From s23
Jump to navigation Jump to search

Is the host you are on a virtual machine or real?

Honeypotting with VMware

One way to identify VMware systems is by their BIOS

BIOS ID: unknown
BIOS Date: 10/16/01
BIOS Signon: unknown
BIOS Type: PhoenixBIOS 4.0 Release 6.0 licensed to Intel
Super I/O: unknown
Chipset: Intel 440BX/ZX rev 1

another is finding files like:

Windows: VMware tools, under windows this will show up in "Add/Remove programs"

UNIX: ..such as /etc/rc.d/init.d/dualconf, "Copyright (C) 1998-99, VMware Inc." and the /etc/vmware-tools/ directory.

Template loop detected: Template:Stub

Use VMWare and SYSPREP to Create a Master Workstation Image