Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

honeypots logo Honeypots mailing list archives

walleye issue?
From: "James Lee" <jak.james () gmail com>
Date: Tue, 28 Feb 2006 20:41:13 +0000
Hi,
When I'm monitoring my honeywall in realtime  with something like this:
./sbk_extract -i eth1 -p 1101 | ./sbk_ks_log.pl
and I start an ssh session to the honeypot I can see everything on my
monitor, however when I go check that session on walleye interface for
every ssh sessions started I always see a weird process tree, that is,
the command list isn't correct and it ALWAYS has:
a sshd that forks a "bash sshd", then a "egrep", then a "bash egrep",
then "grep", another "grep", then a "ls", then a "cat", then another
"ls" and then a "clear". However I never executed those commands and
the real commands don't show up.

Any help? Is there any new walleye version out there?

Thanks,
James Lee

  By Date           By Thread  

Current thread:
  • walleye issue? James Lee (Feb 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]