Introduction
Every
day,
incident
handlers
across
the
globe
are
faced
with
compromised
systems,
running
some
set
of
unknown
programs,
providing
some
kind
of
unintended
service
to
an
intruder
who
has
taken
control
of
someone
else's
--
YOUR,
or
your
client's,
or
customer's
--
computers.
To
most,
the
response
is
a
matter
of
"get
it
back
online
ASAP
and
be
done
with
it."
This
usually
leads
to
an
inadequate
and
ineffective
response,
not
even
knowing
what
hit
you,
with
a
high
probability
of
repeated
compromise.
On
the
law
enforcement
side,
they
are
hampered
by
a
flood
of
incidents
and
a
lack
of
good
data.
A
victim
trying
to
keep
a
system
running
or
doing
a
"quickie"
job
of
cleanup
usually
means
incidents
are
underreported
and
inadequate
handling
of
the
evidence
leads
to
no
evidence,
or
tainted
evidence.
There
has
to
be
a
better
way
to
meet
the
needs
of
incident
handlers
and
system
administrators,
as
well
as
law
enforcement,
if
Internet
crime
is
going
to
be
managed
and
not
run
amok.
One
possible
answer
is
effective
analysis
skills
--
widespread
knowledge
of
tools
and
techniques
--
to
preserve
data,
analyze
it,
and
produce
meaningful
reports
to
your
organization's
management,
to
other
incident
response
teams
and
system
administrators,
and
to
law
enforcement.
Enter
the
Honeynet
Project.
One
of
the
primary
goals
of
the
Honeynet
Project
is
to
find
order
in
chaos
by
letting
the
attackers
do
their
thing,
and
allowing
the
defenders
to
learn
from
the
experience
and
improve.
The
latest
challenge
is
the
Reverse
Challenge.
Just
like
the
Forensic
Challenge,
we're
opening
it
up
to
anyone
who
wants
to
join
in.
Slashdot Mirror
______ _______(____>\ /C___)(______>|
|C____)(_____>|
|C_____)STRETCHINGOUTTHEPAGE(___>/
(_C_____)_//
\|__(__/
\____)
copyright 2002 by LotsOfBlankSpacehere.
Introduction Every day, incident handlers across the globe are faced with compromised systems, running some set of unknown programs, providing some kind of unintended service to an intruder who has taken control of someone else's -- YOUR, or your client's, or customer's -- computers. To most, the response is a matter of "get it back online ASAP and be done with it." This usually leads to an inadequate and ineffective response, not even knowing what hit you, with a high probability of repeated compromise. On the law enforcement side, they are hampered by a flood of incidents and a lack of good data. A victim trying to keep a system running or doing a "quickie" job of cleanup usually means incidents are underreported and inadequate handling of the evidence leads to no evidence, or tainted evidence. There has to be a better way to meet the needs of incident handlers and system administrators, as well as law enforcement, if Internet crime is going to be managed and not run amok. One possible answer is effective analysis skills -- widespread knowledge of tools and techniques -- to preserve data, analyze it, and produce meaningful reports to your organization's management, to other incident response teams and system administrators, and to law enforcement. Enter the Honeynet Project. One of the primary goals of the Honeynet Project is to find order in chaos by letting the attackers do their thing, and allowing the defenders to learn from the experience and improve. The latest challenge is the Reverse Challenge. Just like the Forensic Challenge, we're opening it up to anyone who wants to join in.