The Challenge:
-
What is the blackhat attempting to do with his command line
syntax?
-
What does the tool accomplish?
-
How does the tool work?
-
Is this tool a worm, or would you classify it as something else?
-
Is this tool original, or is it simply based on previous tools? If
based on previous tools, which ones and what is modified?
Bonus Question:
What information can you obtain about who is using or created the
tool?
The Results:
Writeups from the Honeynet Project members.
This month's tool is an auto-rooter, an automated to that allows
individuals with only minimal skill sets to quickly scan, exploit, and
control thousands of systems. It is tools like these that are causing many
of the scans you are detecting.
Writeup from the Security Community
This month's response was outstanding, we had 45 submissions. We tried to
be as far and throrough as possible with our reviews, but please keep in mind
we have real lives/jobs too, so we could not dedicate as much time as we would
have liked to. Alot of the submissions had the same excellent techncial content,
but some of the submissions were easier to read then others. In such cases, we
selected the docs easier to read. If you feel we missed your submission, or do not
understand why it was judged the way it was, drop us an email. Since we had so many
submissions, we have broken the entries into three categories, Top Four, Top Ten,
and Top Twenty. Entries in the Top Ten and and Top Twenty list are not listed in
any specific order. Now, on to the goods!
Thanks to everyone who contributed!
|