Honeypots mailing list archives

Re: logging facility

From: Edward Balas <ebalas () iu edu>
Date: Fri, 29 Aug 2003 09:46:40 -0500 (EST)

On Thu, 28 Aug 2003 Motayyam79 () aol com wrote:

"Encrypted traffic such as that to an SSL web server can be decrypted and 
logged."

How can encrypted traffic be decrypted with a honeypot?


Check out a tool called Sebek, its bread and butter is encryption 
circumvention on honeypots.  It works as hidden kernel module that 
collects all sys_read activity and covertly exports it to a collection 
system.

http://project.honeynet.org/tools/index.html

I should also note that a new version of sebek, including a nice
whitepaper, will be available in about 3 weeks.

Current thread:

Re: logging facility, (continued)
- Re: logging facility Motayyam79 (Aug 27)
  - Re: logging facility Richard Stevens (Aug 28)
  - Re: logging facility KeyFocus (Aug 28)
    - Re: logging facility Floydman (Aug 28)
  - Re: logging facility Floydman (Aug 28)
- Re: logging facility Motayyam79 (Aug 28)
  - Re: logging facility KeyFocus (Aug 28)
    - Re: logging facility urbn (Aug 29)
    - Re: logging facility KeyFocus (Aug 29)
  - Re: logging facility Valdis . Kletnieks (Aug 28)
  - Re: logging facility Edward Balas (Aug 29)
- Re: logging facility Peter Bates (Aug 28)
- Re: logging facility Ryan Barnett (Aug 29)