|
Honeypots
mailing list archives
Re: Stealth VM
From: Javier Fernandez-Sanguino <jfernandez () germinus com>
Date: Thu, 06 Nov 2008 13:19:07 +0100
Stuart Gilchrist-Thomas dijo:
Hi,
Does anyone have any pointers to evidence or advice on hiding or
reducing the detection of VM honey pots. I know of temporal issues
e.g. Timing metrics can give away a VM, and that you can manually
alter peripheral identities e.g. virtual network cards etc. I've also
created a company to purchase ip and hosting space to ensure a form
of identity in depth. But I still lack experience in preventing
detection. Can you help? Are you my only hope? ;)
Why hide the fact that the honeypot is running on VM? After all, many
environments in production (@datacenters) are running over VM. Those
intruders that think that VM == honeypot will change their mindset soon.
Regards
Javier
 By Date 
By Thread
Current thread:
- Stealth VM Stuart Gilchrist-Thomas (Oct 06)
- Re: Stealth VM Michael Bailey (Oct 06)
- Re: Stealth VM Javier Fernandez-Sanguino (Nov 06)
| 
Intro
