Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?

From: Jeremiah Brott <jeremiah () access2networks com>
Date: Thu, 21 Jun 2007 15:14:00 -0400
There was a paper written awhile back about detecting honeyd via packet fragmentation. Link below:

http://www.merit.edu/networkresearch/papers/pdf/2006/MTR-2006-01.pdf

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of TStark
Sent: Tuesday, June 19, 2007 2:10 PM
To: pen-test
Subject: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?

Good afternoon,

I'm doing a pen test a new IPS appliance from outside the network,
while working through the assessment I found that the server
designated as my target was a honeypot set up by our server team
rather than a normal server.

I've now been challenged to now tell them the actual name of the
honeypot software they are using.

So with that, I figure I'd ask the pros, hoping that someone has a
suggestion other than me low crawling under the raised floor in the
server room looking for the host server:P


Thanks for the help!

Tony

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: