Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

CoVirt

From: Alexander Reelsen <ref () tretmine org>
Date: Tue, 10 Jun 2003 16:37:30 +0200
Hi

http://www.eecs.umich.edu/CoVirt/

This sounds pretty interesting for honeypots and especially for
information gathering. The description:

--- snip ---
ReVirt (part of the CoVirt project) is a complete Linux-on-Linux virtual
machine with replay capability: you can explore the state of the entire
virtual machine at any point in the past.  For example, if you discover
an intruder, you can "go back in time" to see how they broke in, watch
the exploit in progress, and discover what was compromised. The overhead
of virtualization and logging is only 15-30%, even for kernel-intensive
applications.
--- snip ---


MfG/Regards, Alexander

-- 
Alexander Reelsen   http://tretmine.org
ref () tretmine org
Previous By Date Next
Previous By Thread Next

Current thread: