[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-ids
Subject:    Honeypotting with VMware - basics
From:       "Kurt Seifried" <bugtraq () seifried ! org>
Date:       2002-01-07 22:50:12
[Download RAW message or body]

First in a series of articles on Honeypotting. From the article:

Honeypots are becoming more common as security professionals attempt to
conduct more detailed research on current "state of the art" practices among
attackers. Honeypots are also invaluable for learning about an attackers
motivations, their habits and patterns of behavior. Unfortunately setting up
a proper honeypot is a non-trivial task, and correctly configuring network
sensors to capture all data, as well as the resulting forensics tasks can be
rather daunting. The good news is that there are a number of tools and
techniques that can make life much easier for some honeypot administrators.

What is VMware?
Virtual disks vs. raw disk partitions
Forensics preparation
Examining data in memory
    Encouraging data to the hard disk
    Suspending the OS
Identifying VMware systems
    VMware tools
    AMD 1 gigahertz with 32 megabytes of ram?
    Computer BIOS
Potential legal pitfalls
Summary

http://www.seifried.org/security/ids/20020107-honeypot-vmware-basics.html

Enjoy.

Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://www.seifried.org/security/

[prev in list] [next in list] [prev in thread] [next in thread]