- How would you be able to determine where the intruder was obtaining their intrusion tools from?
- How would you be able to determine where the intruder may have off loaded the stolen information to?
08-May-2006 14:07:43.845 client 66.111.51.102#51402: query (cache) ‘www.insecure.org/A/IN' approved
08-May-2006 14:09:43.847 client 66.111.51.102#51403: query (cache) ‘www.2600.org/A/IN' approved
08-May-2006 14:11:43.864 client 66.111.51.102#51410: query (cache) ‘ftp.attrition.org/A/IN' approved
08-May-2006 14:13:43.854 client 66.111.51.102#51415: query (cache) ‘telnet.cultdeadcow.com/A/IN' approved
08-May-2006 14:15:43.863 client 66.111.51.102#51416: query (cache) ‘www.hackinthebox.org/A/IN' approved
08-May-2006 14:17:43.865 client 66.111.51.102#51427: query (cache) ‘home.cyberarmy.com/A/IN' approved
08-May-2006 14:19:43.873 client 66.111.51.102#51428: query (cache) ‘mixter.void.ru/A/IN' approved
08-May-2006 14:09:43.847 client 66.111.51.102#51403: query (cache) ‘www.2600.org/A/IN' approved
08-May-2006 14:11:43.864 client 66.111.51.102#51410: query (cache) ‘ftp.attrition.org/A/IN' approved
08-May-2006 14:13:43.854 client 66.111.51.102#51415: query (cache) ‘telnet.cultdeadcow.com/A/IN' approved
08-May-2006 14:15:43.863 client 66.111.51.102#51416: query (cache) ‘www.hackinthebox.org/A/IN' approved
08-May-2006 14:17:43.865 client 66.111.51.102#51427: query (cache) ‘home.cyberarmy.com/A/IN' approved
08-May-2006 14:19:43.873 client 66.111.51.102#51428: query (cache) ‘mixter.void.ru/A/IN' approved