Honeypots
Need help with Win32 Sebek client Mar 28 2007 06:29AM
grunerap yahoo com
I'm mystified. I've tried installing the Sebek client (ver 3.0.3 and
3.0.4) on 2 different WinXP machines. Installation goes fine, but I
don't get any output. (I've tried typing into a command prompt and
opening a telnet connection.) I know that Sebek is on the PC because the
config program works fine and I can see it when I run the recovery
console. The honeywall (Roo 1.1) just doesn't receive any Sebek packets.
Sbk_extract is running on the honeywall (although sbk_upload is not).

I've also tried running sbk_extract and piping the output to
sbk_ks_log, running tcpdump, and sniffing with Wireshark. I can see other
traffic from that host, but no Sebek output.

I've configured Sebek with the IP and MAC address of my gateway (a
cheap Linksys router), and I've set up the same IP and port on the
honeywall, which is set to route and log Sebek packets. I didn't see any place
to set the magic number on the honeywall, so I guess that's not
required.

Any ideas? Have I just not done anything that would trigger it to
phone home?

TIA

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus