A number of responses were received in regards to testing/reviewing the cracker tools offered by Brad Powell. I decided it was better to summarize them into a single post. ------------------------------------------------------------------------ From: Johann O Jokulsson <Johann.O.Jokulsson@iti.is> I for one would be interested. Not sure wether it's within the charter of this list though. JoJ --- Johann O Jokulsson E-mail: Johann.O.Jokulsson@iti.is System Administrator Tel: +354-587-7000 IceTec Fax: +354-587-7409 Keldnaholti, IS-112 Reykjavik URL: http://www.iti.is ------------------------------------------------------------------------ From: Carolina Elortegui <celort@kuma.ciens.ucv.ve> Hi, I read your message and I can tell you that my thessis for me to graduate in Computer Science is a research about Security especially, intrussion detection, so this means that I'm interesting in take a look at the tools you offer me. Please, reply me and tell me if you are gonna send them... Cary ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Carolina Elortegui Laboratorio de Postgrado Universidad Central de Venezuela Administrador Facultad de Ciencias Escuela de Computacion E-mail: celort@kuma.ciens.ucv.ve ------------------------------------------------------------------------ From: mdr@vodka.sse.att.com I am very interested in this kind of thing. I am actively researching intrusion detection and having exploits is definitely easier than trying to write them yourself just so that you can test. Plus I need to know what others imagine, so that I can adapt my tools Can you send me source for any tools? Mark Riggins Secure Systems Engineering AT&T Labs ------------------------------------------------------------------------ From: Richard Perlotto <richard.perlotto@tempe.vlsi.com> Sure I wold be interested in the kinds of things that the hacksers have been using. How can I get these from you? You can either E-Mail them or drop them off in my anon FTP site ftp.vlsi.com. Richard ------------------------------------------------------------------------ From: "Jonathan M. Bresler" <m1jmb00@FRB.GOV> i would be interested in reviewing them and posting summary information. i am also interested testing my systems against each of the tools, and hardening them if needed. Jonathan M. Bresler 202-452-2931 breslerj@frb.gov MS-169, Federal Reserve Board of Governors, Washington DC 20551 I am speaking for myself only, not the Federal Reserve Board of Governors ------------------------------------------------------------------------ From: rthomas@pamd.cig.mot.com (Robert Owen Thomas) if you are thinking of forming such a team, i would be willing to join and/or sponsor such. however, i suspect we would most likely come to agree with CERT's position: it seems to me that very few of the "new" tools are actually new. additionally, most seem to be merely cook-book exploits with little thought behind them. regards, --robert -- o Robert Owen Thomas: Corvette pilot. Cymro ydw i. User scratching post. o o E-mail: Robert.Thomas@pamd.cig.mot.com --or-- robt@Cymru.COM o o Vox: +1.847.435.7076 Fax: +1.847.435.7360 o o "When I die, I want to go sleeping like my grandfather..." o o "Not screaming like the passengers in his car." o ------------------------------------------------------------------------ From: walding@tkg.com (Tim Walding) I am interested in reviewing whatever you have in the mindset of preventing them from being useful at my site. -- Tim Walding Internet: walding@tkg.com The Kernel Group VMnet: AUSTIN(WALDING) (512) 838-9803 Cell: (512) 970-0283 Pager 800-329-7938 http://www.tkg.com/ ***The opinions expressed above are my own, not IBM's *** ------------------------------------------------------------------------ From: csteel@teir.com (Chris Steel) I would be interested in looking at any captured carcker toool kits and more importantly any ideas on how to circumvent them. ------------------------------------------------------------- Thomson Electronic Information Resources 205 VanBuren Street 3rd Floor Herndon, VA 22070 (703) 736-1784 csteel@teir.com http://amra.labs.thomtech.com ------------------------------------------------------------- ------------------------------------------------------------------------ From: ashes@magi.com (Ashes) >Question to the group. Since this is IDS aka Intrusion Detection, is there >any interest in reviewing captured cracker tool kits? >I've captured plenty over the past few years. :-) >I've offered the toolkits to CERT, they said "no thanks; we have probably > already seen them" So.......................... Can't say as I blame CERT... After all, what do you consider a "toolkit"? There plenty of exploit scripts out there, so it doesn't really help aany if they're all gathered into one place... I'm sure that CERT has seen them all. >I'm looking for groups that want to *review* the tool kits and post >summary information that might aid sites in the future. >I've already gotten all the milage I can out of them so I'm offering >them to other researchers/security profesionals. Again, what good does that do? Most of the tools will be for exploiting known bugs... Any decent administrator should fix any security holes that are publicly known, anyways. ------------------------------------------------------------------------ +---------------------+--------------------------------------------------+ | ____ ___ | Justin Lister ruf@cs.uow.edu.au | | | \\ /\ __\ | Center for Computer Security Research | | | |) / \_/ / |_ | Dept. Computer Science voice: 61-42-214-327| | | _ \\ /| _/ | University of Wollongong fax: 61-42-214-329| | |_/ \/ \_/ |_| (tm) | LiNuX- iNTEL justification. mobile: 61-0411405217| | | Computer Security a utopian dream... | +---------------------+--------------------------------------------------+