Honeypots mailing list archives
Re: Is it one way to detect honeypot?
From: wanfat wu <fred_honeypot () yahoo com hk>
Date: Thu, 12 Feb 2004 22:21:01 +0800 (CST)
Hi Olaf Gellert, Thank You for your reply first! I get your point. From my point of view, honeypot can also be used to detect unauthorized user or to protect local network, for example, in university campus. I think it is quite easy to detect MAC by using Ettercap. If I am the attacker, I can see many host with same MAC. So, I can know that host with diffierent MAC is the real host. How do you think? Best, Fred Ettercap Olaf Gellert <og () pre-secure de> wrote:wanfat wu wrote:
By looking at the MAC address, all the MAC are the same! Is it one way to detect honeypot? Anything to hide my honeypot?
Well, this is a way to detect a honeypot. But how do you get access to the MAC addresses? Usually you can only see MAC addresses in the local network segment. If an attacker comes from somewhere else (and usually this really should be the case) I think it will be difficult to get the MAC addresses. Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Consultant, Consulting GmbH Phone: (+49) 0700 / PRESECURE og () pre-secure de 必殺技、飲歌、小星星... 浪漫鈴聲 情心連繫 http://ringtone.yahoo.com.hk/
Current thread:
- Is it one way to detect honeypot? wanfat wu (Feb 11)
- Re: Is it one way to detect honeypot? ravivsn (Feb 12)
- Re: Is it one way to detect honeypot? Cedric Blancher (Feb 12)
- Re: Is it one way to detect honeypot? Olaf Gellert (Feb 12)
- Re: Is it one way to detect honeypot? wanfat wu (Feb 13)
- Re: Is it one way to detect honeypot? Olaf Gellert (Feb 12)
- Re: Is it one way to detect honeypot? wanfat wu (Feb 13)