Hosting Provided By

RE: A small quandary

From: Rob Shein <shoten(at)starpower.net>
Date: Fri Dec 06 2002 - 10:57:06 EST

If what you're asking is if it could be some way that he might not be aware of/responsible for this probe, the best and surest way to tell is to do forensics on the originating machine. The ways in which this attack could (theoretically) be taking place without his knowledge are many, and if he would retaliate, your best defense is to have a solid body of evidence that he was responsible instead of a worm, trojan horse, backdoor or other user. It sounds like you'll need to commit fully to the effort. Personally, I would definitely consult an attorney who is familiar with cybercrime, and see about having the computer seized without warning for forensic analysis if at all possible. Once that is accomplished, any claims about having been trojaned or the victim of a virus/worm can be proven or disproven with great reliability and integrity.

-----Original Message-----
From: Mahoney, Paul [mailto:paul@fiberstarr.com] Sent: Wednesday, December 04, 2002 11:30 PM To: incidents@securityfocus.com
Subject: A small quandary

Hi all,

I have in my possession a log file that implicates a business acquaintance, who to say the least, might have the attitude to mount an offensive.

The log file contains many entries like:-

404

/cgi-bin/publisher/search.cgi?dir=jobs&template=;cat+/etc/passwd|&output
_number=10
/perl/ 1 -

My question to everyone out there is would anyone be able to tell me if this kind of attack has the fingerprints of any known software/viruses in the field or is it a deliberate attempt to gain access to my clients site?

Do you need help?

Your thoughts are welcomed

Paul Mahoney
Director
FiberStarr Systems
www.fiberstarr.com

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Sun Dec 8 22:32:47 2002

This message: [ Message body ]
Next message: H C: "Re: A small quandary"
Previous message: Jerry Shenk: "RE: A small quandary"
In reply to Mahoney, Paul: "A small quandary"
Next in thread: H C: "Re: A small quandary"
Reply: H C: "Re: A small quandary"
Reply: Mike Katz: "Re: A small quandary"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:52 EDT