rstack.org/tools/vmpatch.c
Good info on detecting honeypots www.securityfocus.com/infocus/1826
Gray Hat Hacking: The Ethical Hacker??™s Handbook
508
Virtual Machine Detection www.sans.org/webcasts/show.php?webcastid=90652
VmDetect tool www.codeproject.com/system/VmDetect.asp
VM Detection http://handlers.sans.org/tliston/ThwartingVMDetection_Liston_Skoudis.pdf
Catching Malware: Setting the Trap
In this section, we will set up a safe test environment and go about catching some
malware. We will run VMware on our host machine and launch Nepenthes in a virtual
Linux machine to catch some malware. To get traffic to our honeypot, we need to open
our firewall or inmy case, to set the IP of the honeypot as theDMZhost onmy firewall.
VMware Host Setup
For this test, we will use VMware on our host and set our trap using this simple
configuration:
CAUTION There is a small risk in running this setup;we are now trusting this
honeypot within our network. Actually,we are trusting the Nepenthes
program to not have any vulnerabilities that can allow the attacker to gain
access to the underlying system. If this happens, the attacker can then attack
the rest of our network. If you are uncomfortable with that risk, then set up a honeywall.
Pages:
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886