Nice Earl! Pavinder... Like Earl said, can you disable sebek collection on the honeywall and restart to see if you have the same issue? I don't think you have to remove the clients from the honeypots. I think this is an issue on the honeywall. Sebek collection by the honeywall occurs by sniffing traffic and extracting the sebek packets; therefore I don't think it is the fault of the client. This said, they are the ones generating the traffic :)
I will do the same on my side. Thanks for the info Stefan. Rob On Nov 2, 2007 7:22 AM, Earl <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > So if I understand what you're saying here it sounds like we need > to investigate the way sebekd, on the honeywall, receives sebek > client data. > > If anyone can produce pcap data that can be fed through a roo to > reproduce this it might speed things up. In the mean time I'll try > to get someone with sebek clue to look into this. > > Parvinder, > > Can you reproduce the above scenario (uninstall sebek clients and > see if things work again) maybe with a restart in between? > > Thanks for the feedback! > > Earl _______________________________________________ Honeywall mailing list [email protected] https://public.honeynet.org/mailman/listinfo/honeywall
