Honeypots
Stealth VM Oct 06 2008 07:20AM
Stuart Gilchrist-Thomas (stuartpaulthomas gmail com) (3 replies)
Re: Stealth VM Apr 06 2009 09:44AM
Dante Signal31 (dante signal31 gmail com)
2008/10/6 Stuart Gilchrist-Thomas <stuartpaulthomas (at) gmail (dot) com [email concealed]>:
> Hi,
>
> Does anyone have any pointers to evidence or advice on hiding or reducing the detection of VM honey pots. I know of temporal issues e.g. Timing metrics can give away a VM, and that you can manually alter peripheral identities e.g. virtual network cards etc.
> I've also created a company to purchase ip and hosting space to ensure a form of identity in depth. But I still lack experience in preventing detection. Can you help? Are you my only hope? ;)
>
> Many thanks.
>
> ---
> Sent whilst mobile.
>
> -original message-
> Subject: Re: Honeypot VMs
> From: pinowudi <pinowudi (at) gmail (dot) com [email concealed]>
> Date: 06/10/2008 00:13
>
> HPC
>
> http://www.honeyclient.org/trac
>
> Jason Lewis wrote:
>> Are there any honeypot VM resources?  I've seen the SPARSA one, but the
>> link is dead.
>>
>> jas
>>
>
>

Hi Stuart,

last year I wrote on my blog an article about VM detection. It's in
spanish... but shell commands are an universal language ;-)

http://danteslab.blogspot.com/2008/03/deteccin-de-mquinas-virtuales.html

I hope you like it.

Regards,

--
Dante
(http://danteslab.blogspot.com/)

[ reply ]
Re: Stealth VM Nov 06 2008 12:19PM
Javier Fernandez-Sanguino (jfernandez germinus com) (1 replies)
RE: Stealth VM Nov 06 2008 09:54PM
Michael Owen (mowen costco com) (1 replies)
Re: Stealth VM Nov 07 2008 06:28AM
Stuart Thomas (stuartpaulthomas gmail com)
Re: Stealth VM Oct 06 2008 11:52AM
Michael Bailey (mibailey eecs umich edu)


 

Privacy Statement
Copyright 2010, SecurityFocus