On Mon, 4 Nov 2002, Bruno MAC Castro wrote:
>
> Thanks Bill,
>
> I agree with you in everything... But, it would improve the concept of a
> Honeypot if the trace of a virtual machine (VMWare) was hard (or
> impossible) to find. My goal is to reach a stage where there is no
> visible VMWare process in my honeypot. I also know that it is almost
> impossible to reach it, but we need high goals to keep us working...
> right?
> ;-)
>
There arent any vmware processes running per se in the honeypot the
problem is that many OSs recognize the disk as of vmware type, and
the same for the ethernet and other such devices. Regarding the MAC
address that is configuratable so its no issue.
Also dont install the vmware-tools on the guest.
> For a start, I would be happy with a solution (maybe a tool) that hides
> or "camouflage" the VMWare process from the OS Process List.
>
> Any ideas?
> Regards
> Bruno
> ______________________________________
> Bruno Miguel Abrantes de Campos e Castro
> Mail To:
> bcastro_at_portugalmail.pt
> bcastro_at_dei.uc.pt
> ______________________________________
Received on Nov 04 2002
Intro
