spacer [an error occurred while processing this directive]
About the Project
Research Alliance
Our Book

Scan of the Month

Scan 12

The scan for Febuary, 2001. This month's challenge is to decode a specific attack

The Challenge:

  1. What is the operating system of the honeypot, how do you know?
  2. What is the name of this attack?
  3. What is the attack attempting to accomplish?
  4. How does the attack work?

Bonus Question: Is it possible to gain remote control of the system using this technqiue? If so, how?

The Results:

Writeups from the Honeynet Project members

Writeup from the Security Community

The responses for this month's challenge have been outstanding. We received almost 30 repsonses, everyone did an excellent job. We truly hope that those who submitted answers developed their analysis skills. For others, we hope you benefit from their hard work. The most common mistake we found in people's analysis was they assumed the attack was NT RDS (or msdac) attack, that is not the case. Read the results and learn why.

Selecting the top entry was extremely difficult, as there are so many high quality analysis. Instead of selecting a single winner for this month, we have selected the top three entries. Also, we decided to not post submissions that were incorrect, so as not to confuse people as to which one was the correct answer. We would love to offer prizes to the top three (and actually everyone that submitted) but we do not have the resources.

Back to Top