Honeynet Exploit #1
As we finalize our Honeynet project, our systems were violated. Our goal is education with this project, and since we witnessed a very easy and common technique that some attackers use, we decided to post it here for your education. While the exploit is simple, the removal of their data is the trick.
We have attached copies of the IIS Log server and screen shots of the directory structure so that you can see, first hand, what happened and the steps the attacker used.
Click on the icon below for the evidence…
IIS Logs contain IIS Log information from the
dates of Febraury 4 – Febraury 14, 2002.
The Directory Structure image is a screenshot of
the directory the attackers created.
Properties of the Directory is an image showing
the amount of disk space the attackers used.
If you know how to remedy the problem they created, please email me at: mrcorp@mrcorp.net. The correct answer will be posted on this site so that if this happens to you, you will know how to remove their data.
(Hint: The key is
not what they did, but why they made the directory the way they did)