Re: New Subject (please)
IDS Moderator (ruf@cs.uow.edu.au)
Mon, 26 Feb 1996 09:12:50 +1100 (EST)
A number of responses were received in regards to testing/reviewing
the cracker tools offered by Brad Powell. I decided it was better
to summarize them into a single post.
------------------------------------------------------------------------
From: Johann O Jokulsson <Johann.O.Jokulsson@iti.is>
I for one would be interested. Not sure wether it's within the charter of this
list though.
JoJ
---
Johann O Jokulsson E-mail: Johann.O.Jokulsson@iti.is
System Administrator Tel: +354-587-7000
IceTec Fax: +354-587-7409
Keldnaholti, IS-112 Reykjavik URL: http://www.iti.is
------------------------------------------------------------------------
From: Carolina Elortegui <celort@kuma.ciens.ucv.ve>
Hi, I read your message and I can tell you that my thessis for me to
graduate in Computer Science is a research about Security especially,
intrussion detection, so this means that I'm interesting in take a look
at the tools you offer me.
Please, reply me and tell me if you are gonna send them...
Cary
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carolina Elortegui Laboratorio de Postgrado
Universidad Central de Venezuela Administrador
Facultad de Ciencias
Escuela de Computacion E-mail: celort@kuma.ciens.ucv.ve
------------------------------------------------------------------------
From: mdr@vodka.sse.att.com
I am very interested in this kind of thing. I am actively researching
intrusion detection and having exploits is definitely easier than
trying to write them yourself just so that you can test. Plus I need
to know what others imagine, so that I can adapt my tools
Can you send me source for any tools?
Mark Riggins
Secure Systems Engineering
AT&T Labs
------------------------------------------------------------------------
From: Richard Perlotto <richard.perlotto@tempe.vlsi.com>
Sure I wold be interested in the kinds of things that the
hacksers have been using. How can I get these from you?
You can either E-Mail them or drop them off in my anon FTP
site ftp.vlsi.com.
Richard
------------------------------------------------------------------------
From: "Jonathan M. Bresler" <m1jmb00@FRB.GOV>
i would be interested in reviewing them and posting summary information.
i am also interested testing my systems against each of the tools, and
hardening them if needed.
Jonathan M. Bresler 202-452-2931 breslerj@frb.gov
MS-169, Federal Reserve Board of Governors, Washington DC 20551
I am speaking for myself only, not the Federal Reserve Board of Governors
------------------------------------------------------------------------
From: rthomas@pamd.cig.mot.com (Robert Owen Thomas)
if you are thinking of forming such a team, i would be willing to join and/or
sponsor such. however, i suspect we would most likely come to agree with
CERT's position: it seems to me that very few of the "new" tools are actually
new. additionally, most seem to be merely cook-book exploits with little
thought behind them.
regards,
--robert
--
o Robert Owen Thomas: Corvette pilot. Cymro ydw i. User scratching post. o
o E-mail: Robert.Thomas@pamd.cig.mot.com --or-- robt@Cymru.COM o
o Vox: +1.847.435.7076 Fax: +1.847.435.7360 o
o "When I die, I want to go sleeping like my grandfather..." o
o "Not screaming like the passengers in his car." o
------------------------------------------------------------------------
From: walding@tkg.com (Tim Walding)
I am interested in reviewing whatever you have in the mindset of preventing
them from being useful at my site.
--
Tim Walding Internet: walding@tkg.com
The Kernel Group VMnet: AUSTIN(WALDING)
(512) 838-9803 Cell: (512) 970-0283
Pager 800-329-7938
http://www.tkg.com/
***The opinions expressed above are my own, not IBM's ***
------------------------------------------------------------------------
From: csteel@teir.com (Chris Steel)
I would be interested in looking at any captured carcker toool kits and more
importantly any ideas on how to circumvent them.
-------------------------------------------------------------
Thomson Electronic Information Resources
205 VanBuren Street
3rd Floor
Herndon, VA 22070
(703) 736-1784
csteel@teir.com
http://amra.labs.thomtech.com
-------------------------------------------------------------
------------------------------------------------------------------------
From: ashes@magi.com (Ashes)
>Question to the group. Since this is IDS aka Intrusion Detection, is there
>any interest in reviewing captured cracker tool kits?
>I've captured plenty over the past few years. :-)
>I've offered the toolkits to CERT, they said "no thanks; we have probably
> already seen them" So..........................
Can't say as I blame CERT... After all, what do you consider a
"toolkit"? There plenty of exploit scripts out there, so it doesn't really
help aany if they're all gathered into one place... I'm sure that CERT has
seen them all.
>I'm looking for groups that want to *review* the tool kits and post
>summary information that might aid sites in the future.
>I've already gotten all the milage I can out of them so I'm offering
>them to other researchers/security profesionals.
Again, what good does that do? Most of the tools will be for
exploiting known bugs... Any decent administrator should fix any security
holes that are publicly known, anyways.
------------------------------------------------------------------------
+---------------------+--------------------------------------------------+
| ____ ___ | Justin Lister ruf@cs.uow.edu.au |
| | \\ /\ __\ | Center for Computer Security Research |
| | |) / \_/ / |_ | Dept. Computer Science voice: 61-42-214-327|
| | _ \\ /| _/ | University of Wollongong fax: 61-42-214-329|
| |_/ \/ \_/ |_| (tm) | LiNuX- iNTEL justification. mobile: 61-0411405217|
| | Computer Security a utopian dream... |
+---------------------+--------------------------------------------------+