Re: Honeyd Security Advisory 2004-001: Remote Detection Via Simple Probe Packet

[Ryan Barnett <RCBarnett () hushmail com>]

In-Reply-To: <20040121085146.GW5496 () citi citi umich edu>

I am assuming this advisory is in response to the recent Phrack "fake" article entitled "Advanced Honeypot 
Identification" -http://www.phrack.org/fakes/p63/p63-0x09.txt

It discusses some interesting issues with sebek, honeyd and vmware virtual honeypot systems.

-Ryan

> -----BEGIN PGP SIGNED MESSAGE-----
>
> Honeyd Security Advisory 2004-001
> =================================
>
> Topic:    Remote Detection Via Simple Probe Packet
>
> Version:  All versions prior to Honeyd 0.8
>
> Severity: Identification of Honeyd installations allows an
>         adversary to launch attacks specifically against
>          Honeyd.  No remote root exploit is currently known.