The browser you are using is not supported by this website. All versions of Internet Explorer are no longer supported, either by us or Microsoft (read more here: https://www.microsoft.com/en-us/microsoft-365/windows/end-of-ie-support).

Please use a modern browser to fully experience our website, such as the newest versions of Edge, Chrome, Firefox or Safari etc.

A Technique for Remote Detection of Certain Virtual Machine Monitors

På svenska

Author

Summary, in English

The ability to detect a virtualized environment has both malicious and non-malicious uses. This paper reveals a new exploit and technique that can be used to remotely detect VMware Workstation, VMware Player and VirtualBox. The detection based on this technique can be done completely passively in that there is no need to have access to the remote machine and no network connections are initiated by the verifier. Using only information in the IP packet together with information sent in the user-agent string in an HTTP request, it is shown how to detect that the traffic originates from a guest in VMware Workstation, VMware Player or VirtualBox client. The limitation is that NAT has to be turned on and that the host and guest need to run different operating system families, e.g., Windows/Linux.

Publishing year

2011

Language

English

Pages

129-137

Publication/Series

Lecture Notes in Computer Science

Volume

7222

Document type

Book chapter

Publisher

Springer

Topic

  • Electrical Engineering, Electronic Engineering, Information Engineering

Conference name

The Third International Conference on Trusted Systems, INTRUST 2011

Conference date

2011-11-27 - 2011-11-29

Status

Published

Research group

  • Crypto and Security

ISBN/ISSN/Other

  • ISSN: 0302-9743
  • ISSN: 1611-3349
  • ISBN: 978-3-642-32297-6
  • ISBN: 978-3-642-32298-3