Honeypots mailing list archives
Re: honeypots Digest 5 Jul 2006 18:33:45 -0000 Issue 691
From: Yannis Corovesis <ycor () epmhs gr>
Date: Thu, 06 Jul 2006 18:07:28 +0300
George,sebek does not decrypt, ssh communication has an encrypt step, a transfer step and then a decrypt step otherwise the remote operating system would not understand commands like cp, ps, mv ...that
you sent via ssh. sebek snaps the data stream after decryption has occurred. yannis George wrote:
How you will intercept the crypted traffic from ssh? Is sebek so powerful to decrypt ssh? There is a honeypot that act as a ssh server but also write somewhere decrypted? You will make a forensics analyse? Thanks in advice, George --- Tom Doherty <tomd () singlesecond com> escreveu: > Hi Guys, > Is anyone aware of a patch that shows passwords > tried when a user is > trying to log into OpenSSH? > The reason I ask is I have had a honeypot online for > a week with various > accounts with what I would consider obvious > passwords, "password" for > example. After 7 bruteforce attempts access still > hasn't been gained. > I'd like to know the passwords attempted so I can > update the passwords > on the accounts, is there a patch available for > this? > Thanks > Tom >
Current thread:
- Re: honeypots Digest 5 Jul 2006 18:33:45 -0000 Issue 691 George (Jul 06)
- Re: honeypots Digest 5 Jul 2006 18:33:45 -0000 Issue 691 Yannis Corovesis (Jul 06)
- Re: honeypots Digest 5 Jul 2006 18:33:45 -0000 Issue 691 Siim Põder (Jul 12)
- Re: honeypots Digest 5 Jul 2006 18:33:45 -0000 Issue 691 ader (Jul 12)
- Re: honeypots Digest 5 Jul 2006 18:33:45 -0000 Issue 691 Mark J. Hufe (Jul 12)
- Re: honeypots Digest 5 Jul 2006 18:33:45 -0000 Issue 691 ader (Jul 12)
- Re: honeypots Digest 5 Jul 2006 18:33:45 -0000 Issue 691 ader (Jul 12)