Honeypots mailing list archives
Re: Is it one way to detect honeypot?
From: <ravivsn () roc co in>
Date: Thu, 12 Feb 2004 00:23:17 +0530 (IST)
Fred,
Hi All, I am running honeyd with arpd. It can answer with unused IP. However, when I use some programs to check the MAC address of virtual hosts(unused IP), it always answer with the MAC address of honeyd host.
Yes, HoneyD uses the hosts MAC address.
By looking at the MAC address, all the MAC are the same! Is it one way to detect honeypot?
Yes, Run Hunt in the LAN, you will find the machines spoofing the MAC. ArpWatch will help you a lot.
Anything to hide my honeypot?
Me too dont know how to hide from LAN PCs. If the attacker is from Internet, there is no simple way to find. Ravi ROCSYS technologies Ltd http://www.rocsys.com
Thanks! Best, Fred ¥²±þ§Þ¡B¶¼ºq¡B¤p¬P¬P... ®öº©¹aÁn ±¡¤ß³sô http://ringtone.yahoo.com.hk/
Current thread:
- Is it one way to detect honeypot? wanfat wu (Feb 11)
- Re: Is it one way to detect honeypot? ravivsn (Feb 12)
- Re: Is it one way to detect honeypot? Cedric Blancher (Feb 12)
- Re: Is it one way to detect honeypot? Olaf Gellert (Feb 12)
- Re: Is it one way to detect honeypot? wanfat wu (Feb 13)
- Re: Is it one way to detect honeypot? Olaf Gellert (Feb 12)
- Re: Is it one way to detect honeypot? wanfat wu (Feb 13)