Honeypots mailing list archives
sebek-3 doesn't hide sebek packets
From: jpa3nos () lab epmhs gr
Date: 15 Mar 2006 09:24:49 -0000
We have tested sebek-3 client on 3 different Linux boxes. Compilation and installation were successful but there is one problem concerning sebek operation. Although a tcpdump in promiscuous mode on each host hides the sebek packets produced by that host, it does not hide the sebek packets produced by the other hosts running sebek client on the LAN. The three Linux boxes and the sebek package on each host are: * Debian Woody 3.0 kernel 2.4.18-686 with sebek-linux-3.0.3-tar.gz * Slackware 10.0.0 kernel 2.4.18 with sebek-linux-3.0.3-tar.gz * Fedora Core 3 kernel 2.6.9 with sebek-lin26-3.1.2b.tar.gz NOTE: In the same LAN there is also a Windows XP host running sebek-3 client. Sebek on this host seems to be working correctly - sniffing traffic from that host's interface doesn't reveal the sebek packets produced by the other hosts. Could this be a bug of sebek 3 or there is something wrong with the way we compiled sebek. In all compilations the kernel sources for the corresponding kernel version were used and the compilation did not produce any errors. Also all the hosts use the same destination port and magic value in the sebek configuration.
Current thread:
- sebek-3 doesn't hide sebek packets jpa3nos (Mar 15)