[The following is a summary of analisys of a binary captured in
honeypot apollo.honeyp.edu. This summary is based on information 
detailed in the file analysis.html.]

Sometime in 2002 a Honeynet system was compromised.  Analysis of the 
remote control that was installed on the system shows that a
compromised system can be used to perform DOS attacks against another 
servers using 
1) DNS Smurf type attack 
  ( more details on this http://www.cert.org/incident_notes/IN-2000-04.html )
2) SYN flood attack
  (more details on this http://www.cert.org/advisories/CA-1996-21.html )

In addition to this an remote attacker can , using this executable , 
execute any arbitrary commands on the compromised machine.
( e.g. deleting / changing files , install more mallitious software on 
compromised host , etc.) 
    
There is no evidence the attack was directed against this institution
specifically, rather this was a random intrusion designed to simply
gain access to as many systems as possible.  This incident is typical
of IRC "war" related activity as described in CIAC document 2318,
titled "IRC on Your Dime":

    http://ciac.llnl.gov/ciac/documents/CIAC-2318_IRC_On_Your_Dime.pdf

The system was taken out of service before the intruder was able to
use any of the malicious functions contained in the program, which
prevented any damage to other internal systems or to external
entities.

The intruder used automated tools to install additional malicious software,
which did significant damage to the system (in the form of replacement of
original operating system programs and addition of malicious programs)
in a very short period of time.  This damage was so extensive that the
complete re-formatting and re-installation of all operating system
programs would be necessary to ensure control was fully regained.
Evidence was preserved for any possible law enforcement activity.

The estimated cost of analysis of this incident (see "costs.txt" for
full break-down) is $2876.20  +/- $421.18.