Security Incidents mailing list archives
Re: cuebot-d infection method
From: Harlan Carvey <keydet89 () yahoo com>
Date: Fri, 26 Aug 2005 04:51:02 -0700 (PDT)
Jayson,
One other possibility is that the attacker went straight through the firewall using an atypical packet....... unlikely, but should be placed on an all-inclusive roster of post-mortem investigations.
I'm a forensic analyst/engineer, and would be very interested to know more about your above statement. I think that knowing where to look during a post-mortem investigation for evidence of an "atypical packet" would be extremely valuable. Can you elaborate on this, providing specific information? How about examples? Thanks, Harlan
Current thread:
- cuebot-d infection method Jeff Bryner (Aug 24)
- RE: cuebot-d infection method Matthew Neeley (Aug 24)
- Re: cuebot-d infection method Matt Stockdale (Aug 24)
- Re: cuebot-d infection method Irwan Ismail (Aug 25)
- RE: cuebot-d infection method Jason Burton (Aug 25)
- Re: cuebot-d infection method Jayson Anderson (Aug 25)
- Re: cuebot-d infection method Harlan Carvey (Aug 26)
- Re: cuebot-d infection method Jeff Bryner (Aug 29)
- Re: cuebot-d infection method Harlan Carvey (Aug 29)
- Re: cuebot-d infection method Jayson Anderson (Aug 29)
- Re: cuebot-d infection method Jose Nazario (Aug 29)
- Re: cuebot-d infection method Irwan Ismail (Aug 25)
- Re: cuebot-d infection method Jeff Bryner (Aug 25)
- Re: cuebot-d infection method Simon Borduas (Aug 29)