Sorry about this friday night spamming... But one last thought: Would it not be preferable if the capture client reports were retrieved by way of the Vix Api (vmrun perhaps)? Since the clients are intentionally infected by malware, i would prefer if they did not know where to locate my capture server. If using the vix api, the Capture server would not have to be exposed to the internet in any way, since it could be located on a private network with the Vmware server management interface. Also, i think this would make Capture-HPC simpler to deploy, since it would only need "one-way" communication.
Just my last thoughts on this, going into the weekend. Regards, Lasse
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc