RE: send problem on honeyd win32

["Philippe Bogaerts" <xxradar () radarhack com>]

Hello, i have checked this ... (other traffic is working fine to existing
hosts)
ex ping from 192.168.10.44 to 192.168.10.66 (machine running honeyd) is
working
   ping from 192.168.10.44 to 192.168.10.55 (virtual machine) is not
receiving the reply, although honeyd says it sends it in debug mode.  There
is no arp problem, or honeyd cannot seem to find the correct mac address. Is
there entry in the honeyd.conf to force it to use the correct interface ? I
suppose it uses the win32 arp entries and route entries ?

Tx




-----Original Message-----
From: Roger A. Grimes [mailto:rogerg () cox net]
Sent: Tuesday, August 26, 2003 4:26 PM
To: Philippe Bogaerts; honeypots () securityfocus com
Subject: RE: send problem on honeyd win32


Usually it's a static route problem.  You've got to make sure that packets
headed back from Honeyd are routed back off it's interface through its host
computer's interface.

Roger

***************************************************************************
*Roger A. Grimes, Computer Security Consultant
*CPA, MCSE (NT/2000), CNE (3/4), A+
*email: rogerg () cox net
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus Protection for Windows by O'Reilly
*http://www.oreilly.com/catalog/malmobcode/
*Author of Apress's upcoming Honeypots for Windows
***************************************************************************


-----Original Message-----
From: Philippe Bogaerts [mailto:xxradar () radarhack com]
Sent: Tuesday, August 26, 2003 9:44 AM
To: honeypots () securityfocus com
Subject: send problem on honeyd win32



Hello,
does anybody has an idea what might be the problem ?
I have installed honeyd on win32 with winpcap 3.0.  When i ping a virtual
host, i see that honeyd replies (in debug mode), but the packet is not
actual send on the network ?  I've tried it on multiple w2k machines, no
luck.



Greetings,