spacer [an error occurred while processing this directive]
About the Project
Research Alliance
Our Book

Scan of the Month

Scan 13

The scan for March, 2001. This month's challenge is unique as you are called upon to analyze an extremelly powerful but commonly used tool used by the blackhat community.

The Challenge:

  1. What is the blackhat attempting to do with his command line syntax?
  2. What does the tool accomplish?
  3. How does the tool work?
  4. Is this tool a worm, or would you classify it as something else?
  5. Is this tool original, or is it simply based on previous tools? If based on previous tools, which ones and what is modified?

Bonus Question:
What information can you obtain about who is using or created the tool?

The Results:

Writeups from the Honeynet Project members.

This month's tool is an auto-rooter, an automated to that allows individuals with only minimal skill sets to quickly scan, exploit, and control thousands of systems. It is tools like these that are causing many of the scans you are detecting.

Writeup from the Security Community

This month's response was outstanding, we had 45 submissions. We tried to be as far and throrough as possible with our reviews, but please keep in mind we have real lives/jobs too, so we could not dedicate as much time as we would have liked to. Alot of the submissions had the same excellent techncial content, but some of the submissions were easier to read then others. In such cases, we selected the docs easier to read. If you feel we missed your submission, or do not understand why it was judged the way it was, drop us an email. Since we had so many submissions, we have broken the entries into three categories, Top Four, Top Ten, and Top Twenty. Entries in the Top Ten and and Top Twenty list are not listed in any specific order. Now, on to the goods!

Thanks to everyone who contributed!

Back to Top