Honeypots mailing list archives
Re: Know Your Enemy: Learning with VMware
From: Bill McCarty <bmccarty () apu edu>
Date: Mon, 27 Jan 2003 16:45:40 -0800
--On Monday, January 27, 2003 7:00 PM +0100 Alexandre Dulaunoy <adulau () foo be> wrote:
... Another point is the fingerprint of the VMware hardware. How do you solve that issue ? Is it a way to do change the hardware description in VMware ?
Apparently, your notion is that a production host would not likely be running VMware, and therefore the presence of VMware must be masked in a honeynet designed to attract skilled attackers. However, that notion isn't always accurate. In particular, VMware offers an enhanced version of their product, VMware ESX, that's designed for data centers and other high availability applications. VMware ESX is available from VMware, as you might expect. However, VMware ESX is also sold by IBM, bundled with IBM servers based on Intel x86 processors. So, some of the juiciest potential targets for attackers are running VMware. A deeper question, I think, is the degree to which VMware's virtualization is itself resistant to attack. The possibility exists that an attacker may be able to escape a virtual host and obtain access to the associated physical host. However, this risk is not peculiar to VMware. UML and other emulation or virtualization technologies would seem to share this risk. --------------------------------------------------- Bill McCarty
Current thread:
- Know Your Enemy: Learning with VMware Lance Spitzner (Jan 27)
- Re: Know Your Enemy: Learning with VMware Alexandre Dulaunoy (Jan 27)
- Re: Know Your Enemy: Learning with VMware tycho (Jan 27)
- Re: Know Your Enemy: Learning with VMware Bill McCarty (Jan 27)
- Re: Know Your Enemy: Learning with VMware Jeremy Bennett (Jan 27)
- Re: Know Your Enemy: Learning with VMware Bill McCarty (Jan 28)
- Re: Know Your Enemy: Learning with VMware Lance Spitzner (Jan 29)
- Re: Know Your Enemy: Learning with VMware Alexandre Dulaunoy (Jan 27)
- Re: Know Your Enemy: Learning with VMware Adam H . Pendleton (Jan 27)