[Honeywall] Sebek data from Windows does not integrate with walleye

Bjoern Weiland bjoern.weiland at rz.uni-karlsruhe.de
Wed Jun 11 09:49:18 EDT 2008


> more issues.  Could you please open a ticket for this and specify what
> version of sebek client you are using on your windows honeypot?

Done.

> Thanks for the feedback.  Please keep them comming so we can improve
> the honeywall.

Will do :)

> P.S.  Warning, since the current method to build sebek client for
> recent linux kernel versions involves disabling raw socket
> replacement, if someone breaks into your linux box they could
> potentially see windows sebek packets flying across the network.

Yes, but only if both machines have been compromised at the same time. 
Unlikely, as my windows machine is fully patched ond only for manual 
malware analysis. Thanks for the heads-up, though

  -regards, bjoern


More information about the Honeywall mailing list