Honeypots mailing list archives

RE: Problem with Sebek client 3.0.4 and 3.0.3 for Windows

From: "mng3 () libero it" <mng3 () libero it>
Date: Sun, 15 Oct 2006 11:35:31 +0200

I tried both to execute commands with the console and establish a connection with telnet from another machine towards 
port 80 of the honeypot (in the honeypot there is IIS 5.1).

Regards.

Sam

(Sorry if you received more than 1 copy of this message)

How are you causing the windows machine to generate sebek packets? Using
console (e.g, cmd.exe) to execute a command?

Thanks,
Michael A. Davis
Chief Executive Officer
Savid Technologies, Inc.
Main: 708.243.2850
http://www.savidtech.com

This email may contain confidential and privileged information for the sole
use of the intended recipient. Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please contact
the sender and delete all copies of this message.

-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On Behalf Of mng3 () libero it
Sent: Friday, October 13, 2006 5:39 PM
To: honeypot honeypot
Subject: Problem with Sebek client 3.0.4 and 3.0.3 for Windows

Hi all,
I have a problem with Sebek client for Windows version 3.0.4
and 3.0.3.
I use Roo hw1.0-189 and the (virtual) honeypot is WinXP Pro
sp2, executed with VMware Player (Host OS: WinXP home sp2).

I installed and configured Sebek client on my honeypot, but
when I restarted it, the machine shown me a BSOD and, after a
while, it tried to restart itself , but unsuccessful.

So, I restored the latest working configuration of WinXP, and
this solved the problem: WinXP started correctly.
However, Sebek client didn't do his job: it didn't send any packet.

Afterward I tried to configure Sebek again, using the
"Configuration Wizard" and this time WinXP didn't show any
problem. However, Sebek client still don't work.

I have used both tcpdump and sbk_extract to check the
existence of Sebek packets, but I did't find any.

Furthermore I have connected the honeypot with another
machine in which there is Ethereal,but the result was the same.

This happen with both version 3.0.4 and version 3.0.3 (of
course, I configured the Honeywall correctly).

I will be grateful to everyone that will help me.
Thanks.

Sam

Current thread:

Problem with Sebek client 3.0.4 and 3.0.3 for Windows mng3 () libero it (Oct 13)
- RE: Problem with Sebek client 3.0.4 and 3.0.3 for Windows Michael A. Davis (Oct 14)
- <Possible follow-ups>
- RE: Problem with Sebek client 3.0.4 and 3.0.3 for Windows mng3 () libero it (Oct 15)