Honeypots: Stealth VM

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Honeypots mailing list archives

Stealth VM

From: "Stuart Gilchrist-Thomas" <stuartpaulthomas () gmail com>
Date: Mon, 6 Oct 2008 08:20:09 +0100

Hi,

Does anyone have any pointers to evidence or advice on hiding or reducing the detection of VM honey pots. I know of 
temporal issues e.g. Timing metrics can give away a VM, and that you can manually alter peripheral identities e.g. 
virtual network cards etc. 
I've also created a company to purchase ip and hosting space to ensure a form of identity in depth. But I still lack 
experience in preventing detection. Can you help? Are you my only hope? ;) 

Many thanks. 

---
Sent whilst mobile.

-original message-
Subject: Re: Honeypot VMs
From: pinowudi <pinowudi () gmail com>
Date: 06/10/2008 00:13

HPC

http://www.honeyclient.org/trac

Jason Lewis wrote:

Are there any honeypot VM resources?  I've seen the SPARSA one, but the
link is dead.

jas

By Date By Thread

Current thread:

Stealth VM Stuart Gilchrist-Thomas (Oct 06)
- Re: Stealth VM Michael Bailey (Oct 06)
- Re: Stealth VM Javier Fernandez-Sanguino (Nov 06)
  - RE: Stealth VM Michael Owen (Nov 06)
    - Re: Stealth VM Stuart Thomas (Nov 07)
- <Possible follow-ups>
- Re: Stealth VM Earl (Nov 07)