Hello all,
I was wondering if you could help me out with a problem I'm having w/
the Sebek server running on a roo 1.0 honeywall (not the newest 1.0.189
version).
I have installed the win32 3.0.3 client and specified a destination IP
of 6.6.6.6 and a UDP port of 666. I'm running the sebek server w/ the
command:
/usr/bin/perl /usr/sbin/sebekd.pl -U hflow -W honey -p 666 -i eth1 -l
/var/run/sebek-pipe -I <my honeywall management ip>
When I look at my log in /var/log/sebekd I see the following:
malformed sebek record: data length=34 packet caplen=166
malformed sebek record: data length=36 packet caplen=170
malformed sebek record: data length=2 packet caplen=102
malformed sebek record: data length=47 packet caplen=192
malformed sebek record: data length=40 packet caplen=178
malformed sebek record: data length=2 packet caplen=102
malformed sebek record: data length=41 packet caplen=180
malformed sebek record: data length=2 packet caplen=102
malformed sebek record: data length=49 packet caplen=196
malformed sebek record: data length=2 packet caplen=102
malformed sebek record: data length=51 packet caplen=200
malformed sebek record: data length=2 packet caplen=102
malformed sebek record: data length=48 packet caplen=194
I see traffic being generated from my honeypot when I execute commands.
I don't see any data in the database either.
Any help you could provide would be greatly appreciated.
Thank you,
Richard Compton
Network Security Supervisor
Charter Communications
12405 Powerscourt Drive
St. Louis, MO 63131
W: 314-543-2506
C: 314-568-2876
Received on Oct 18 2005
Intro
