Honeypots mailing list archives
Re: Stealth VM
From: Dante Signal31 <dante.signal31 () gmail com>
Date: Mon, 6 Apr 2009 11:44:40 +0200
2008/10/6 Stuart Gilchrist-Thomas <stuartpaulthomas () gmail com>:
Hi, Does anyone have any pointers to evidence or advice on hiding or reducing the detection of VM honey pots. I know of temporal issues e.g. Timing metrics can give away a VM, and that you can manually alter peripheral identities e.g. virtual network cards etc. I've also created a company to purchase ip and hosting space to ensure a form of identity in depth. But I still lack experience in preventing detection. Can you help? Are you my only hope? ;) Many thanks. --- Sent whilst mobile. -original message- Subject: Re: Honeypot VMs From: pinowudi <pinowudi () gmail com> Date: 06/10/2008 00:13 HPC http://www.honeyclient.org/trac Jason Lewis wrote:Are there any honeypot VM resources? I've seen the SPARSA one, but the link is dead. jas
Hi Stuart, last year I wrote on my blog an article about VM detection. It's in spanish... but shell commands are an universal language ;-) http://danteslab.blogspot.com/2008/03/deteccin-de-mquinas-virtuales.html I hope you like it. Regards, -- Dante (http://danteslab.blogspot.com/)
Current thread:
- Re: Stealth VM Dante Signal31 (Apr 06)