xenwatch and xenswitch processes

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

xenwatch and xenswitch processes

Joop Boonen
Hello All,

I have the following question. I've used xen what i see in a DomU is the
xenswitch and xenwatch processes. When i have users on a system or a
firewall on DomU is hacked they know it's running on xen. Is there a way
to not show/hide these processes?

Regards,

Joop Boonen.



_______________________________________________
Xense-devel mailing list
[hidden email]
http://lists.xensource.com/xense-devel
Reply | Threaded
Open this post in threaded view
|

Re: xenwatch and xenswitch processes

Bryan D. Payne
> I have the following question. I've used xen what i see in a DomU  
> is the
> xenswitch and xenwatch processes. When i have users on a system or a
> firewall on DomU is hacked they know it's running on xen. Is there  
> a way
> to not show/hide these processes?

While you might be able to hide the processes (e.g., using a  
rootkit), I think that there's a larger issue here.  It sounds like  
you're goal is to completely hide the fact that a machine is running  
in a domU.  And, for better or worse, this is very hard to do.

Consider, for example, Red Pill.  This small program can detect when  
it's running in a virtualized environment:

http://invisiblethings.org/papers/redpill.html

Cheers,
bryan


-
Bryan D. Payne
Graduate Student, Computer Science
Georgia Tech Information Security Center
http://www.bryanpayne.org




_______________________________________________
Xense-devel mailing list
[hidden email]
http://lists.xensource.com/xense-devel

smime.p7s (3K) Download Attachment