Honeypots mailing list archives
Re: Honeyd on a single host...
From: raymond <ip_raymond () yahoo com>
Date: Sat, 23 Aug 2003 05:47:53 -0700 (PDT)
Hi, hv you tried to bind the honeyd directly to the interface and then use arp to answer the arp request so as to direct ip traffic at layer2 ? --- Peter Bates <Peter.Bates () lshtm ac uk> wrote:
Hello all... I just thought I'd ask here, to see if anyone else had a working configuration for anything similar. I have a Linux box... ppp0 is the outside world, eth0 is 192.168.1.0/24 for some internal hosts (which are then masqueraded with iptables), and also an eth1 in the machine, that isn't connected or being used. eth0 provides DHCP services, so I'm trying to avoid arpd, but I obviously need to run honeyd on eth0 (or eth1) as it coughs on trying to bind to ppp0. So, I run it bound to eth0 or eth1, and then try iptables -t nat -I PREROUTING -p tcp --dport !22 -i ppp0 -j DNAT --to-destination 192.168.1.200 (I've configured honeyd to 'pretend' to be 192.168.1.200) The traffic appears to come in, but never gets anywhere near honeyd ... Before I start reconsidering and just redirecting traffic to my home machine to my working honey(d)net, does anyone have a working configuration like the above that they are using? I can get things working if I use a second box attached to eth0, but I'm trying to avoid having my home littered with computers :) Thanks...
--------------------------------------------------------------------------------------------------->
Peter Bates, Systems Support Officer, Network Support Team. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838
__________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Current thread:
- Honeyd on a single host... Peter Bates (Aug 22)
- Re: Honeyd on a single host... oudot (Aug 22)
- Re: Honeyd on a single host... raymond (Aug 23)