Check http://biatchux.sourceforge.net/
Rgds, Planz ----- Original Message ----- From: "Ivan Hernandez" <[EMAIL PROTECTED]> To: "Hopkins, Joshua" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, February 18, 2003 3:04 AM Subject: Re: tools used to examine a computer > There was a very interesting linux distro called bitchux oriented in > forensic work. I had a very first version and worked fine. The problem > is that i now try google and can't find the info ! > Ivan Hernandez > > Hopkins, Joshua wrote: > > >I could really use some help in finding a tool that will be used when and > >employee gets terminated or when a computer gets broken into. I had a > >network breach happen from the inside and when I went and took the machine > >back to the operation center I found that a login script was placed into the > >admin account for that machine and the script erased the evidence. I was > >able to copy some files over the network before I took the computer into > >custody. What tools are out there that can really be helpful in > >monitoring/forensics. > > > > > >Joshua R. Hopkins > >Information Security Analyst > >ARUP Laboratories > >Salt Lake City, UT > >tel. 801.583.2787 ext 3110 > >fax. 801.584.5108 > >[EMAIL PROTECTED] > > -----Original Message----- > >From: James Taylor [mailto:[EMAIL PROTECTED]] > >Sent: Wednesday, February 12, 2003 7:56 PM > >To: Naman Latif > >Cc: [EMAIL PROTECTED] > >Subject: Re: Read Only Ethernet Cable > > > >From google... > > > >http://www.silicondefense.com/techsupport/ro-ethernet.htm > > > >http://www.mcabee.org/lists/snort-users/Jun-01/msg00504.html > > > >http://www.robertgraham.com/pubs/sniffing-faq.html - 3.6 > >How can I create a receive-only Ethernet adapter? > > > >You use 2 cards, one in 'read-only' promiscous mode > >sniffing the wire, the other connected to the management > >network (& severly restricted) to communicate with the > >sensor. > > > >Regards > >JT > > > > > >--- Rory <[EMAIL PROTECTED]> wrote: > > > >>I'm assuming here by the information you've given so if > >>i'm wrong please > >>correct me. You want to make a cable that allows the > >>traffic to go in one > >>direction. the idea being that your snort box does not > >>send information > >>just receives it. I don't think you can do this with a > >>special cable as > >>ethernet need to be able to send acks back to let the > >>sending side know > >>that it received that data. So you will need to do this > >>at OS level not > >>with a special cable. If you were to do what you were > >>suggesting the > >>sending box would send only the number of packets in the > >>TCP window and > >>that would be it (it mayt resend them but in the end it > >>will just be a > >>small set of information ). you will need to do this with > >>chain rules. > >> > >>If my assumptions were totally wrong sorry. > >> > >>cheers, > >>Rory > >> > >>On Tue, 11 Feb 2003, Naman Latif wrote: > >> > >>>Hi, > >>>Can anyone tell me how to make a Read-Only Ethernet > >>> > >>Cable to be used > >> > >>>with Snort\Sniffer > >>> > >>>IS this correct > >>> > >>>LAN Snort\Switch > >>>1 1 > >>>2 2 > >>>3----------3 > >>>4 > >>>5 > >>>6----------6 > >>>7 > >>>8 > >>> > >>>Then on both sides, connect 1&2 to eachother ? > >>> > >>>\\ Naman > >>> > > > > > >__________________________________________________ > >Do you Yahoo!? > >Yahoo! Shopping - Send Flowers for Valentine's Day > >http://shopping.yahoo.com > > >
