Back to list
Problem with Sebek client 3.0.4 and 3.0.3 for Windows
Oct 13 2006 10:39PM
email@example.com (mng3 libero it)
RE: Problem with Sebek client 3.0.4 and 3.0.3 for Windows
Oct 14 2006 03:22AM
Michael A. Davis (mike datanerds net)
How are you causing the windows machine to generate sebek packets? Using
console (e.g, cmd.exe) to execute a command?
Michael A. Davis
Chief Executive Officer
Savid Technologies, Inc.
This email may contain confidential and privileged information for the sole
use of the intended recipient. Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please contact
the sender and delete all copies of this message.
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed]
> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of mng3 (at) libero (dot) it [email concealed]
> Sent: Friday, October 13, 2006 5:39 PM
> To: honeypot honeypot
> Subject: Problem with Sebek client 3.0.4 and 3.0.3 for Windows
> Hi all,
> I have a problem with Sebek client for Windows version 3.0.4
> and 3.0.3.
> I use Roo hw1.0-189 and the (virtual) honeypot is WinXP Pro
> sp2, executed with VMware Player (Host OS: WinXP home sp2).
> I installed and configured Sebek client on my honeypot, but
> when I restarted it, the machine shown me a BSOD and, after a
> while, it tried to restart itself , but unsuccessful.
> So, I restored the latest working configuration of WinXP, and
> this solved the problem: WinXP started correctly.
> However, Sebek client didn't do his job: it didn't send any packet.
> Afterward I tried to configure Sebek again, using the
> "Configuration Wizard" and this time WinXP didn't show any
> problem. However, Sebek client still don't work.
> I have used both tcpdump and sbk_extract to check the
> existence of Sebek packets, but I did't find any.
> Furthermore I have connected the honeypot with another
> machine in which there is Ethereal,but the result was the same.
> This happen with both version 3.0.4 and version 3.0.3 (of
> course, I configured the Honeywall correctly).
> I will be grateful to everyone that will help me.
[ reply ]
Copyright 2010, SecurityFocus