Honeypots mailing list archives
RE: [in] Re: (pacsec bonus) Re: VMWare Detection?
From: "Curt Purdy" <purdy () tecman com>
Date: Wed, 17 Nov 2004 04:55:54 -0600
Kurt Seifried wrote:
Computer BIOS One way to identify VMware systems is by their BIOS, there are a number of free windows utilities that can query the BIOS for information and even extract a copy of the BIOS from the VMware system. The good news is that from within Windows NT/2000 you cannot easily access the BIOS and send commands
<snip> Very cool Kurt. This is the first I've seen of this. But this concept has always been in the back of my mind and bothered me, which is why in addition to a VMWare virtual subnet and Honeywall virtual subnet, I have real, plain vanilla boxes scattered throughout my honeynet. I monitor this Class C for ANY activity with Snort. Since it is a dead subnet, any alert is not a false-positive and any true hacker that is not fooled by my virtual nets will get stuck by the real boxes (don't use tarpit cause I don't want to piss-off anybody ;) That gives me the time I need to harden/closely monitor my real subnets. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ----------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity zar Richard Clarke
Current thread:
- VMWare Detection? Polazzo Justin (Nov 16)
- (pacsec bonus) Re: VMWare Detection? Laurent OUDOT (Nov 16)
- Re: (pacsec bonus) Re: VMWare Detection? Kurt Seifried (Nov 16)
- RE: [in] Re: (pacsec bonus) Re: VMWare Detection? Curt Purdy (Nov 17)
- Re: (pacsec bonus) Re: VMWare Detection? Lance Spitzner (Nov 18)
- Re: (pacsec bonus) Re: VMWare Detection? Stef (Nov 19)
- Re: (pacsec bonus) Re: VMWare Detection? Mike Tremoulet (Nov 19)
- Re: (pacsec bonus) Re: VMWare Detection? MrDemeanour (Nov 19)
- Re: (pacsec bonus) Re: VMWare Detection? awalters (Nov 19)
- Re: (pacsec bonus) Re: VMWare Detection? Dave Dittrich (Nov 22)
- Re: (pacsec bonus) Re: VMWare Detection? Kurt Seifried (Nov 16)
- (pacsec bonus) Re: VMWare Detection? Laurent OUDOT (Nov 16)