Workshops/Finding a worms origin
From 22C3
This is the planning page for Tim's Workshop about finding a worm's origin at 22C3
Contents |
Topic
In this workshop I want to start an interactive session first giving an intro to a few techniques to track down the origin of intrusions. I will talk about this by describing a recent case study where I tracked down a recent Mambo worm of a script kiddie which aimed to create a botnet on IRC of willing drones using Keaten. After that there will be plenty of time for knowledge peering on how to track down these annoyances.
When
The workshop will take place on Day 4 of the 22C3 (30th December 2005) from 11:00 to 12:00 am.
Note
I will describe a few standard console utilities that can help to find the origin of an ongoing annoyance/attack. I'm open for any suggestions you might have. I would like to start by presenting a case study of a worm whose origin I tracked down a couple of days ago which shows some simple means that you could try as a first guess. If the audience jumps in we could interactively discuss more clever ways and peer the knowledge the participants have.
Suggestions
Please put ideas and links you think others should know beforehand etc. here
Participants
This is completely optional, but feel free to add your name and/or scene handle and a link to your blog/homepage here. (Nobody's going to check if you really come to the workshop.) If you want to give a short talk, please mention it, so no topic will be covered twice.
- Tim
- Buck