Hello Lancer,

	Have you received my submission? Cause I just worry whether the file
has been blocked or not?

	Any way, I have found that my bonus answer was not written correctly
as I wrote towards victim rather than attack owner. Can I resubmit that part
again?

	Thanks.

Ricci

-----Original Message-----
From: Ricci @ ismart [mailto:ricci@ismart.net]
Sent: Tuesday, October 23, 2001 12:11 AM
To: project@honeynet.org
Cc: ricci-sc_ieong@hp.com; vincent-tp_ip@hp.com; mark_cooper@hp.com
Subject: The submission of Scan 19


Hello Lanzer,

	Here is our submission. It is not written in an extremely nice
format,
sorry about that. The resultsToScan19.txt is the answer. The exploits are
found in the Zer0.tar.gz, copy.tar.gz and ooty.tar.gz. The snort.zip is the
collection of the snort ids captured session where the alert.ids is the
generated alert file from the ids rules.

	tcp_session is the tcp sessions recovered from the snort capture
file.

	all_Ip.txt includes all the IP identified and the preliminary
identification results.

	The letter.txt is the submission for bonus question together with
some
extra snort log generation (ex_*.txt)

	Thanks.

Ricci Ieong and Vincent Ip,
HP eSecurity Center,
HP Consulting.