|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Tina Bird (tbird
precision-guesswork.com)Date: Wed Feb 13 2002 - 13:49:32 CST
Counterpane has begun testing vulnerable systems
for evidence of the PROTOS tool in use. So far,
we've learned that snmpdx will produce the following
message >after< a crafted packet has caused
problems:
Feb 12 23:25:48 mordor snmpdx: agent snmpd not responding
Feb 13 00:03:24 mordor snmpdx: agent snmpd not responding
We are continuing testing and will publish forensic
evidence on the Log Analysis Web site as we collect
it.
Contributions gratefully accepted, too. I will follow
this up with a list of IDS signatures that are specific
to the PROTOS tool.
Tina Bird
Log Analysis: http://www.counterpane.com/log-analysis.html
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]