Honeypots mailing list archives

Re: deceptive content on honeypots

From: Jeremy Bennett <jeremy_f_bennett () yahoo com>
Date: Thu, 10 Apr 2003 10:30:42 -0700 (PDT)

This presentation at the SAN pavillion at the NAB this week includes a
set of backup slides that discuss ManTrap (aka Symantec Decoy Server)
in a little bit more detail.
http://www.sanconference.com/content/2003/west/presentations/203.pdf
(This same presentation was given at SANS San Diego at a Symantec lunch
& learn session)

For the record the vulnerabilities discussed on bugtraq were in the 1.6
version of the product. The currently shipping version is 3.01. 3.1 is
slated to be released soon. SecurityFocus has references to the vendor
response as well as links to a few good papers on ManTrap. 

-J

--- Jim Yuill <jimyuill () pobox com> wrote:

In-Reply-To: <3E88CCCE.DFB0A098 () jessland net>

ManTrap has a Content Generation Module that takes care of that

stuff.


You can read about it at:

http://enterprisesecurity.symantec.com/content/displaypdf.cfm?

pdfid=343&EID=0


JESS


FYI, I searched the Net for other info on Mantrap, and found:
* Lance's Honepots book has a chapter on Mantrap
* search of SecurityFocus (for "mantrap") returned very interesting
info 
on a Mantrap vulnerability (to detection) discovered by Loki, and
fixed 
by vendor
* SC Magazine has a review of Mantrap

Info on other Mantrap sources would be most appreciated!

Jim

Current thread:

Re: deceptive content on honeypots Jeremy Bennett (Mar 31)
- <Possible follow-ups>
- RE: deceptive content on honeypots Richard La Bella (Florida Honeynet) (Apr 01)
- Re: deceptive content on honeypots Jim Yuill (Apr 02)
- Re: deceptive content on honeypots Jim Yuill (Apr 08)
  - Re: deceptive content on honeypots Jeremy Bennett (Apr 10)