Hey all,

I'm trying to correlate data in sys_read with the ip address that the
data came from. That is, if I ssh in to a honeypot from 10.11.12.13
and type "WHERE DID THIS COME FROM" I get something like this in my
sys_read:

mysql> select sensor_id, sys_read_id, process_id, data from sys_read wh

[ more ]  [ reply ]

Hi,

I am new to Honeypot technology. After reading through honeypot related
literature, I wanted to try some hands-on. I decided to try out honeyd
for Windows. The papers suggested that honeyd for windows can be
downloaded from http://www.securityprofiling.com/honeyd/honeyd.shtml

However this link

[ more ]  [ reply ]

Hi All,

I did not read that well.

It says:

Please keep in mind that the linux client is a kernel module, and unless you install it from a startup script, upon a reboot sebek will no longer be installed.

How do I install it from a startup script, without anybody seeing where the modules are.

[ more ]  [ reply ]

Hi All,

I have installed Honeywall Roo-189
I have installed Sebek on a windows 2003 server (unpatched) and RedHat 9
(unpatched) machine.
When I do a NMap scan or epxloit them with Metaploit nothing happens. I cant
see any Sebeked packets in Walleye.
The RH9 machine once gave me the message that it

[ more ]  [ reply ]

Hi All,

Can somebody point me in the right direction on how to create honeypots .

I have read the online manual of roo from honeynet.org which gives
information only about honeywalls .

Kindly excuse my newbie question as am just learning these things .

Thanks in advance for the replies

-Deva

[ more ]  [ reply ]

Alen,

Thanks for the feedback!

I thought there might be a compiler fix, either a flag or version, but
went the code fixing route. It turns out that the problem was known and
that there was a fix. It just wasn't in the distribution, yet.

I checked this morning and the fix is there. As an FYI, h

[ more ]  [ reply ]

My bad, this turned out to be "something else". Sorry for the
traffic, nevermind. Looks like the 'to_be_deleted' columns are
unused...

-troy

On Sat, Aug 05, 2006 at 07:34:32AM -0400, troy d. straszheim wrote:
>
> Hi all,
>
> Do sebekd/walleye ever delete entries from
> sys_read/process_tree/c

[ more ]  [ reply ]

Dear colleague,

As you may know, in conjunction with the "Second International
Conference on Availability, Reliability and Security (AReS) - ARES
2007 conference, a number of workshops will be organised.

It is my pleasure to invite you to submit workshop proposals. Workshop
proposals should includ

[ more ]  [ reply ]

I'm trying to install a Sebek client onto a SUSE 10.0 honeypot, but it's
failing the make. This is with the gcc 4.01 compiler. I tried
configuring first with the patched af_packet.c and then again by just
copying af_packet.c from the linux source into the sebek path (after
config) and still get

[ more ]  [ reply ]

Hi thanks for all your help I have sucessfully connected.

If anyone would like to know how here is what I have done.

1. edit file /etc/hflowd/my.cnf to be as follows:

#bin-log

skip-name-resolve

datadir=/var/lib/mysql

set-variable=key_buffer_size=256M

set-variable=table_cache=256

set-va

[ more ]  [ reply ]

I have the same issues as you. Do you have any fix to solve this situation?

[ more ]  [ reply ]

Hi,

I would like to log into the walleye database remotely to extract its data.

When checking if the mysql port (3306) is open with nmap it sayes the port is filtered. If I then allow the port by adding it to the list of allowed TCP ports Nmap syaes the port is closed.

How do I open the po

[ more ]  [ reply ]