Q: Do the modem drivers need to be installed for Sandtrap to work?

Q: Will HTML Help run if the computer running Sandtrap does not have Internet Explorer installed?

Q: Can I use Sandtrap with software that controls my PC remotely?

Q: What are the possible values for the text messages that will be sent when I use e-mail or HTTP notification?

Q: How do I set Sandtrap up to emulate a specific system's login program?

Q: What is a honeypot?

Q: I'm using a Seaport 4-port USB device, and I'm having troubles running Sandtrap. Do you have a solution?

Q: How do I find out my dongle number and other information about my dongle?

Q: Will HTML Help run if the computer running Sandtrap does not have Internet Explorer installed?
Probably yes, if you run hhupd.exe in the top level Sandtrap directory. Note, however, that having IE installed on a computer does not mean that you have to use IE at all; you can keep running your preferred web browser.

Q: Can I use Sandtrap with software that controls my PC remotely?
Sandstorm has performed some testing with Sandtrap and PCAnywhere and NetOp, but cannot guarantee 100% compatibility. Check that the remote software loads and operates properly on its own before attempting to use Sandtrap over it.

NOTE: Sandtrap won't share a modem with a remote control program; you must shut one down before using the other.

Q: What are the possible values for the text messages that will be sent when I use e-mail or HTTP notification?
The messages that get sent via e-mail notification of HTTP notification are identical. They include a timestamp, text (see below) then any additional values (such as which modem was disabled, the Called ID number captured, or the attempted username and password pair). The four possible values for the text message to be sent within e-mail or HTTP notification are:

• Modem Disabled
• Caller ID
• Login Attempted
• Program Shutting Down

Back to top

Q: How do I set Sandtrap up to emulate a specific system's login program?
You will first need to determine the text of the prompts used. If you need to emulate a custom-configured system, you must call it directly. Otherwise, any example of the same operating system and configuration will do. This can be carried out by using either Sandstorm's PhoneSweep or the Hyperterminal application distributed with Windows.

If using PhoneSweep, create a scan to dial the telephone number for the computer you will emulate. Set that scan to "penetrate," and begin the scan. Once PhoneSweep's History tab indicates that it has tried the first username/password combination, you can terminate the scan. Produce a PhoneSweep report with Appendix A (which displays the prompts issued by the system) turned on.

If you are using Hyperterminal, you can dial the computer you wish to emulate. Once it connects, the prompts will be displayed and you can cut and paste them as necessary.

NOTE: Before obtaining a prompt from any system, we recommend that you make sure you aren't violating either applicable laws or the owning organization's policies by calling it and attempting to log in, even if you use a nonsense user name.

Q: What is a honeypot?
The following is from Webopedia's definition of honeypot:

An Internet-attached server that acts as a decoy, luring in potential hackers in order to study their activities and monitor how they are able to break into a system. Honeypots are designed to mimic systems that an intruder would like to break into but limit the intruder from having access to an entire network. If a honeypot is successful, the intruder will have no idea that s/he is being tricked and monitored....

...By luring a hacker into a system, a honeypot serves several purposes: The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning where the system has weaknesses that need to be redesigned. The hacker can be caught and stopped while trying to obtain root access to the system. By studying the activities of hackers, designers can better create more secure systems that are potentially invulnerable to future hackers.

Before Sandtrap, almost all activity in honeypot development and deployment focussed on systems accessible via the Internet.

Q: I'm using a Seaport 4-port USB device, and I'm having troubles running Sandtrap. Do you have a solution?
This is a known problem that will be fixed with a future Sealevel driver. To identify if you have this problem, examine the CD that came with your SeaPORT device. The problem is with a driver on the Sealevel Disk version 2.01.04. If you have installed the drivers from that disk, you need to download the file seacom-2K.zip to a temporary location, unzip the files from this archive, and run the install.bat file. This will install an older version of the affected driver, thus enabling your SeaPORT to operate properly. This download/install procedure MUST be done AFTER installing the faulty drivers to work properly. Also, this problem appears to not affect Windows 98 machines, but does appear on Windows 2000 and XP installations.

Back to top

How do I find out my dongle number and other information about my dongle?
There are three ways to find out a dongle number:

1. Your dongle number is printed on a sticker affixed to your dongle, so simply look at the dongle.
2. Open Sandtrap. In the Help pulldown menu, select About... Find the words "Hardware Serial Number:". Your dongle number is the number AFTER the first dash. For example, if your Hardware Serial Number was 123-4567-89 your dongle number would be 4567.
3. You can run Sandstorm's dongle troubleshooting application. This application is also supplied with Sandtrap and is accessible via the Start menu. When you run it you will be told much information about the dongle, including how many modems you can use with both Sandtrap and PhoneSweep, and how many PhoneSweep numbers you can dial in each profile.

Sandstorm's Products

Order / Get a Quote

Contact Us

Back to top