Honeypots mailing list archives

Re: honeypots Digest 5 Jul 2006 18:33:45 -0000 Issue 691

From: Yannis Corovesis <ycor () epmhs gr>
Date: Thu, 06 Jul 2006 18:07:28 +0300

George,

sebek does not decrypt,ssh communication has an encrypt step, a transfer step and then adecrypt stepotherwise the remote operating system would not understand commandslike cp, ps, mv ...that

you  sent via ssh.

sebek  snaps the data stream after decryption has occurred.

yannis


George wrote:

How you will intercept  the crypted traffic from ssh? Is sebek so
powerful to decrypt ssh? There is a honeypot that act as a ssh server
but also write somewhere decrypted? You will make a forensics analyse?

Thanks in advice,

George


 --- Tom Doherty <tomd () singlesecond com> escreveu:

> Hi Guys,
> Is anyone aware of a patch that shows passwords
> tried when a user is
 > trying to log into OpenSSH?
> The reason I ask is I have had a honeypot online for
> a week with various
> accounts with what I would consider obvious
> passwords, "password" for
 > example. After 7 bruteforce attempts access still
> hasn't been gained.
> I'd like to know the passwords attempted so I can
> update the passwords
> on the accounts, is there a patch available for
> this?
> Thanks
> Tom
>

Current thread:

Re: honeypots Digest 5 Jul 2006 18:33:45 -0000 Issue 691 George (Jul 06)
- Re: honeypots Digest 5 Jul 2006 18:33:45 -0000 Issue 691 Yannis Corovesis (Jul 06)
- Re: honeypots Digest 5 Jul 2006 18:33:45 -0000 Issue 691 Siim Põder (Jul 12)
  - Re: honeypots Digest 5 Jul 2006 18:33:45 -0000 Issue 691 ader (Jul 12)
    - Re: honeypots Digest 5 Jul 2006 18:33:45 -0000 Issue 691 Mark J. Hufe (Jul 12)
    - Re: honeypots Digest 5 Jul 2006 18:33:45 -0000 Issue 691 ader (Jul 12)