Network Intrusion Recovery
Yesterday I gave a talk at the USENIX LISA conference about the difficulties involved in the process of recovering a network infrastructure from a large-scale intrusion.
Stories about post-mortem analysis of such incidents are rare. Here are a few links and pointers:
“Big-Box Breach: The Inside Story of Wal-Mart’s Hacker Attack” (HTML)
Chronicle of a Server Break-In (HTML, see link to Paul’s actual postmortem)
Abe Singer. “Tempting Fate,” ;login:, Volumn 30, #1, Usenix Association, November 2005. (grab a copy of ;login)
Eugene H. Spafford. The Internet Worm Program: An Analysis (PDF)
Cliff Stoll. “The Cuckoo’s Egg” (HTML)
Bill Cheswick. “An Evening With Berferd In Which a Cracker is Lured, Endured, and Studied” (PDF)
