Shimomura’s Analysis

• Shimomura receives a report of intrusion

• Notices inconsistencies in logs

• Checks the host for last accessed files, libraries and suid programs

• Uses tcpdump for traffic analysis

• Detects IP Spoofing

• Detects that the attacker is searching for trust relationship

• Detects Sequence Guessing attack

Previous slide

Next slide

Back to first slide

View graphic version