On Tue, 3 Oct 2006, Michael Cohen wrote:
On Tue, Oct 03, 2006 at 07:44:05PM +0930, nepBabu.cx wrote:
Good day Michael,
atm I am learning to use many of the tools such as tcpdump, ethereal, nc
and nmap myself to secure my box.
Basically, my question is, what's the advantage of pyflag over them and
what else can we accomplish more using pyflag other than investigating
large amount of logs ?
nepBabu,
PyFlag is a forensic utility for post incident analysis, not so much a secure
your box type utility. The main page is at http://pyflag.sf.net/ which might
give you more information about the pyflag tool itself.
The File Format Library is a small part of the main project - because we need
to read and interpret many different file types.
Very cool!
I was fortunate to attend a presentation from OSU[1] a few years ago
(at Lisa 2000) and they took libpcap extraction to a new level with
reassembling Quake traffic[2]:
Quake-replay
â Reads server to client traffic from a tcpdump log
â Massages it with view direction assumed from the client to
server traffic
â Constructs a demo recording that you can play
They obviously had way too much time on their hands :-)
[1] interesting real-life security incident
http://www3.net.ohio-state.edu/security/talks/2000/2000-12-07_incident-response_lisa/stuff_files/v3_document.htm
[2]
http://www3.net.ohio-state.edu/security/talks/2000/2000-12-07_incident-response_lisa/stuff-text.pdf
--
Chris Foote <[EMAIL PROTECTED]>
Inetd Pty Ltd T/A HostExpress
Web: http://www.hostexpress.com.au
Blog: http://www.hostexpress.com.au/drupal/chris
Phone: (08) 8410 4566_______________________________________________
sapug mailing list
[email protected]
http://mail.python.org/mailman/listinfo/sapug
