RootPrompt.org: Know Your Enemy: A Forensic Analysis | Linux Today
Security
SHARE
Facebook X Pinterest WhatsApp

RootPrompt.org: Know Your Enemy: A Forensic Analysis

Written By
Web Webster
Web Webster
Jun 7, 2000

[ Thanks to Noel
for this link. ]

[ Although this was posted on RootPrompt.org on 23 May, the
content was judged to be important enough to warrant posting to the
current (7 June) Linux Today news page – LT ed. ]

“This paper is a continuation of the Know Your Enemy series. The
first three papers covered the tools and tactics of the black-hat
community. This paper, the fourth of the series,
studies step by step a successful attack of a system.
However, instead of focusing on the tools and tactics used, we
will focus on how we learned what happened and pieced the
information together. The purpose is to give you the forensic
skills necessary to analyze and learn on your own the threats your
organization faces.”

“The information covered here was obtained through the use of a
honeypot. The honeypot was a default server installation of Red Hat
6.0. No modifications were made to the default install, so the
vulnerabilities discussed here exist on any default RH 6.0
installation. Also, none of the data presented here has been
sanitized. All IP addresses, user accounts, and keystrokes
discussed here are real. This is done on purpose to both validate
the data and give a better understanding of forensic analysis. Only
the passwords have been modified to protect the compromised
systems. All sniffer information presented here is in snort format.
Snort is my sniffer and IDS system of choice, due to its
flexibility, capabilities, and price (its free). All actions
commited by the black-hat were captured with snort. I use the IDS
signatures supplied by Max Vision at www.whitehats.com. You can
query his arachNIDs database for more information on all the alerts
discussed throughout this paper. You can find my snort
configuration and signature file here. Once you are done reading
the paper, you can conduct your own forensic analysis, as I have
supplied all the raw data. As you read this paper, take note of how
many different systems the black-hat uses. Also, throughout this
paper, the black-hat is identified as she, but we have no idea what
the true gender is.”

Complete
Story
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

facebook
linkedin
x

Company

Contact us

Categories

News IT Management Infrastructure Developer Security High Performance Storage Blog

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information