Thanks for your reply Rob and Jefferson.
Exactly, I am using the Windows XP SP0 as my honeypot and the sebek is
installed in it.
So, is it a open issue that Windows XP honeypot can't show the sub-process
tree??
And even more information like sebek key logs????
It seems not good for Windows user. :(
Thanks all guys.
----- Original Message -----
From: "Rob McMillen" <[EMAIL PROTECTED]>
To: "Mailing list for users and developers of the Honeywall"
<[email protected]>
Sent: Tuesday, September 16, 2008 9:04 PM
Subject: Re: [Honeywall] Sebek Process Tree Problem
What flavor of honeypot are you using?
Rob
On Tue, Sep 16, 2008 at 7:19 AM, Li Chou Juan (Leo) <[EMAIL PROTECTED]>
wrote:
Dear All:
I am a newbie on the Honeywall.
I use the latest version roo-1.4.hw-20080424215740.iso
Here is the problem that I am facing now!!
1. The Sebek process tree doesn't expand its sub-process tree on the
walleye.
For example, I used a computer to attack the honeypot. I used
Metaexploit 3.0 to attack it.
After the attack success I got a shell of root privilege. And I also
added some text file on c:\xxx.txt. Of course the Snort will have a
alert and sebek will have a main process on walleye and log all of key
logs.
Here is the problem, I saw a lot of documents. It should be a
sub-process tree
on the walleye when Sebek log the record. And It also appears the key
log on the walleye.
*** Yet, I can't see the sub-process tree and key log on walleye ***
I am so confusing with the above situation. I also did the "yum update".
Does any one know the problem??
--
Best Regard.
_______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall
_______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall
__________ NOD32 3426 (20080908) Information __________
This message was checked by NOD32 antivirus system.
http://www.nod32.com.hk
_______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall
