Honeypots mailing list archives
Re: Building an Honeypot using VMWare
From: Michael <soppscum () online no>
Date: Thu, 14 Nov 2002 04:30:10 +0100
On Mon, 4 Nov 2002 14:02:07 -0500 (EST) Edward Balas <ebalas () iu edu> wrote:
On Mon, 4 Nov 2002, Bruno MAC Castro wrote:Thanks Bill, I agree with you in everything... But, it would improve the concept of a Honeypot if the trace of a virtual machine (VMWare) was hard (or impossible) to find. My goal is to reach a stage where there is no visible VMWare process in my honeypot. I also know that it is almost impossible to reach it, but we need high goals to keep us working... right? ;-)There arent any vmware processes running per se in the honeypot the problem is that many OSs recognize the disk as of vmware type, and the same for the ethernet and other such devices. Regarding the MAC address that is configuratable so its no issue. Also dont install the vmware-tools on the guest.
Seems like something you'd use a hex editor for =)
Current thread:
- Building an Honeypot using VMWare Bruno MAC Castro (Nov 04)
- Re: Building an Honeypot using VMWare Bill McCarty (Nov 04)
- RE: Building an Honeypot using VMWare Bruno MAC Castro (Nov 04)
- RE: Building an Honeypot using VMWare Edward Balas (Nov 04)
- RE: Building an Honeypot using VMWare Bruno MAC Castro (Nov 04)
- Re: Building an Honeypot using VMWare Michael (Nov 13)
- RE: Building an Honeypot using VMWare Bruno MAC Castro (Nov 04)
- Re: Building an Honeypot using VMWare Bill McCarty (Nov 04)
- Re: Building an Honeypot using VMWare Floydman (Nov 04)
- <Possible follow-ups>
- RE: Building an Honeypot using VMWare Muhammad Faisal Rauf Danka (Nov 04)
- Re: Building an Honeypot using VMWare Alberto Gonzalez (Nov 05)
- RE: Building an Honeypot using VMWare Bruno MAC Castro (Nov 05)
- Re: Building an Honeypot using VMWare Ali Saifullah Khan (Nov 12)
- RE: Building an Honeypot using VMWare Dennis Rand (Nov 05)