Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Need for Intrusion/Infection Data

From: Jon Janego <jonjanego () gmail com>
Date: Tue, 21 Apr 2009 10:09:03 -0500
Hi Adnan,

You are probably going to have a hard time getting this data from a
corporate customer, just due to the nature of sensitive information
that could be revealed within the capture.  I have encountered
resistance to sharing this type of data even when asking for it from
potential customers, so I wouldn't be surprised if you see some
resistance.

I would recommend setting up a mini-lab with virtual machines, and
then infecting a client on the network.  A good example of a typical
network could be a domain controller, several clients, and maybe a
webserver or other application server; you could then pass an
infection into one of the virtualized clients and watch what happens
throughout the network.

Jon

On Mon, Apr 20, 2009 at 3:10 PM, Baykal, Adnan (CSCIC)
<adnan.baykal () cscic state ny us> wrote:

All,

First of all, I would like to thank everyone on this list for their
contributions.

I am currently doing my PhD in computer science at University at Albany
and am in need of a intrusion/infection data. More specifically, I am
trying to find a dataset (prefereably pcap, however flow data is also
okay) in which there is a certain period of clean traffic (where there
is no infection) and certain period of infected traffic (traffic where
worm propagation exists).   I have a theory that I would like to test
and publish, and offcourse proper acknowledgement will be given in the
publication.

Any ideas, pointers, downloadable files etc.. will be appreciated.

Thanks all in advance for your help.
--------------------------------------------------------

This message may contain confidential information and is intended only for the individual(s) named.  If you are not 
an intended recipient you are not authorized to disseminate, distribute or copy this e-mail.  Please notify the 
sender immediately if you have received this e-mail by mistake and delete this e-mail from your system.


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Tired of using other people's tools? Why not learn how to write your own exploits?
InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits 
for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well.

http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Tired of using other people's tools? Why not learn how to write your own exploits?
InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for 
Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well.

http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: