Monkey.org Developments
Honeyd Mailing List: Re: Is it one way to detect honeypot?

Honeyd Resources

Main - News - Forums 
Download Releases
General Information [Mirror]
Frequently Asked Questions
Sample Configurations
Tools - Service Scripts
Blog - New
Links, Press, etc.
Mailing List Archive
Acknowledgments


Honeyd Research

Immunization Against Worms
Understanding Spam
Performance

Honeypot Resources

Honeypot Background
Honeypot Concepts

Honeypot Books


Virtual Honeypots,
Niels Provos and Thorsten Holz

Happy Hacking

Reduce wishlists
Leave a tip with PayPal

Support Honeyd

Search:
Keywords:

Search Amazon

  		 

Re: Is it one way to detect honeypot?

From: <ravivsn_at_roc.co.in>
Date: Thu, 12 Feb 2004 00:23:17 +0530 (IST)



Fred,



> Hi All,


>


>   I am running honeyd with arpd. It can answer with unused IP. However,


> when I use some programs to check the MAC address of virtual


> hosts(unused IP),  it always answer with the MAC address of honeyd


> host.


Yes, HoneyD uses the hosts MAC address.



>


>   By looking at the MAC address, all the MAC are the same! Is it one way


> to detect honeypot?


Yes, Run Hunt in the LAN, you will find the machines spoofing the MAC.


ArpWatch will help you a lot.



> Anything to hide my honeypot?


Me too dont know how to hide from LAN PCs. If the attacker is from


Internet, there is no simple way to find.


Ravi


ROCSYS technologies Ltd


http://www.rocsys.com


>


>  Thanks!


>


> Best,


> Fred


>


> 必殺技、飲歌、小星星...


> 浪漫鈴聲  情心連繫


> http://ringtone.yahoo.com.hk/


Received on Fri Feb 13 2004 - 00:36:34 PST





















Search For Information











Google








 Search WWW  Search www.honeyd.org 



















NB: This is a filtered version of the Honeypots mailing list. Only posts that concern Honeyd are shown here. For more recent discussions visit the forums.

 











Last modified: June 13 2004 02:53:28 AM


Copyright (c) 1999-2004 by Niels Provos

Don't access my pirated music.