18 Apr
2003
18 Apr
'03
1:09 p.m.
On Thu, 17 Apr 2003, Tyler Durden wrote:
Anyone know what kind of encryption is being discussed below? (ie, that hackers use to communicate with each other)
lance is talking about encrypted archives, pgp'd messages, ssh and silc. short version is that his honeypots install a kernelmod to log all the IO buffers after decryption or before encryption and then fire them out over the wire. there is another kernel mod to prevent the raw socket / bpf / lpf / tap / ??? from seeing frames with a certain mac address. i saw him at cansecwest last week - good talk as usual. the talk he gave should be posted to www.cansecwest.com shortly...
-TD
HoneyNet Looks to Stick Hackers
[snip]
-- GDB has a 'break' feature; why doesn't it have 'fix' too?