In the course of tracking the attacker, a great deal of network traffic was captured by a specially modified version of tcpdump (here's information on the legality of the acquisition of this evidence), and then a program written by Tsutomu was used to produce playable logs. Another program will play them back (forwards or backwards) for you, in real-time (or faster, if you choose).
Note that you must have a version of the program telnet running on your machine to view these.
Select a period of traffic from the list below and you will see a list of sessions on those days to choose from.
- The "best of"
- February 5-7, 1995
- A series of sessions in which he forges mail to Jon Littman and looks at Littman's and Markoff's mail. Continually covers his tracks.
- February 8, 1995
- Key sessions in tracing the attack back to Netcom. Some hints that this is Kevin Mitnick - searches for the "itni" in mail files.
- February 10, 1995
- The talk sessions with jsz from Israel that offer proof that this is Kevin Mitnick.
- February 10-11, 1995
- Late night/early morning sessions on the 10th/11th. Breaking in to Dan Farmer's machine. Breaking in to Motorola, rebooting CSN. This is the call that was traced; what a way to spend a Friday night! Hiding files on netcom. Searching for "Kevin Mitnick" in NEXIS/LEXIS.
- February 11-12, 1995
Late night/early morning sessions on the 11th/12th. Breaking in to Dan Farmer's machine to steal SATAN, his network security probing program. Talk session with his friend Lewiz, poking at various sites.
- February 13-14, 1995
- Something or someone has tipped Kevin, and he's turning paranoid and more destructive. Move around his files, changes his passwords, like a squirrel digging up and reburying its nuts.
       |
|---|
Copyright © 1995 Vicious
Fishes Web Design and Dan
Meriwether. All rights reserved.
Contact: webmaster@takedown.com