[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Argos: qemu-based honeypot
From: |
Mulyadi Santosa |
Subject: |
Re: [Qemu-devel] Argos: qemu-based honeypot |
Date: |
Wed, 21 Dec 2005 17:28:55 +0700 |
User-agent: |
KMail/1.5 |
Dear Dr Bos..
First, congratulations for the Argos release. Looks interesting for
me..I'll give it a try ASAP.
> We have extended QEMU to enable it to detect remote attempts to
> compromise the emulated guest operating system. Using dynamic taint
> analysis Argos tracks network data throughout the processor's
> execution and detects any attempts to use them in a malicious way.
> When an attack is detected the memory footprint of the attack is
> logged and the emulators exits.
Pardon me, can you explain what dynamic taint means? Is it somekind of
code instrumentation similar with Bochs? If yes, I'd love to study on
how you do it since I am planning to do something like that since long
time ago but still unable to dig deeper about Qemu internals...
regards
Mulyadi