Honeypots mailing list archives
Re: logging facility
From: Edward Balas <ebalas () iu edu>
Date: Fri, 29 Aug 2003 09:46:40 -0500 (EST)
On Thu, 28 Aug 2003 Motayyam79 () aol com wrote:
"Encrypted traffic such as that to an SSL web server can be decrypted and logged." How can encrypted traffic be decrypted with a honeypot?
Check out a tool called Sebek, its bread and butter is encryption circumvention on honeypots. It works as hidden kernel module that collects all sys_read activity and covertly exports it to a collection system. http://project.honeynet.org/tools/index.html I should also note that a new version of sebek, including a nice whitepaper, will be available in about 3 weeks.
Current thread:
- Re: logging facility, (continued)
- Re: logging facility Motayyam79 (Aug 27)
- Re: logging facility Richard Stevens (Aug 28)
- Re: logging facility KeyFocus (Aug 28)
- Re: logging facility Floydman (Aug 28)
- Re: logging facility Floydman (Aug 28)
- Re: logging facility Motayyam79 (Aug 28)
- Re: logging facility KeyFocus (Aug 28)
- Re: logging facility urbn (Aug 29)
- Re: logging facility KeyFocus (Aug 29)
- Re: logging facility KeyFocus (Aug 28)
- Re: logging facility Valdis . Kletnieks (Aug 28)
- Re: logging facility Edward Balas (Aug 29)
- Re: logging facility Motayyam79 (Aug 27)
- Re: logging facility Peter Bates (Aug 28)
- Re: logging facility Ryan Barnett (Aug 29)