Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Building an Honeypot using VMWare

From: Edward Balas <ebalas () iu edu>
Date: Mon, 4 Nov 2002 14:02:07 -0500 (EST)
On Mon, 4 Nov 2002, Bruno MAC Castro wrote:



Thanks Bill,

I agree with you in everything... But, it would improve the concept of a
Honeypot if the trace of a virtual machine (VMWare) was hard (or
impossible) to find. My goal is to reach a stage where there is no
visible VMWare process in my honeypot. I also know that it is almost
impossible to reach it, but we need high goals to keep us working...
right?
;-)


There arent any vmware processes running per se in the honeypot the 
problem is that many OSs recognize the disk as of vmware type, and
the same for the ethernet and other such devices.  Regarding the MAC 
address that is configuratable so its no issue.
 
Also dont install the vmware-tools on the guest.


For a start, I would be happy with a solution (maybe a tool) that hides
or "camouflage" the VMWare process from the OS Process List.

Any ideas?
Regards
Bruno
______________________________________
Bruno Miguel Abrantes de Campos e Castro
Mail To:
bcastro () portugalmail pt
bcastro () dei uc pt
______________________________________
Previous By Date Next
Previous By Thread Next

Current thread: