Honeypots mailing list archives

honeyd - single ip address

From: Mario Ohnewald <mario.ohnewald () linux net>
Date: Tue, 16 Dec 2003 07:18:54 -0800 (PST)

Hello!
I want to run honeyd on a host which is only allowed to have ONE ip address.
SO what i am trying to do now is to set up honeyd to listen to that one ip address and some ports like telnet or IIS.
Is this even possible?

Here is what i did:
# arpd <IP>
# honeyd -f honeyd.conf <IP>

My honeyd.conf file:
-------------------------
### Windows computers (default)
create default
set default personality "Windows NT 4.0 Server SP5-SP6"
set default default tcp action reset
add default tcp port 1110 "sh pop3.sh"
add default tcp port 125 block
add default tcp port 121 "sh ftp.sh"
#add default udp port 139 drop
set default uptime 3284460
### Cisco router
create router
set router personality "Cisco 4500-M running IOS 11.3(6) IP Plus"
add router tcp port 23 "/usr/bin/perl router-telnet.pl"
set router default tcp action reset
set router uid 32767 gid 32767
set router uptime 1327650
# Bind specific templates to specific IP address
# If not bound, default to Windows template
bind <IP> router


Cheers, Mario

_____________________________________________________________
Linux.Net -->Open Source to everyone
Powered by Linare Corporation
http://www.linare.com/

Current thread:

honeyd - single ip address Mario Ohnewald (Dec 16)
- Re: honeyd - single ip address Hugo Teso Torío (Dec 16)
- Re: honeyd - single ip address Devilscrow Sr (Dec 16)
  - RE: honeyd - single ip address John (Dec 16)
    - RE: honeyd - single ip address roshen.chandran (Dec 16)