From: Dragos Ruiu (dr@kyx.net)
Date: Wed Jun 20 2007 - 15:55:02 EDT
guess honeyd :)
cheers,
--dr
On Wednesday 20 June 2007 07:49, Paul Melson wrote:
> > I'm doing a pen test a new IPS appliance from outside the network, while
>
> working through the assessment
>
> > I found that the server designated as my target was a honeypot set up by
>
> our server team rather than a
>
> > normal server.
> >
> > I've now been challenged to now tell them the actual name of the honeypot
>
> software they are using.
>
>
> The blue ribbon here is to find a vuln in the honeypot itself and break out
> into the host OS. But that may not be very realistic.
>
> You could try fingerprinting the OS and services that it is imitating and
> compare that list to which honeypots imitate what. But that's kind of a
> shot in the dark, and if it's imitating only IIS on Windows, well, then,
> that's not going to cut it.
>
> Have you considered bribing one of the NOC guys to let you in or just tell
> you what they're using? :)
>
> PaulM
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic
> See HOW Now with our 20/20 program!
>
> http://www.cenzic.com/c/2020
> ------------------------------------------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:53 EDT