pen-test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: How Would I Find the Actual Name of the Honeypot Software via a Pen

from [Dragos Ruiu] [Permanent Link][Original]
To: pen-test@securityfocus.com
Subject: Re: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?
From: Dragos Ruiu <dr@kyx.net>
Date: Wed, 20 Jun 2007 12:55:02 -0700
Cc: "Paul Melson" <pmelson@gmail.com>, "'TStark'" <stark.ironman@gmail.com>
Delivered-to: sp-com-lists@consult.net
Delivered-to: pentest-list2@consult.net
Delivered-to: mailing list pen-test@securityfocus.com
Delivered-to: moderator for pen-test@securityfocus.com
In-reply-to: <006c01c7b34a$30795bc0$0202fea9@ad.priorityhealth.com>
List-help: <mailto:pen-test-help@securityfocus.com>
List-id: <pen-test.list-id.securityfocus.com>
List-post: <mailto:pen-test@securityfocus.com>
List-subscribe: <mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe: <mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list: contact pen-test-help@securityfocus.com; run by ezmlm
Organization: All Terrain Ninjas
References: <34f9dcae0706191109nd142932v5c7971fc1b32b926@mail.gmail.com> <006c01c7b34a$30795bc0$0202fea9@ad.priorityhealth.com>
Resent-date: Wed, 20 Jun 2007 13:00:04 -0600 (MDT)
Resent-from: pen-test-return-1078484419@securityfocus.com
Resent-message-id: <20070620190004.07AC9237205@outgoing3.securityfocus.com>
Resent-sender: listbounce@securityfocus.com
Sender: listbounce@securityfocus.com
User-agent: KMail/1.9.1 
guess honeyd :)

cheers,
--dr

On Wednesday 20 June 2007 07:49, Paul Melson wrote:
> > I'm doing a pen test a new IPS appliance from outside the network, while
>
> working through the assessment
>
> > I found that the server designated as my target was a honeypot set up by
>
> our server team rather than a
>
> > normal server.
> >
> > I've now been challenged to now tell them the actual name of the honeypot
>
> software they are using.
>
>
> The blue ribbon here is to find a vuln in the honeypot itself and break out
> into the host OS.  But that may not be very realistic.
>
> You could try fingerprinting the OS and services that it is imitating and
> compare that list to which honeypots imitate what.  But that's kind of a
> shot in the dark, and if it's imitating only IIS on Windows, well, then,
> that's not going to cut it.
>
> Have you considered bribing one of the NOC guys to let you in or just tell
> you what they're using? :)
>
> PaulM
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic
> See HOW Now with our 20/20 program!
>
> http://www.cenzic.com/c/2020
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?, Jay
Next by Date:  Paper - Audit Taxonomy, cwright
Previous by Thread:  RE: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?, Paul Melson
Next by Thread:  Re: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?, StaticRez
Indexes:  [Date] [Thread] [Top] [All Lists]