Honeypots
Re: Stealth VM Nov 07 2008 01:38AM
Earl (esammons hush com) (1 replies)
Had a conversation about this at lunch today where I informed
someone that the joke about "Security by the obscurity of running
in a VM" days are likely either already over or about to be over.

Anyone have any stats or even an educated guess about whether or
not bad guys still care if they are in a virtualized env before
they take a box?

Earl

On Thu, 06 Nov 2008 07:19:07 -0500 Javier Fernandez-Sanguino
<jfernandez (at) germinus (dot) com [email concealed]> wrote:
>Stuart Gilchrist-Thomas dijo:
>> Hi,
>>
>> Does anyone have any pointers to evidence or advice on hiding or
>> reducing the detection of VM honey pots. I know of temporal
>issues
>> e.g. Timing metrics can give away a VM, and that you can
>manually
>> alter peripheral identities e.g. virtual network cards etc. I've
>also
>> created a company to purchase ip and hosting space to ensure a
>form
>> of identity in depth. But I still lack experience in preventing
>> detection. Can you help? Are you my only hope? ;)
>
>Why hide the fact that the honeypot is running on VM? After all,
>many
>environments in production (@datacenters) are running over VM.
>Those
>intruders that think that VM == honeypot will change their mindset
>soon.
>
>Regards
>
>Javier

[ reply ]
Re: Stealth VM Nov 07 2008 02:53PM
Robert Sandilands (rsandilands authentium com) (1 replies)
Re: Stealth VM Nov 08 2008 07:49AM
Thorsten Holz (thorsten holz gmail com) (1 replies)
Re: Stealth VM Nov 10 2008 03:33PM
Robert Sandilands (rsandilands authentium com) (1 replies)
Re: Stealth VM Nov 10 2008 09:09PM
Thorsten Holz (thorsten holz gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus