Back to list
RE: Problem with Sebek client 3.0.4 and 3.0.3 for Windows
Oct 15 2006 09:35AM
mng3 (at) libero (dot) it [email concealed] (mng3 libero it)
I tried both to execute commands with the console and establish a connection with telnet from another machine towards port 80 of the honeypot (in the honeypot there is IIS 5.1).
(Sorry if you received more than 1 copy of this message)
> How are you causing the windows machine to generate sebek packets? Using
> console (e.g, cmd.exe) to execute a command?
> Michael A. Davis
> Chief Executive Officer
> Savid Technologies, Inc.
> Main: 708.243.2850
> This email may contain confidential and privileged information for the sole
> use of the intended recipient. Any review or distribution by others is
> strictly prohibited. If you are not the intended recipient, please contact
> the sender and delete all copies of this message.
> > -----Original Message-----
> > From: listbounce (at) securityfocus (dot) com [email concealed]
> > [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of mng3 (at) libero (dot) it [email concealed]
> > Sent: Friday, October 13, 2006 5:39 PM
> > To: honeypot honeypot
> > Subject: Problem with Sebek client 3.0.4 and 3.0.3 for Windows
> > Hi all,
> > I have a problem with Sebek client for Windows version 3.0.4
> > and 3.0.3.
> > I use Roo hw1.0-189 and the (virtual) honeypot is WinXP Pro
> > sp2, executed with VMware Player (Host OS: WinXP home sp2).
> > I installed and configured Sebek client on my honeypot, but
> > when I restarted it, the machine shown me a BSOD and, after a
> > while, it tried to restart itself , but unsuccessful.
> > So, I restored the latest working configuration of WinXP, and
> > this solved the problem: WinXP started correctly.
> > However, Sebek client didn't do his job: it didn't send any packet.
> > Afterward I tried to configure Sebek again, using the
> > "Configuration Wizard" and this time WinXP didn't show any
> > problem. However, Sebek client still don't work.
> > I have used both tcpdump and sbk_extract to check the
> > existence of Sebek packets, but I did't find any.
> > Furthermore I have connected the honeypot with another
> > machine in which there is Ethereal,but the result was the same.
> > This happen with both version 3.0.4 and version 3.0.3 (of
> > course, I configured the Honeywall correctly).
> > I will be grateful to everyone that will help me.
> > Thanks.
> > Sam
[ reply ]
Copyright 2010, SecurityFocus