Incident analysis of Collapsar!
-
Vulnerabilities
-
Apache Web Server Chunk Handling Vulnerability
- Tracing logs
- [1.1] attack process
Tcpdump log
- [1.2] After break-in Keystrokes log
- [1.3] Forensic analysis md5sum diff
- [1.2] After break-in Keystrokes log
-
Samba Vulnerability
- Tracing logs
- [1.1] Attack process
Tcpdump log
- [1.2] After break-in Keystrokes log
- [1.3] Forensic analysis md5sum diff
- [1.2] After break-in Keystrokes log
-
DCOM RPC Vulnerability
- Tracing logs
- [1.1] Blaster Worm
Tcpdump log
- [1.2] Enbiei Worm Tcpdump log
- [1.3] Nachi Worm Tcpdump log
- [1.2] Enbiei Worm Tcpdump log
-
Log mining
- Stepping stone attack
- [1.1] shortened TCPdump log
- Sweeping scan
- [1.1] shortened TCPdump log