenBSD has gone so long without being an easy target to hack, not many RKs 
are available with OpenBSD as the target. I set up a simple honeynet to try 
to find some of these results which was hacked by two people in under a day.

The whitepaper is available here: 
http://www.lucidic.net/whitepapers/manuzis-7-5-2002-1.html

Comments/feedback are much appreciated!

Michael Anuzis, CCNA
Network Security Consultant
http://www.anuzisnetworking.com
http://www.lucidic.net - The Distributed Honeypot Project


_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com