Security Incidents mailing list archives

Re: cuebot-d infection method

From: Harlan Carvey <keydet89 () yahoo com>
Date: Fri, 26 Aug 2005 04:51:02 -0700 (PDT)

Jayson,

One other possibility is that the attacker went
straight through the
firewall using an atypical packet....... unlikely,
but should be placed
on an all-inclusive roster of post-mortem
investigations.


I'm a forensic analyst/engineer, and would be very
interested to know more about your above statement.  I
think that knowing where to look during a post-mortem
investigation for evidence of an "atypical packet"
would be extremely valuable.  

Can you elaborate on this, providing specific
information?  How about examples?

Thanks,

Harlan

Current thread:

cuebot-d infection method Jeff Bryner (Aug 24)
- RE: cuebot-d infection method Matthew Neeley (Aug 24)
- Re: cuebot-d infection method Matt Stockdale (Aug 24)
  - Re: cuebot-d infection method Irwan Ismail (Aug 25)
    - RE: cuebot-d infection method Jason Burton (Aug 25)
  - Re: cuebot-d infection method Jayson Anderson (Aug 25)
    - Re: cuebot-d infection method Harlan Carvey (Aug 26)
    - Re: cuebot-d infection method Jeff Bryner (Aug 29)
    - Re: cuebot-d infection method Harlan Carvey (Aug 29)
    - Re: cuebot-d infection method Jayson Anderson (Aug 29)
    - Re: cuebot-d infection method Jose Nazario (Aug 29)
- Re: cuebot-d infection method terry white (Aug 24)
  - Re: cuebot-d infection method Jeff Bryner (Aug 25)
- Re: cuebot-d infection method matt (Aug 29)
  - Re: cuebot-d infection method Simon Borduas (Aug 29)