Re: [Qemu-devel] Argos: qemu-based honeypot

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Argos: qemu-based honeypot

From:	Mulyadi Santosa
Subject:	Re: [Qemu-devel] Argos: qemu-based honeypot
Date:	Wed, 21 Dec 2005 17:28:55 +0700
User-agent:	KMail/1.5

Dear Dr Bos..

First, congratulations for the Argos release. Looks interesting for 
me..I'll give it a try ASAP.

> We have extended QEMU to enable it to detect remote attempts to
> compromise the emulated guest operating system. Using dynamic taint
> analysis Argos tracks network data throughout the processor's
> execution and detects any attempts to use them in a malicious way.
> When an attack is detected the memory footprint of the attack is
> logged and the emulators exits.

Pardon me, can you explain what dynamic taint means? Is it somekind of 
code instrumentation similar with Bochs? If yes, I'd love to study on 
how you do it since I am planning to do something like that since long 
time ago but still unable to dig deeper about Qemu internals...

regards

Mulyadi

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] Argos: qemu-based honeypot, Herbert Bos, 2005/12/20
- Re: [Qemu-devel] Argos: qemu-based honeypot, Mulyadi Santosa <=
- Re: [Qemu-devel] Argos: qemu-based honeypot, Tace, 2005/12/21
- Re: [Qemu-devel] Argos: qemu-based honeypot, Herbert Bos, 2005/12/23

Prev by Date: Re: [Qemu-devel] User net not aviaiable
Next by Date: [Qemu-devel] qemu 0.8's ./configure fails to check for zlib
Previous by thread: [Qemu-devel] Argos: qemu-based honeypot
Next by thread: Re: [Qemu-devel] Argos: qemu-based honeypot
Index(es):
- Date
- Thread