spacer [an error occurred while processing this directive]
Home
About the Project
Challenges
Presentations
Whitepapers
Tools
Our Book
Funding/Donations
Mirrors

spacer
spacer  
Scan of the Month
spacer

Scan Of The Month Archives

2000

Scan 0: Packets crafted by Libnet
Scan 1: Potential hping2 scan
Scan 2: Mail Relay scans
Scan 3: nmap scanning for IP types
Scan 4: Large ICMP echo requests
Scan 5: Queso
Scan 6: Telnet negotiation
Scan 7: Microsoft Windows worms
Scan 8: FTP Frontpage scan
Scan 9: Cart32 Webserver scan
Scan 10: 2 Remote Exploits

2001

Scan 11: Unique NT IIS probe
Scan 12: NT IIS Unicode attack
Scan 13: auto rooter
Scan 14: Successful NT attack
Scan 15: Recover a deleted rootkit
Scan 16: Decrypt and an analyze a security toolkit
Scan 17: Analyze a month of captured data
Scan 18: Determine the attackers' tactics
Scan 19: Analyze two Snort binary captures



All binary network captures are in tcpdump format. The Honeynet Project recommend you use either Snort or Ethereal to read and analyze the these files. To help you decode the signatures, the following RFC's are provided. If you want to learn more about decoding TCP/IP, we highly recommend the book TCP/IP Illustrated, Volume 1, by Richard Stevens.

IP - RFC 791
ICMP - RFC 777
TCP - RFC 793
UDP - RFC 768


Back to Top