|
Honeypots
mailing list archives
Re: Building an Honeypot using VMWare
From: Bill McCarty <bmccarty () apu edu>
Date: Mon, 04 Nov 2002 08:32:17 -0800
Hi Bruno and all,
--On Monday, November 04, 2002 3:58 PM +0000 Bruno MAC Castro
<bcastro () dei uc pt> wrote:
4. It would be important to hide the VMWare process on the Guest. I need
a tool (or a solution) to cover or hide the VMWare process in both
systems. Ideas?
There are several other ways for an attacker to determine that the
compromised host is a virtual host. For example, a virtual machine's
virtual network adapters have distinctive MAC addresses. Similarly, the
BIOS string and information from emulated PCI probes can give away the game.
On the other hand, worms and script kiddies won't care much -- or possibly
even notice -- that they've compromised a virtual machine. Yes, askilled
blackhat might notice and care. But, concealing the virtual nature of a
honeypot from that species is probably beyond the state of the art --
possibly a good topic for a master's thesis in itself <grin>.
Cheers,
---------------------------------------------------
Bill McCarty
 By Date 
By Thread
Current thread:
|
Intro
