Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Stealth VM

From: Dante Signal31 <dante.signal31 () gmail com>
Date: Mon, 6 Apr 2009 11:44:40 +0200
2008/10/6 Stuart Gilchrist-Thomas <stuartpaulthomas () gmail com>:

Hi,

Does anyone have any pointers to evidence or advice on hiding or reducing the detection of VM honey pots. I know of 
temporal issues e.g. Timing metrics can give away a VM, and that you can manually alter peripheral identities e.g. 
virtual network cards etc.
I've also created a company to purchase ip and hosting space to ensure a form of identity in depth. But I still lack 
experience in preventing detection. Can you help? Are you my only hope? ;)

Many thanks.

---
Sent whilst mobile.

-original message-
Subject: Re: Honeypot VMs
From: pinowudi <pinowudi () gmail com>
Date: 06/10/2008 00:13

HPC

http://www.honeyclient.org/trac

Jason Lewis wrote:

Are there any honeypot VM resources?  I've seen the SPARSA one, but the
link is dead.

jas






Hi Stuart,

last year I wrote on my blog an article about VM detection. It's in
spanish... but shell commands are an universal language ;-)

http://danteslab.blogspot.com/2008/03/deteccin-de-mquinas-virtuales.html

I hope you like it.

Regards,


-- 
Dante
(http://danteslab.blogspot.com/)
Previous By Date Next
Previous By Thread Next

Current thread: