Re: [Honeywall] Anything new on the data to the UI going away issue?

Fri, 02 Nov 2007 16:08:20 -0800 

Pavinder,
    Just trying to isolate the issue so we can fix it.  Will get sebek
working again :)

Rob

On Nov 2, 2007 5:44 PM, Parvinder Bhasin <[EMAIL PROTECTED]> wrote:
> Guys,
>
> I will disable sebek collection on roo.  If that doesn't work, I will
> uninstall sebek from honeypots and see what happens there.
>
> My feeling is that I really would like to see sebek working with roo.
> This is what tells me what an attacker is doing inside my system
> (commands etc).  Without this tool, roo would be stripped 50% of its
> capabilities.
>
> Will report all the findings to the list.
>
> -Parvinder Bhasin
>
> Rob McMillen wrote:
>
> > Nice Earl!
> >
> > Pavinder... Like Earl said, can you disable sebek collection on the
> > honeywall and restart to see if you have the same issue?  I don't
> > think you have to remove the clients from the honeypots.  I think this
> > is an issue on the honeywall.  Sebek collection by the honeywall
> > occurs by sniffing traffic and extracting the sebek packets; therefore
> > I don't think it is the fault of the client.  This said, they are the
> > ones generating the traffic :)
> >
> > I will do the same on my side.
> >
> > Thanks for the info Stefan.
> >
> > Rob
> >
> > On Nov 2, 2007 7:22 AM, Earl <[EMAIL PROTECTED]> wrote:
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> So if I understand what you're saying here it sounds like we need
> >> to investigate the way sebekd, on the honeywall, receives sebek
> >> client data.
> >>
> >> If anyone can produce  pcap data that can be fed through a roo to
> >> reproduce this it might speed things up.  In the mean time I'll try
> >> to get someone with sebek clue to look into this.
> >>
> >> Parvinder,
> >>
> >> Can you reproduce the above scenario (uninstall sebek clients and
> >> see if things work again) maybe with a restart in between?
> >>
> >> Thanks for the feedback!
> >>
> >> Earl
>
> > _______________________________________________
> > Honeywall mailing list
> > [email protected]
> > https://public.honeynet.org/mailman/listinfo/honeywall
> >
>
>
_______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall

Reply via email to