Your spelt it wrong is all Ivan, Biatchux lives on (renamed to FIRE as well, which doesn't help)
http://www.linuxsecurity.com/articles/intrusion_detection_article-4498.h tml Download at http://fire.dmzs.com/ or http://biatchux.sourceforge.net but it will redirect you to the first URL Also look at http://www.knopper.net/knoppix/index-en.html Which might be interesting to you Hope this helps and reunites you with an excellent product Trevor Cushen Sysnet Ltd www.sysnet.ie Tel: +353 1 2983000 Fax: +353 1 2960499 -----Original Message----- From: Ivan Hernandez [mailto:[EMAIL PROTECTED]] Sent: 17 February 2003 19:04 To: Hopkins, Joshua Cc: [EMAIL PROTECTED] Subject: Re: tools used to examine a computer There was a very interesting linux distro called bitchux oriented in forensic work. I had a very first version and worked fine. The problem is that i now try google and can't find the info ! Ivan Hernandez Hopkins, Joshua wrote: >I could really use some help in finding a tool that will be used when >and employee gets terminated or when a computer gets broken into. I >had a network breach happen from the inside and when I went and took >the machine back to the operation center I found that a login script >was placed into the admin account for that machine and the script >erased the evidence. I was able to copy some files over the network >before I took the computer into custody. What tools are out there that >can really be helpful in monitoring/forensics. > > >Joshua R. Hopkins >Information Security Analyst >ARUP Laboratories >Salt Lake City, UT >tel. 801.583.2787 ext 3110 >fax. 801.584.5108 >[EMAIL PROTECTED] > -----Original Message----- >From: James Taylor [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, February 12, 2003 7:56 PM >To: Naman Latif >Cc: [EMAIL PROTECTED] >Subject: Re: Read Only Ethernet Cable > >From google... > >http://www.silicondefense.com/techsupport/ro-ethernet.htm > >http://www.mcabee.org/lists/snort-users/Jun-01/msg00504.html > >http://www.robertgraham.com/pubs/sniffing-faq.html - 3.6 >How can I create a receive-only Ethernet adapter? > >You use 2 cards, one in 'read-only' promiscous mode >sniffing the wire, the other connected to the management network (& >severly restricted) to communicate with the sensor. > >Regards >JT > > >--- Rory <[EMAIL PROTECTED]> wrote: > >>I'm assuming here by the information you've given so if >>i'm wrong please >>correct me. You want to make a cable that allows the >>traffic to go in one >>direction. the idea being that your snort box does not >>send information >>just receives it. I don't think you can do this with a special cable >>as ethernet need to be able to send acks back to let the >>sending side know >>that it received that data. So you will need to do this >>at OS level not >>with a special cable. If you were to do what you were >>suggesting the >>sending box would send only the number of packets in the >>TCP window and >>that would be it (it mayt resend them but in the end it >>will just be a >>small set of information ). you will need to do this with >>chain rules. >> >>If my assumptions were totally wrong sorry. >> >>cheers, >>Rory >> >>On Tue, 11 Feb 2003, Naman Latif wrote: >> >>>Hi, >>>Can anyone tell me how to make a Read-Only Ethernet >>> >>Cable to be used >> >>>with Snort\Sniffer >>> >>>IS this correct >>> >>>LAN Snort\Switch >>>1 1 >>>2 2 >>>3----------3 >>>4 >>>5 >>>6----------6 >>>7 >>>8 >>> >>>Then on both sides, connect 1&2 to eachother ? >>> >>>\\ Naman >>> > > >__________________________________________________ >Do you Yahoo!? >Yahoo! Shopping - Send Flowers for Valentine's Day >http://shopping.yahoo.com > ************************************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this message in error please notify SYSNET Ltd., at telephone no: +353-1-2983000 or [EMAIL PROTECTED] **************************************************************************************
