Honeypots mailing list archives
Re: Sebek not working
From: "Mark J. Hufe" <mark.j.hufe () wilmcoll edu>
Date: Mon, 14 Aug 2006 07:49:17 -0400
Good question. When you find the answer, please let me know.I have sebek (patched) installed on SUSE 10.0 and XP SP-1. I can see the UDP messages sent from clients to server, but the TCP traffic is not recognized as sebek traffic on Walleye. However, it is from the command line on the honeywall.
That is, I ssh into my Linux honeypot, but cannot see the unencrypted keystroke data on Walleye, as shown in figure 7 of:
http://www.securityfocus.com/infocus/1855/2But I can see it on the honeywall using the command line as shown in figures 4 and 5 of:
http://www.securityfocus.com/infocus/1858I don't know if there's a problem with Walleye or maybe I just haven't figured out how to use it yet.
- Mark r00m 213 wrote:
Hi All, I have installed Honeywall Roo-189 I have installed Sebek on a windows 2003 server (unpatched) and RedHat 9 (unpatched) machine. When I do a NMap scan or epxloit them with Metaploit nothing happens. I cant see any Sebeked packets in Walleye. The RH9 machine once gave me the message that it had Sebeked packets. When is Sebek being triggered and what could be wrong? Gr. r00m 213
Current thread:
- Sebek not working r00m 213 (Aug 13)
- Re: Sebek not working Mark J. Hufe (Aug 14)
- <Possible follow-ups>
- Re: Re: Sebek not working r00m213 (Aug 16)
- Re: Sebek not working Siim Põder (Aug 16)