How are you causing the windows machine to generate sebek packets? Using
console (e.g, cmd.exe) to execute a command?
Thanks,
Michael A. Davis
Chief Executive Officer
Savid Technologies, Inc.
Main: 708.243.2850
http://www.savidtech.com
This email may contain confidential and privileged information for the sole
use of the intended recipient. Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please contact
the sender and delete all copies of this message.
> -----Original Message-----
> From: listbounce_at_securityfocus.com
> [mailto:listbounce_at_securityfocus.com] On Behalf Of mng3_at_libero.it
> Sent: Friday, October 13, 2006 5:39 PM
> To: honeypot honeypot
> Subject: Problem with Sebek client 3.0.4 and 3.0.3 for Windows
>
> Hi all,
> I have a problem with Sebek client for Windows version 3.0.4
> and 3.0.3.
> I use Roo hw1.0-189 and the (virtual) honeypot is WinXP Pro
> sp2, executed with VMware Player (Host OS: WinXP home sp2).
>
> I installed and configured Sebek client on my honeypot, but
> when I restarted it, the machine shown me a BSOD and, after a
> while, it tried to restart itself , but unsuccessful.
>
> So, I restored the latest working configuration of WinXP, and
> this solved the problem: WinXP started correctly.
> However, Sebek client didn't do his job: it didn't send any packet.
>
> Afterward I tried to configure Sebek again, using the
> "Configuration Wizard" and this time WinXP didn't show any
> problem. However, Sebek client still don't work.
>
> I have used both tcpdump and sbk_extract to check the
> existence of Sebek packets, but I did't find any.
>
> Furthermore I have connected the honeypot with another
> machine in which there is Ethereal,but the result was the same.
>
> This happen with both version 3.0.4 and version 3.0.3 (of
> course, I configured the Honeywall correctly).
>
> I will be grateful to everyone that will help me.
> Thanks.
>
> Sam
>
>
>
Received on Oct 14 2006
Intro
