Stuart Gilchrist-Thomas dijo:
> Hi,
>
> Does anyone have any pointers to evidence or advice on hiding or
> reducing the detection of VM honey pots. I know of temporal issues
> e.g. Timing metrics can give away a VM, and that you can manually
> alter peripheral identities e.g. virtual network cards etc. I've also
> created a company to purchase ip and hosting space to ensure a form
> of identity in depth. But I still lack experience in preventing
> detection. Can you help? Are you my only hope? ;)
Why hide the fact that the honeypot is running on VM? After all, many
environments in production (@datacenters) are running over VM. Those
intruders that think that VM == honeypot will change their mindset soon.
> Hi,
>
> Does anyone have any pointers to evidence or advice on hiding or
> reducing the detection of VM honey pots. I know of temporal issues
> e.g. Timing metrics can give away a VM, and that you can manually
> alter peripheral identities e.g. virtual network cards etc. I've also
> created a company to purchase ip and hosting space to ensure a form
> of identity in depth. But I still lack experience in preventing
> detection. Can you help? Are you my only hope? ;)
Why hide the fact that the honeypot is running on VM? After all, many
environments in production (@datacenters) are running over VM. Those
intruders that think that VM == honeypot will change their mindset soon.
Regards
Javier
[ reply ]