Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Honeypots: Re: search for master of science project topic

Re: search for master of science project topic

From: Harry Hoffman <hhoffman_at_ip-solutions.net>
Date: Fri, 14 Oct 2005 15:53:57 -0400

Hmm,

I think something similar to this can be done with Xen.
http://www.cl.cam.ac.uk/Research/SRG/netos/xen/readmes/user/user.html#SECTION02430000000000000000

Although I believe you have to migrate all processes and memory.

This might actually be fun to play with

Cheers,
Harry

Stejerean, Cosmin wrote:
> What you mentioned sounds a lot like a bait and switch honeypot. I believe
> the idea is to migrate both the process in question and the connection to
> the honeypot so if a vulnerable server is exploited with a buffer overflow
> attack the process will be migrated to the honeypot and any connection from
> the attack will be redirected to the honeypot. This would be a step further
> than regular network based bait and switch honeypot because the HIDS would
> be able to detect when a process makes unusual system calls etc, as well as
> transfer the process image and everything else to the honeypot.
>
> The difficulty is in carefully migrating the process over and deciding what
> can or cannot be migrated.
>
> Cosmin
Received on Oct 14 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos