Review Revisited, Again

• Lots of questions, but tedious to search N gigabytes of tcpdump logs for answers.

• Created a report generator for review:

  • IRC nicks used
  • email sent from/to
  • files transferred by ftp, irc dcc send
  • urls visited on web
  • detects some probes, some exploits

• The report is clickable – takes you to the session

Previous slide

Next slide

Back to first slide

View graphic version