Vulnerability Development mailing list archives
por favor
From: Aleph One <aleph1 () UNDERGROUND ORG>
Date: Tue, 12 Sep 2000 12:10:55 -0700
Date: Tue, 12 Sep 2000 10:00:17 -0700 From: zen () fish com To: tct-users () porcupine org Cc: wietse () porcupine org Subject: por favor Message-ID: <20000912100017.S26387 () fish com> This is a rather sizeable request for help from Wietse and dan. We're offering to give a joint security talk (1-2 hours) to the person that helps us out with this, wherever they are (at least, to most continents!) As all of you (should!) know we recently released TCT, the forensic data collection & analysis toolkit. We're now working on some data analysis tools, but require a significant amount of data in order to exercise the tools. We are looking for someone who can run a streamlined and simplified TCT version on about 150-250+ systems. We have a preference for a site that does *NOT* protect all its systems with a proxy/bastion style firewall. Two sites that talk via the network to each other a fair bit would be fine as well - then we'd only need something 100-150+ systems from each site. Our ideal situation would be a university or other large organization that has had a history of security problems (you don't have to tell us what they are ;-)) The systems would be preferably from a heterogenous environment (but that's not neccessary), and must be running unix (sun, *bsd, or linux.) Servers, workstations, whatever, it doesn't matter. We wouldn't mind a few systems (less than 10%) that are currently not supported by TCT (HP-UX, AIX, etc.) We estimate that the modified TCT would generate roughly about 10-20 megabytes of data per system - perhaps a bit less, perhaps a bit more on the largest of systems; the package we send to you would automatically gather & send this to us via ftp or scp. Although we do a best effort to make all this as painless as possible, we realize that what we ask for is a significant task. We could guarantee that: o none of the raw data would be made public; we would protect it as violently as we do with our own data. o anything of interest we find that concerns your site's security we would tell you about. o we have no prurient interest in the contents of the data - we simply need it to test our next (freely available) tool we're working on. o TCT normally collects individual user "dot" files, like .rhosts, .forward, etc. No such files will be collected by this modified version. o anything we publish about this we would run by you to ensure that there are no violations of privacy or secrecy. At a minimum we would change the host and user names to protect the innocent (and guilty! ;-)) o you would (if you desire) have first access to test out our next tool. o we'd thank you privately - and publically, if you don't mind the exposure. Thanks for your consideration! Wietse & dan
Current thread:
- por favor Aleph One (Sep 12)