lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 11 Feb 2006 20:02:59 -0800
From: Niels Provos <provos@...i.umich.edu>
To: bugtraq@...urityfocus.com
Subject: honeyd security advisory: remote detection


Honeyd Security Advisory 2006-001
=================================

Topic:    Remote Detection Via Multiple Probe Packets

Version:  All versions prior to Honeyd 1.5

Severity: Identification of Honeyd installations allows an
	  adversary to launch attacks specifically against
          Honeyd.  No remote root exploit is currently known.

Details:
=========

Honeyd is a virtual honeypot daemon that can simulate virtual hosts on
unallocated IP addresses.

A bug in the IP reassembly codes causes Honeyd to reply to illegal
fragments that other implementations would silently drop.  Watching
for replies, it is possible to detect IP addresses simulated by
Honeyd.

Solutions:
==========

A new version of Honeyd has been released to address this issue.
The source code for Honeyd 1.5 can downloaded from

  http://www.citi.umich.edu/u/provos/honeyd/

It is suggested to run Honeyd in a chroot environment under a sandbox
like Systrace.

Existing installations can be fixed with the following patch

  http://www.honeyd.org/adv.2006-01.patch

Thanks To
=========

Jon Oberheide for finding the problem and providing a fix to avoid
detection.

More Information:
=================

More information on Honeyd can be found at

  http://www.honeyd.org/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ