Honeypots mailing list archives

SMB lure and honeyd's subsystem virtualization

From: Sven Marcus <securifo () web de>
Date: 28 Nov 2003 10:56:34 -0000



Hi,
does anybody have tried to build an SMB lure using samba and honeyd's subsystem virtualization yet?
I have tried using the following config [section], ending up with a problem:

create windows
set windows personality "Windows NT 4.0 Server SP5-SP6"
set windows default tcp action reset
set windows default udp action reset
#add windows subsystem "/etc/init.d/samba start" shared
add windows subsystem "/usr/sbin/nmbd -D" shared
add windows subsystem "/usr/sbin/smbd -D" shared

But nmbd fails (even if no samba program part is running) with the message 
honeyd[6765]: Subsystem "/usr/sbin/nmbd -D" died

Any ideas what's going wrong? 
Or any ideas or alternatives building an SMB lure using honeyd and samba (except proxying traffic to port 139 etc.)?

Thanks, Sven.

Current thread:

SMB lure and honeyd's subsystem virtualization Sven Marcus (Nov 28)
- Re: [mailinglists] SMB lure and honeyd's subsystem virtualization KeyFocus (Nov 28)