Home > Software > Linux



Sebek client for OpenBSD study

Sort Desciption:

This is a fast study of the Sebek official client for OpenBSD (public release ... Although this version is a public and official release the SebekOpenBSD ...



Content Inside:

Sebek client for OpenBSD studyPage 1Official Sebek 2 client for OpenBSDFast studyArnaudEbalard<troglocan@rstack.org >PierreLalet<pierre@rstack.org>Ol ivierMatz<zer0@rstack.org>Copyright c 2004 Droids Corporation.March 4 2004Contents1 Introduction22 Stability23 Fingerprinting24 BPF fingerprinting25 Disabling Sebek getting more information36 Conclusion51Page 21 IntroductionThis is a fast study of the Sebek official client for OpenBSD (public releaseversion). You can get more information about the Honeynet Project on http://www.honeynet.org. Sebek Homepage is here : http://www.honeynet.org/tools/sebek/. You can download Sebek client for OpenBSD here :http://www.dragos.com/sebek/.We are three guys from the Droids Corporation working on Sebek for*BSD (http://droids.rstack.org/sebek/1) with the French HoneynetProject (http://www.frenchhoneynet.org/).We thought the experience gathered working on Sebek could help thecommunity to improve SebekOpenBSD.We have worked on an OpenBSD 3.4 kernel with SebekOpenBSD 2.6.2 StabilityAlthough this version is a public and official release the SebekOpenBSDkernel is not stable at all. When we tested it adding a new user caused thesystem to reboot. An easy way to reboot your SebekOpenBSD computer isto type for example : cp /bin/sh /tmp.Due to this instability we could not test all the points we wanted to.3 FingerprintingA normal (understand nonroot) user can easily detect Sebek just by reading the kernel file. We are going to use gdb and disassemble the functiondofileread which calls sebeklog on a SebekOpenBSD kernel.Lets try it :# echo "disassemble dofileread" | gdb q /bsd | grep sebek0xd01c9bdc <dofileread+292>:call0xd01c967c <sebeklog>4 BPF fingerprintingWe can use BPF (Berkeley Packet Filter see bpf(4) OpenBSD Programmers Manual) to fingerprint Sebek. This can be useful if the kernel file hasbeen stripped.1The Sebek client for OpenBSD youll find on that web page is just our client forNetBSD ported ...

Source: honeynet.droids-corp.org


add to Google Reader add to Google Bookmark add to bloglines add to newsgator add to FURL add to digg add to webnews add to Netscape add to Yahoo MyWeb add to spurl.net add to diigo Bookmark newsvine Bookmark del.icio.us Bookmark @ SIMPIFY Bookmark MISTER WONG Bookmark Linkarena Bookmark icio.de Bookmark oneview Bookmark folkd.com Bookmark yigg.de Bookmark reddit Bookmark StumbleUpon Bookmark Slashdot Bookmark blinklist Bookmark technorati add to blogmarks add to blinkbits add to ma.gnolia add to smarking.com add to netvouz add to co.mments add to Connotea add to de.lirio.us

 

Related Files

TruePort Linux User Guide

Filed under: Software and Linux
TruePort Linux User Guide, Version 6.0, Part #5500164-10 1 TruePort Linux User Guide This document ... SSL/TLS Trouble Shooting ...

066 - Advanced Unix/Linux Admin & Microsoft Windows Integration

Filed under: Software and Linux
... com.au www.mit.com.au Overview This course has a strong practical slant covering the use of Linux ... and test login i) Security - Iptables, firewalling j) Putty -secure remote admin Day 5 Trouble shooting a ...

Using under OpenBSD

Filed under: Software and Linux
participates in the de] OpenBSD Translation Project. . runs the OpenBSD mirror at the University of Erlangen. Germany (. anoncvs2.de.openbsd.org ...

eurobsdcon 05 For Your Information: OpenBSD @ eurobsdcon 05 ...

Filed under: Software and Linux
Implementing and deploying OpenBSD based wireless networks using hostapd ... cesspoints and a centralized OpenBSD network booting and management server. ...

Using OpenBSD and Snort to build ready to roll Network Intrusion ...

Filed under: Software and Linux
Overview of OpenBSD and Snort. Deployment of Distributed Network Intrusion ... $OpenBSD: Makefilev1.201 2004/02/29 18:02:14 deraadt Exp $ ...