Honeypots Mode:
(Page 14 of 109)  < Prev  9 10 11 12 13 14 15 16 17 18 19  Next >
correlating sys_read data to "source" ip 2006-08-17
troy d. straszheim (troy resophonic com)

Hey all,

I'm trying to correlate data in sys_read with the ip address that the
data came from. That is, if I ssh in to a honeypot from 10.11.12.13
and type "WHERE DID THIS COME FROM" I get something like this in my
sys_read:

mysql> select sensor_id, sys_read_id, process_id, data from sys_read wh

[ more ]  [ reply ]
Honeyd for Windows 2006-08-17
Biju Thomas (biju thomas m gmail com) (2 replies)
Hi,

I am new to Honeypot technology. After reading through honeypot related
literature, I wanted to try some hands-on. I decided to try out honeyd
for Windows. The papers suggested that honeyd for windows can be
downloaded from http://www.securityprofiling.com/honeyd/honeyd.shtml

However this link

[ more ]  [ reply ]
Re: Honeyd for Windows 2006-08-17
David Watson (david honeynet org uk)
Re: Honeyd for Windows 2006-08-17
Thorsten Holz (thorsten holz gmail com)
Re: Re: Sebek not working 2006-08-16
r00m213 gmail com (1 replies)
Hi All,

I did not read that well.

It says:

Please keep in mind that the linux client is a kernel module, and unless you install it from a startup script, upon a reboot sebek will no longer be installed.

How do I install it from a startup script, without anybody seeing where the modules are.

[ more ]  [ reply ]
Re: Sebek not working 2006-08-16
Siim Põder (siim poder_1398 eesti ee)
Sebek not working 2006-08-13
r00m 213 (r00m213 gmail com) (1 replies)

Hi All,

I have installed Honeywall Roo-189
I have installed Sebek on a windows 2003 server (unpatched) and RedHat 9
(unpatched) machine.
When I do a NMap scan or epxloit them with Metaploit nothing happens. I cant
see any Sebeked packets in Walleye.
The RH9 machine once gave me the message that it

[ more ]  [ reply ]
Re: Sebek not working 2006-08-14
Mark J. Hufe (mark j hufe wilmcoll edu)
Honey Pot Creation 2006-08-13
Dev Anand (deva security gmail com) (3 replies)
Hi All,

Can somebody point me in the right direction on how to create honeypots .

I have read the online manual of roo from honeynet.org which gives
information only about honeywalls .

Kindly excuse my newbie question as am just learning these things .

Thanks in advance for the replies

-Deva

[ more ]  [ reply ]
Re: Honey Pot Creation 2006-08-14
Hugo Francisco González Robledo (hugo gonzalez itslp edu mx)
Re: Honey Pot Creation 2006-08-14
Brad Rubin (bsrubin stthomas edu) (2 replies)
Using Hflow separetly from HoneyWall (roo)? 2006-08-14
Göran Sandahl (goran gsandahl net)
Re: Honey Pot Creation 2006-08-14
Jamie Riden (jamesr europe com) (1 replies)
Re: Honey Pot Creation 2006-08-15
Dev Anand (deva security gmail com)
Re: Honey Pot Creation 2006-08-14
Alice Bryson abryson (at) bytefocus (dot) com [email concealed] (abryson bytefocus com)
Re: Problems building Sebek 2006-08-11
Mark J. Hufe (mark j hufe wilmcoll edu)
Alen,

Thanks for the feedback!

I thought there might be a compiler fix, either a flag or version, but
went the code fixing route. It turns out that the problem was known and
that there was a fix. It just wasn't in the distribution, yet.

I checked this morning and the fix is there. As an FYI, h

[ more ]  [ reply ]
Re: sys_read.to_be_deleted, process_tree.to_be_deleted... 2006-08-07
troy d. straszheim (troy resophonic com)

My bad, this turned out to be "something else". Sorry for the
traffic, nevermind. Looks like the 'to_be_deleted' columns are
unused...

-troy

On Sat, Aug 05, 2006 at 07:34:32AM -0400, troy d. straszheim wrote:
>
> Hi all,
>
> Do sebekd/walleye ever delete entries from
> sys_read/process_tree/c

[ more ]  [ reply ]
ARES 2007: Call for workshop proposals, deadline Sept 10, 2006 2006-08-03
Manh Tho (manhthovn gmail com)
Dear colleague,

As you may know, in conjunction with the "Second International
Conference on Availability, Reliability and Security (AReS) - ARES
2007 conference, a number of workshops will be organised.

It is my pleasure to invite you to submit workshop proposals. Workshop
proposals should includ

[ more ]  [ reply ]
Problems building Sebek 2006-07-25
Mark J. Hufe (mark j hufe wilmcoll edu) (2 replies)
I'm trying to install a Sebek client onto a SUSE 10.0 honeypot, but it's
failing the make. This is with the gcc 4.01 compiler. I tried
configuring first with the patched af_packet.c and then again by just
copying af_packet.c from the linux source into the sebek path (after
config) and still get

[ more ]  [ reply ]
Re: Problems building Sebek 2006-08-11
Alen Capalik (sec wiretap net)
Re: Problems building Sebek 2006-07-30
Andreas Derdemezis (ader ait edu gr)
Re: remote mysql login 2006-07-12
davidhawksuk yahoo co uk
Hi thanks for all your help I have sucessfully connected.

If anyone would like to know how here is what I have done.

1. edit file /etc/hflowd/my.cnf to be as follows:

#bin-log

skip-name-resolve

datadir=/var/lib/mysql

set-variable=key_buffer_size=256M

set-variable=table_cache=256

set-va

[ more ]  [ reply ]
Re: Unusually problems with honeywall 2006-07-10
wleung securesa com
I have the same issues as you. Do you have any fix to solve this situation?

[ more ]  [ reply ]
remote mysql login 2006-07-10
davidhawksuk yahoo co uk (1 replies)
Hi,

I would like to log into the walleye database remotely to extract its data.

When checking if the mysql port (3306) is open with nmap it sayes the port is filtered. If I then allow the port by adding it to the list of allowed TCP ports Nmap syaes the port is closed.

How do I open the po

[ more ]  [ reply ]
Re: remote mysql login 2006-07-11
Siim Põder (siim poder_1398 eesti ee)
(Page 14 of 109)  < Prev  9 10 11 12 13 14 15 16 17 18 19  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus