Honeypotting with VMware - basics
From: Kurt Seifried (bugtraq@seifried.org)Date: 01/07/02
- Previous message: Chmielarski TOM-ATC090: "RE: Change control features in IDS products?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Kurt Seifried" <bugtraq@seifried.org> To: <focus-ids@securityfocus.com> Date: Mon, 7 Jan 2002 15:50:12 -0700
First in a series of articles on Honeypotting. From the article:
Honeypots are becoming more common as security professionals attempt to
conduct more detailed research on current "state of the art" practices among
attackers. Honeypots are also invaluable for learning about an attackers
motivations, their habits and patterns of behavior. Unfortunately setting up
a proper honeypot is a non-trivial task, and correctly configuring network
sensors to capture all data, as well as the resulting forensics tasks can be
rather daunting. The good news is that there are a number of tools and
techniques that can make life much easier for some honeypot administrators.
What is VMware?
Virtual disks vs. raw disk partitions
Forensics preparation
Examining data in memory
Encouraging data to the hard disk
Suspending the OS
Identifying VMware systems
VMware tools
AMD 1 gigahertz with 32 megabytes of ram?
Computer BIOS
Potential legal pitfalls
Summary
http://www.seifried.org/security/ids/20020107-honeypot-vmware-basics.html
Enjoy.
Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://www.seifried.org/security/
- Previous message: Chmielarski TOM-ATC090: "RE: Change control features in IDS products?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
