Blueheat Company’s  production server was out of order again. The CEO was very upset and want their CIO Leo to figure out what happened. Leo asked those IT guys to investigate what’s  going on but in vain. That’s a SUN SPARC server running Solaris 10 and those IT guys could not find anything unusual.

The CEO decided to call the Police when that production server crashed again. Forensic  guy R started to conduct an investigation on firewall and security logs of that server to identify whether the attack was from outside or not. He found no threat from outside, and he thought  there was a “mole” in this company. That’s a serious situation. IT guys were familiar with those systems, and if one of them was the “mole”, it’s difficult to distinguish who was the mole or not only by checking daily operations.

Blueheat had more than ten IT guys including Developers, DBAs, System Engineers, etc in IT department. They all needed to access server farms all day, and also they got permissions to acess server farms. So it’s difficult to identify what’s normal operations and what’s unusual operations. Forensic guy R decided to deploy monitoring script on that SUN SPARC server,and the monitoring script will record timestamp, source ip, user account, and any key stroke. Also it will send alerts to forensic guy’s mailbox automatically.

Couple days later fortunately forensic guy R found a connection log on 2010/1/5 15:14. Guess what? The “mole” tried to edit a script and he/she disabled Samba service. He/she also took a look at the file “/etc/passwd” on 2010/1/5 15:14. Forensic guy R checked the DHCP log and found that IT guy Mr.A used that ip as exactly in monitoring log of 2010/1/5 15:14.

Forensic guy R examined Mr.A’s workstation and found some scripts could do something bad to servers. Finally Mr.A confessed the crime he did and got caught.

Find out who the “mole” is?的更多相关文章

  1. Microsoft Mole原理及常见问题整理

     Moles与Moq(Rhino.Mocks)比较 作用范围 Moq与Rhino.Mocks这类的Mock是对Interface或AbstractClass做Mock, 而Moles是Mock整个 ...

  2. Codeforces Gym 101190M Mole Tunnels - 费用流

    题目传送门 传送门 题目大意 $m$只鼹鼠有$n$个巢穴,$n - 1$条长度为$1$的通道将它们连通且第$i(i > 1)$个巢穴与第$\left\lfloor \frac{i}{2}\rig ...

  3. 【BZOJ4849】[Neerc2016]Mole Tunnels 模拟费用流

    [BZOJ4849][Neerc2016]Mole Tunnels Description 鼹鼠们在底下开凿了n个洞,由n-1条隧道连接,对于任意的i>1,第i个洞都会和第i/2(取下整)个洞间 ...

  4. Mole and Abandoned Mine

    Mole and Abandoned Mine n点m条边的无向图,删除第i条边花费c[i],问1到n只有一条路径时所需要的最小花费? \(2\le n\le 15\) . 我又A掉了一道zzs的题啦 ...

  5. 手动脱Mole Box壳实战总结

    作者:Fly2015 这个程序是吾爱破解脱壳练习第8期的加壳程序,该程序的壳是MoleBox V2.6.5壳,这些都是广告,能够直接无视了.前面的博客手动脱Mole Box V2.6.5壳实战中已经给 ...

  6. 手动脱Mole Box V2.6.5壳实战

    作者:Fly2015 这个程序是吾爱破解脱壳练习第8期的加壳程序,该程序的壳是MoleBox V2.6.5壳,之前也碰过该种壳但是这个程序似乎要复杂一点. 首先对加壳程序进行侦壳处理. Exeinfo ...

  7. [bzoj4849][Neerc2016]Mole Tunnels

    来自FallDream的博客,未经允许,请勿转载,谢谢 貌似是省队集训女队讲的题... 今天在bzoj找一道题无果,但是翻到了这道就顺便写了下. 鼹鼠们在底下开凿了n个洞,由n-1条隧道连接,对于任意 ...

  8. BZOJ4849[Neerc2016]Mole Tunnels——模拟费用流+树形DP

    题目描述 鼹鼠们在底下开凿了n个洞,由n-1条隧道连接,对于任意的i>1,第i个洞都会和第i/2(取下整)个洞间有一条隧 道,第i个洞内还有ci个食物能供最多ci只鼹鼠吃.一共有m只鼹鼠,第i只 ...

  9. AT2657 Mole and Abandoned Mine

    传送门 好神的状压dp啊 首先考虑一个性质,删掉之后的图一定是个联通图 并且每个点最多只与保留下来的那条路径上的一个点有边相连 然后设状态:\(f[s][t]\)代表当前联通块的点的状态为\(s\)和 ...

随机推荐

  1. Redirect 原理

    mvc .net 中,从服务器端跳转页面有很多方法 有些不会改变浏览器地址栏的地址,这个好理解,mvc本身的机制就是action的名字不一定是view的名字 我们请求的不是文件名,在action中我们 ...

  2. python (16) 如何在linux下安装lxml(pip安装,ubuntu下,centos下)

    首先需要明白lxml包依赖其他包,必须先安装其他包然后再安装lxml 安装python-pip:方便安装python的第三方包 [root@******/]# wget https://bootstr ...

  3. JAVA 综合布局应用

    //布局综合应用 import java.awt.*; import javax.swing.*; public class Jiemian4 extends JFrame{ JPanel mb1,m ...

  4. border-radius 样式表CSS3圆角属性

    border-radius 是CSS3圆角属性,用来实现DIV层的4个边框画成圆角. 一.语法: border-radius : none | <length>{1,4} [/ <l ...

  5. shell 外部传入jmeter脚本线程数,rampUp时间,持续运行时间

    jmeter参数化部分参考上一篇 shell参数说明:$1线程数,$2:全部并发数rampup时间,$3:脚本持续运行时间,$4:每次脚本循环持续时间 $5:所以循环持续时间 #!/bin/bash ...

  6. NLog文章系列——如何配置NLog

    NLog支持以多种不同方式配置,目前同时支持直接编程和使用配置文件两种方法.本文将对目前支持的各种配置方式作详细描述. 日志配置 通过在启动的时候对一些常用目录的扫描,NLog会尝试使用找到的配置信息 ...

  7. C# BackgroundWorker的使用【转-http://www.cnblogs.com/tom-tong/archive/2012/02/22/2363965.html】

    BackgroundWorker 可以用于启动后台线程. 主要的事件及参数: 1.DoWork——当执行BackgroundWorker.RunWorkerAsync方法时会触发该事件,并且传递DoW ...

  8. cocos2dx 锁定30帧设置

    修改代码: AppDelegate.cpp // set FPS. the default value is 1.0/60 if you don't call this pDirector->s ...

  9. 蓝桥杯---汉字取首字母(位运算 & 水题)

    确实题目虽然有点水,但是开始的时候好像还真的没有想到怎么提取出这个编号一不小心感觉可以可以用unsigned char 这种类型,直接转为16进制,但是之后发现虽然第一次在codeblock中还行,但 ...

  10. oracle参数open_cursors和session_cached_cursor详解!

    SQL> show parameter open_cursors           --每个session(会话)最多能同时打开多少个cursor(游标) NAME               ...