From the ISN Mailing List:
Date: Mon, 1 Sep 2003 17:25:34 -0500
From: Brian Carrier
To: Forensics , firstname.lastname@example.org
Subject: Honeynet Scan of The Month #29
The latest Honeynet Project's Scan of the Month has finally been
released. We think you will find that it was worth the wait though.
Your mission is to conduct incident response and analyze a live image
of a compromised Linux Red Hat 7.2 system. Using VMWare, the honeypot
system was suspended and the challenge is to verify the incident and
analyze it, while minimizing the impact you have on the potential
evidence. An eval copy of VMWare workstation can be used for the
The image details and a full list of questions can be found at:
Because of the amount of work involved in this challenge, a full month
will be given. All submissions must be returned no later than 23:00
GMT September 29, 2003.
The Honeynet Scan of the Month is to forensics types as the free-weight room is to bodybuilders. Various abilities and group efforts are welcome (unless otherwise stated in the intro for the month's contest.