Honeypots mailing list archives

RE: Windows SEBEK 3.0.3 Issues

From: "Castigliola, Angelo" <ACastigliola () unumprovident com>
Date: Mon, 7 Nov 2005 09:28:58 -0500

I have also experience this problem after installing Sebek on Windows
2003. The system was unusable. I downgraded my Windows honeypot to
Windows 2000 due to the lack of known remote exploits for Windows 2003,
thus never resolving the problem for Sebek on Windows 2003. 

I probably will install Sebek on my Windows 2000 honeypot depending on
the feed back from the list. I'm a little nervous to install it on a new
Windows honeypot recently deployed due to my past experience.

Angelo Castigliola III
Enterprise Security Architecture
UnumProvident

-----Original Message-----
From: Michael A. Davis [mailto:mike () datanerds net] 
Sent: Friday, November 04, 2005 5:59 PM
To: 'rick odphi'; honeypots () securityfocus com
Subject: RE: Windows SEBEK 3.0.3 Issues

I was on vacation and unable to send out the fix before I left. It will
be
out shortly.

The services.exe process is never touched with sebek so I have no clue
what
could be happening. If you can contact me offlist I can send you a debug
binary you can use with the kernel debugger to see what is going on.

Thanks,
Michael A. Davis
Chief Executive Officer
Savid Technologies, Inc.
Main: 708.243.2850
http://www.savidtech.com

This email may contain confidential and privileged information for the
sole
use of the intended recipient. Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please
contact
the sender and delete all copies of this message.

-----Original Message-----
From: rick odphi [mailto:rickodphi () gmail com] 
Sent: Friday, November 04, 2005 12:17 PM
To: honeypots () securityfocus com
Subject: Windows SEBEK 3.0.3 Issues

I installed SEBEK on Windows XP.  Soon after when I rebooted 
the machine quickly locked up and the "Services" process ran 
up to 100% utilization and took 400,000K of memory.  The 
system became unusable.  I was running a Vanilla install of 
Windows XP.  

Are other people having the same problem?  

Also has there been a fix for the earlier post regarding the 
Malformed SEBEK packets sent out earlier this month?

Thanks
Rick,

Current thread:

Windows SEBEK 3.0.3 Issues rick odphi (Nov 04)
- RE: Windows SEBEK 3.0.3 Issues Michael A. Davis (Nov 04)
- <Possible follow-ups>
- RE: Windows SEBEK 3.0.3 Issues Castigliola, Angelo (Nov 07)
  - RE: Windows SEBEK 3.0.3 Issues Michael A. Davis (Nov 07)