Subject: Bugs in the sebek-linux client code affect its packet hiding feature.

Original issue date: January 14, 2004
Last revised: January 27,2004
Source: Greek Honeynet Project discovered this bug as a part of the sebek Q&A
proccess

Versions affected: 2.1.1 - 2.1.4

Summary: The sebek-linux client fails to prevent sniffing of sebek packets transmitted
by other sebek clients due to the following problems:
1) Incorrect packet header parsing of the received sebek packets. 
2) Processing the magic value of received sebek packets
without converting it from network to host byte order.

In addition, sebek-linux clients create packets without converting magic values to network byte order. Thus 
machines of different endianness (namely sparc solaris systems) or machines running versions of sebek that handle 
correctly the conversion of magic values are able to sniff sebek-linux client's packets.

Solution: Upgrade immediatelly at least to version 2.1.5 of the sebek-linux
client. http://www.honeynet.org/tools/sebek/sebek-linux-2.1.5.tgz