wanted: images of compromised systems

lo there. I'm looking for images of damaged linux hosts either by attack,
virus, or other occurrence. If you've had an incident would it be possible
to send me an image of the system ? (please make sure there's no private
data on the image though (production systems would be best).

I know its an odd request, but im studying forensic computing and I want
some raw data to practice on. I'd set up a honey pot but I cant be 100% sure
of the knock on effects (like someone claiming im dossing them from my honey
pot box). so I'd rather not.

Its best if its only a small image (no 200gig ones please!).
In fact, any interesting images or files that I can have would be handy.
(Floppy disk images with interesting files etc)


--- on the other hand, if anyone knows of a good place to get example
compromised system images or forensic challenges from, that would be very,
very useful. -- I already know about http://www.honeynet.org/misc/chall.html
though

sirex wrote:

> lo there. I'm looking for images of damaged linux hosts either by attack,
> virus, or other occurrence. If you've had an incident would it be possible
> to send me an image of the system ? (please make sure there's no private
> data on the image though (production systems would be best).
>
> I know its an odd request, but im studying forensic computing and I want
> some raw data to practice on. I'd set up a honey pot but I cant be 100% sure
> of the knock on effects (like someone claiming im dossing them from my honey
> pot box). so I'd rather not.
>
> Its best if its only a small image (no 200gig ones please!).
> In fact, any interesting images or files that I can have would be handy.
> (Floppy disk images with interesting files etc)
>
>
> --- on the other hand, if anyone knows of a good place to get example
> compromised system images or forensic challenges from, that would be very,
> very useful. -- I already know about http://www.honeynet.org/misc/chall.html
> though
>
>


open ur ports and have fun. ull get plenty off unauthirized access
attepts....

On 2004-09-10, sirex <junk@siology.net> wrote:
> lo there. I'm looking for images of damaged linux hosts either by attack,
> virus, or other occurrence. If you've had an incident would it be possible
> to send me an image of the system ?

Look on any of Chinanet's computers


--
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++

"Heikki Lampén" <heze@htklx2.htk.fi> wrote in message
news:7Cs0d.2$Ej7.0@read3.inet.fi...

> open ur ports and have fun. ull get plenty off unauthirized access
> attepts....


yeah, that's what I wanted to do via the honey pot, but I thought against it
because where my computers are located it would be a security risk for
others if I let malicious connection attempts though. I'd likely get into
alot of trouble :-)

"ty" <ty@spamtraper.uk.org> wrote in message
news:eecb12-cu.ln1@redfox.00102345.dfhgjtyuk...
> On Sat, 11 Sep 2004 11:44:43 +0100
> "sirex" <junk@siology.net> wrote:
>
> >
> > "Heikki Lamp_n" <heze@htklx2.htk.fi> wrote in message
> > news:7Cs0d.2$Ej7.0@read3.inet.fi...
> >
> > > open ur ports and have fun. ull get plenty off unauthirized access
> > > attepts....
> >
> >
> > yeah, that's what I wanted to do via the honey pot, but I thought
> > against it because where my computers are located it would be a
> > security risk for others if I let malicious connection attempts
> > though. I'd likely get into alot of trouble :-)
>
> Not necessarily. I have my firewall/gateway direct all external
> connection attempts coming in to another machine only for the purpose
> of just monitoring, that same machine is not allowed to talk back to
> the internet so it logs all connection attempts but never replies.
> You can watch it all in real time with something like Iptraf. It would
> of course be a simple matter to have a honeypot enabled on that machine
> and only open ports you specificaly want to monitor for activity. As
> long as you have a second monitor say where you can watch in real time
> whats going on you can always pull its plug at any time.
>
>
> >
> >

hmmm, maybe. really I wanted systems from attackers too, you know ? not just
looking at the victims, but also the other sorts of situations I might
encounter. Whilst I know the techniques needed, there's nothing like real
practice, but obviously, finding suitable systems that are not real life
mission critical systems (or needed as court evidence) is tricky.

how do you practice something like this without faking the system yourself
and thereby knowing what to look for ? -- I'd get a friend to do it and swap
images with each other, but there's no substitute for the tricks a real
criminal thinks up.

sirex wrote:
> lo there. I'm looking for images of damaged linux hosts either by attack,
> virus, or other occurrence. If you've had an incident would it be possible
> to send me an image of the system ? (please make sure there's no private
> data on the image though (production systems would be best).
>
> I know its an odd request, but im studying forensic computing and I want
> some raw data to practice on. I'd set up a honey pot but I cant be 100% sure
> of the knock on effects (like someone claiming im dossing them from my honey
> pot box). so I'd rather not.
>
> Its best if its only a small image (no 200gig ones please!).
> In fact, any interesting images or files that I can have would be handy.
> (Floppy disk images with interesting files etc)
>
>
> --- on the other hand, if anyone knows of a good place to get example
> compromised system images or forensic challenges from, that would be very,
> very useful. -- I already know about http://www.honeynet.org/misc/chall.html
> though
>
>

Why not using UML to run a second Linux over your Linux box and launch
your own attacks to your simulated Linux box? I know knowing the
solution of the problem it's not the best way to learn forensics, but
this way you can do almost anything to your filesystem image and
the system it contains.


--

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"

"Jose Maria Lopez Hernandez" <jkerouac@bgsec.com> wrote in message
news:CQF0d.128027$r4.3794310@news-reader.eresmas.com...
> sirex wrote:
> > lo there. I'm looking for images of damaged linux hosts either by
attack,
> > virus, or other occurrence. If you've had an incident would it be
possible
> > to send me an image of the system ? (please make sure there's no private
> > data on the image though (production systems would be best).
> >
> > I know its an odd request, but im studying forensic computing and I want
> > some raw data to practice on. I'd set up a honey pot but I cant be 100%
sure
> > of the knock on effects (like someone claiming im dossing them from my
honey
> > pot box). so I'd rather not.
> >
> > Its best if its only a small image (no 200gig ones please!).
> > In fact, any interesting images or files that I can have would be handy.
> > (Floppy disk images with interesting files etc)
> >
> >
> > --- on the other hand, if anyone knows of a good place to get example
> > compromised system images or forensic challenges from, that would be
very,
> > very useful. -- I already know about
http://www.honeynet.org/misc/chall.html
> > though
> >
> >
>
> Why not using UML to run a second Linux over your Linux box and launch
> your own attacks to your simulated Linux box? I know knowing the
> solution of the problem it's not the best way to learn forensics, but
> this way you can do almost anything to your filesystem image and
> the system it contains.
>
>
> --
>
> Jose Maria Lopez Hernandez
> Director Tecnico de bgSEC
> jkerouac@bgsec.com
> bgSEC Seguridad y Consultoria de Sistemas Informaticos
> http://www.bgsec.com
> ESPAÑA
>
> The only people for me are the mad ones -- the ones who are mad to live,
> mad to talk, mad to be saved, desirous of everything at the same time,
> the ones who never yawn or say a commonplace thing, but burn, burn, burn
> like fabulous yellow Roman candles.
> -- Jack Kerouac, "On the Road"


Those are both useful ideas (@ty too). Its certainly something to go on.
Maybe when if i make some useful setup's i could release them for others to
go on. Maybe even setup some sort of online exchange system for training
forensic peeps. Theres certainly a need for that sort of resources.
Thanks all.