Security Incidents mailing list archives

Interesting research paper

From: ah () SECURITYFOCUS COM (Alfred Huger)
Date: Sun, 25 Jun 2000 17:44:53 -0700


A pretty unconventional research paper was recently released which may be
worth a read as I do not believe I have ever seen research of this type
made public before.

The paper focuses on an examination of black-hat activity following the
compromise of a honeynet setup. This paper is the result of the work and
research of the Honeynet Project, a small group of security professionals
dedicated to learning the tools and tactics of the blackhat community. In
it, the reader is shown detailed keystroke logs of everything that these
unsuspecting blackhats did to hack and maintain root on the system, as
well as full transcripts of their IRC sessions while they were being
watched - including:

1. Their plans to DoS major networks
2. Usage of stolen credit card numbers
3. The Honeynet Project estimates that over 370 other systems were
compromised in this two-week period by the same individuals.

This research is located at:

http://www.securityfocus.com/frames/?focus=ids&content=/focus/ids/articles/kye/motives.html

Current thread:

Re: Quova.net, (continued)
- Re: Quova.net M J (Jun 20)
  - Re: Quova.net Fabio Bastiglia Oliva (Jun 20)
    - Re: Quova.net Brett Glass (Jun 20)
    - Hacked by the script kiddie - an ordinary netadmin's day Jakub Urbanec (Jun 21)
    - SV: Hacked by the script kiddie - an ordinary netadmin's day Kim C. Saxvik (Jun 23)
    - Addendum: scanned - strange! Sir Scriptzalot (Jun 21)
  - Re: Quova.net Valdis Kletnieks (Jun 20)
- Re: "Quova.net" (Exodus downstream customer) Rune Kristian Viken (Jun 20)
  - Re: "Quova.net" (Exodus downstream customer) Missouri FreeNet Administration (Jun 22)
    - Re: "Quova.net" (Exodus downstream customer) Cold Fire (Jun 23)
    - Interesting research paper Alfred Huger (Jun 25)
    - DOS attack Bogdan Catalin Donici (Jun 26)
- Re: "Quova.net" (Exodus downstream customer) Nicholas de Jong (Jun 20)