Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Know Your Enemy: Learning with VMware

From: tycho () fruru com
Date: Tue, 28 Jan 2003 00:04:31 +0100 (CET)
On Mon, 27 Jan 2003, Alexandre Dulaunoy wrote:


On Mon, 27 Jan 2003, Lance Spitzner wrote:


Solaris, and OpenBSD.   The Honeynet Project has found 
VMware to be a very powerful solution for development 
and testing of Honeynet technologies.



Yes, this  is a powerful  solution but this  is still not Free  (as in
Freedom  ;-).   Another  point  is  the  fingerprint   of  the  VMware
hardware. How do you  solve that issue ? Is it a  way to do change the
hardware description in VMware ? 


AFAIK apart from editing in the vmware binary, there is no way to make eg. 
the disks report something less obvious as model identification.  Joy :-)

I guess it all depends up to what level you want to give people a 
"real"-feeling system to hack/crack.  And with more and more real 
webhosting businesses starting to offer UML and/or VMWare'd "machines" to 
their clients I think that VMware/UML honeypots will gain in importance 
and will more easily be accepted by blackhats.  But I would love to hear 
your feedback on this.


PS : Is there some other honeynet running with plex/bochs ?  


Do you have too much spare processing power ? :-)

Cheers,
Tycho
Previous By Date Next
Previous By Thread Next

Current thread: