Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

honeypots logo Honeypots mailing list archives

RE: Problem with Sebek client 3.0.4 and 3.0.3 for Windows
From: "Michael A. Davis" <mike () datanerds net>
Date: Fri, 13 Oct 2006 22:22:22 -0500
How are you causing the windows machine to generate sebek packets? Using
console (e.g, cmd.exe) to execute a command?

Thanks,
Michael A. Davis
Chief Executive Officer
Savid Technologies, Inc.
Main: 708.243.2850
http://www.savidtech.com

This email may contain confidential and privileged information for the sole
use of the intended recipient. Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please contact
the sender and delete all copies of this message. 


-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of mng3 () libero it
Sent: Friday, October 13, 2006 5:39 PM
To: honeypot honeypot
Subject: Problem with Sebek client 3.0.4 and 3.0.3 for Windows

Hi all,
I have a problem with Sebek client for Windows version 3.0.4 
and 3.0.3.
I use Roo hw1.0-189 and the (virtual) honeypot is WinXP Pro 
sp2, executed with VMware Player (Host OS: WinXP home sp2).

I installed and configured Sebek client on my honeypot, but 
when I restarted it, the machine shown me a BSOD and, after a 
while, it tried to restart itself , but unsuccessful.

So, I restored the latest working configuration of WinXP, and 
this solved the problem: WinXP started correctly.
However, Sebek client didn't do his job: it didn't send any packet.

Afterward I tried to configure Sebek again, using the 
"Configuration Wizard" and this time WinXP didn't show any 
problem. However, Sebek client still don't work.

I have used both tcpdump and sbk_extract to check the 
existence of Sebek packets, but I did't find any.

Furthermore I have connected the honeypot with another 
machine in which there is Ethereal,but the result was the same.

This happen with both version 3.0.4 and version 3.0.3 (of 
course, I configured the Honeywall correctly).

I will be grateful to everyone that will help me.
Thanks.

Sam

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]