Honeypots mailing list archives
CoVirt
From: Alexander Reelsen <ref () tretmine org>
Date: Tue, 10 Jun 2003 16:37:30 +0200
Hi http://www.eecs.umich.edu/CoVirt/ This sounds pretty interesting for honeypots and especially for information gathering. The description: --- snip --- ReVirt (part of the CoVirt project) is a complete Linux-on-Linux virtual machine with replay capability: you can explore the state of the entire virtual machine at any point in the past. For example, if you discover an intruder, you can "go back in time" to see how they broke in, watch the exploit in progress, and discover what was compromised. The overhead of virtualization and logging is only 15-30%, even for kernel-intensive applications. --- snip --- MfG/Regards, Alexander -- Alexander Reelsen http://tretmine.org ref () tretmine org
Current thread:
- CoVirt Alexander Reelsen (Jun 10)
- Re: CoVirt George Washington Dunlap III (Jun 10)