Table 1. Core Files of Submission
File | Contents |
---|---|
index.html | This file, listing all files submitted |
timestamp.html | Digital timestamp for this submission |
summary.html | Non-technical summary |
advisory.html | Technical summary |
analysis.html | Procedure used during investigation. |
answers.html | Answers to Honeynet questions. |
costs.html | Estimate of cost to analyze and document this incident. |
Makefile | A makefile used during the process of creating the submission and timestamping it. |
README | Describes the useful targets in Makefile. |
timestamp.pl | A perl script to automate the process of getting a digital timestamp for our submission. Once the timestamp is received by email, this script is used to merge it into timestamp.html. It is also able to verify this information. |
The following files are included in files.tar. They were generated during the analysis process.
Table 2. Files Generated During Analysis
File | Contents |
---|---|
strings.txt | The output from strings when run on the-binary. |
strace-1 | Output from strace while running the-binary. |
strace-1.9741 | |
strace-1.9742 | |
strace-1.9742.1 | |
the-binary.dress | Output from dress, to add symbol information for known library functions. |
the-binary.dress.objdump | Disassembly of the-binary.dress. |
the-binary.dress.rec | A decompilation of the-binary.dress into psuedo-C. |
the-binary.objdump | A disassembly of the-binary. |
the-binary.rec | A decompilation of the-binary into psuedo-C. |
the-binary.rec-processed | First pass at improving the readability of the output from REC, by rewriting sections of code. |
the-binary.rec-processed.2 | Second pass at improving the readability of the output from REC. Converted jump table into more traditional switch statement. |
the-binary.rec-processed.3 | Third pass at improving the readability of the output from REC. Rewrote more sections of code, concentrating on commands in the switch statement. |
sendraw.c | Program modeled after the function within the-binary, to send packets of protocol 11 to a running instance of the-binary. |
sendcmd.c | An improvement over sendcmd.c, to send packets of protocol 11, using the encryption supported by the-binary. Only packets of command 1 (status report) are really supported. |
sniffer | A perl script which uses the libpcap library to read in packet dumps, and decodes packets sent by both the client and server. |
sniffer-output.txt | Output from sniffer when run on the snort capture file provided by the Honeynet Project. |
Makefile | A makefile to build sendraw.c, sendcmd.c, and sniffer. |
note.gif | Images used in this document. |
tip.gif | |
warning.gif |
Next >>> | ||
Timestamp Information for Submission |