Re: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?

[Dragos Ruiu <dr () kyx net>]

guess honeyd :)

cheers,
--dr

On Wednesday 20 June 2007 07:49, Paul Melson wrote:
> > I'm doing a pen test a new IPS appliance from outside the network, while
>
> working through the assessment
>
> > I found that the server designated as my target was a honeypot set up by
>
> our server team rather than a
>
> > normal server.
> >
> > I've now been challenged to now tell them the actual name of the honeypot
>
> software they are using.
>
>
> The blue ribbon here is to find a vuln in the honeypot itself and break out
> into the host OS.  But that may not be very realistic.
>
> You could try fingerprinting the OS and services that it is imitating and
> compare that list to which honeypots imitate what.  But that's kind of a
> shot in the dark, and if it's imitating only IIS on Windows, well, then,
> that's not going to cut it.
>
> Have you considered bribing one of the NOC guys to let you in or just tell
> you what they're using? :)
>
> PaulM
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic
> See HOW Now with our 20/20 program!
>
> http://www.cenzic.com/c/2020
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------