Table 1. Core Files of Submission
| File | Contents |
|---|---|
| index.html | This file, listing all files submitted |
| timestamp.html | Digital timestamp for this submission |
| summary.html | Non-technical summary |
| advisory.html | Technical summary |
| analysis.html | Procedure used during investigation. |
| answers.html | Answers to Honeynet questions. |
| costs.html | Estimate of cost to analyze and document this incident. |
| Makefile | A makefile used during the process of creating the submission and timestamping it. |
| README | Describes the useful targets in Makefile. |
| timestamp.pl | A perl script to automate the process of getting a digital timestamp for our submission. Once the timestamp is received by email, this script is used to merge it into timestamp.html. It is also able to verify this information. |
The following files are included in files.tar. They were generated during the analysis process.
Table 2. Files Generated During Analysis
| File | Contents |
|---|---|
| strings.txt | The output from strings when run on the-binary. |
| strace-1 | Output from strace while running the-binary. |
| strace-1.9741 | |
| strace-1.9742 | |
| strace-1.9742.1 | |
| the-binary.dress | Output from dress, to add symbol information for known library functions. |
| the-binary.dress.objdump | Disassembly of the-binary.dress. |
| the-binary.dress.rec | A decompilation of the-binary.dress into psuedo-C. |
| the-binary.objdump | A disassembly of the-binary. |
| the-binary.rec | A decompilation of the-binary into psuedo-C. |
| the-binary.rec-processed | First pass at improving the readability of the output from REC, by rewriting sections of code. |
| the-binary.rec-processed.2 | Second pass at improving the readability of the output from REC. Converted jump table into more traditional switch statement. |
| the-binary.rec-processed.3 | Third pass at improving the readability of the output from REC. Rewrote more sections of code, concentrating on commands in the switch statement. |
| sendraw.c | Program modeled after the function within the-binary, to send packets of protocol 11 to a running instance of the-binary. |
| sendcmd.c | An improvement over sendcmd.c, to send packets of protocol 11, using the encryption supported by the-binary. Only packets of command 1 (status report) are really supported. |
| sniffer | A perl script which uses the libpcap library to read in packet dumps, and decodes packets sent by both the client and server. |
| sniffer-output.txt | Output from sniffer when run on the snort capture file provided by the Honeynet Project. |
| Makefile | A makefile to build sendraw.c, sendcmd.c, and sniffer. |
| note.gif | Images used in this document. |
| tip.gif | |
| warning.gif |
| Next >>> | ||
| Timestamp Information for Submission |