RE: How Would I Find the Actual Name of the Honeypot Software via a Pen

To:	'TStark' <stark.ironman@gmail.com>, 'pen-test' <pen-test@securityfocus.com>
Subject:	RE: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?
From:	Jeremiah Brott <jeremiah@access2networks.com>
Date:	Thu, 21 Jun 2007 15:14:00 -0400
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
Organization:	Access2Networks
Resent-date:	Thu, 21 Jun 2007 17:34:49 -0600 (MDT)
Resent-from:	pen-test-return-1078484428@securityfocus.com
Resent-message-id:	<20070621233449.4C8CA143AC1@outgoing2.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com

There was a paper written awhile back about detecting honeyd via packet 
fragmentation. Link below:

http://www.merit.edu/networkresearch/papers/pdf/2006/MTR-2006-01.pdf

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On 
Behalf Of TStark
Sent: Tuesday, June 19, 2007 2:10 PM
To: pen-test
Subject: How Would I Find the Actual Name of the Honeypot Software via a Pen 
Test?

Good afternoon,

I'm doing a pen test a new IPS appliance from outside the network,
while working through the assessment I found that the server
designated as my target was a honeypot set up by our server team
rather than a normal server.

I've now been challenged to now tell them the actual name of the
honeypot software they are using.

So with that, I figure I'd ask the pros, hoping that someone has a
suggestion other than me low crawling under the raised floor in the
server room looking for the host server:P

Thanks for the help!

Tony

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
How Would I Find the Actual Name of the Honeypot Software via a Pen Test?, TStark RE: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?, Paul Melson Re: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?, Dragos Ruiu Re: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?, StaticRez RE: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?, ep Re: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?, Jay RE: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?, Michael Scheidell RE: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?, Jeremiah Brott <=

Previous by Date:	Re: Strange ports, R. DuFresne
Next by Date:	RE: Safe keeping super-user / root IDs, Clemens, Dan
Previous by Thread:	RE: How Would I Find the Actual Name of the Honeypot Software via a Pen Test?, Michael Scheidell
Next by Thread:	Pen testing / Vuln Assessment from Cable Modem - question on service provider selection, Tommy May
Indexes:	[Date] [Thread] [Top] [All Lists]