Honeypots mailing list archives
Re: Stop process
From: Todd MacDermid <tmacd () synacklabs net>
Date: Thu, 27 May 2004 19:55:52 -0400
There are a couple of ways you could do something like this. First, you could use a proxy IP, ARPing for that IP address, and forwarding any packets you want to your local machine. Rewrite the source IP address to appear as if it is coming from the proxy IP, and the dest to be the host's real IP. Or, if you have a built-in firewall, you could update the rules to block inbound (or outbound) responses. Then reinjecting the packets becomes a matter of writing "beyond" the firewall, through raw ethernet writes or the like. I've actually written a library that does this kind of thing, BSD license. The name is Packet Purgatory, and it's located at http://www.synacklabs.net/projects/packetp/ I haven't tested it on Windows, but it uses libpcap and libdnet, which are portable, so hopefully porting issues would be minimal. Todd On Thu, May 27, 2004 at 02:11:00PM +0200, King Kong <kingkong21 () arcor de> stated:
Hi all, I am a newbie so maybe this is a stupid question. I am writing my own honeypot for Windows. So far so good but when I try to send back my data packets an answer from my Windows has already been made. The packets (Blaster) arrive on port 135 on my machine. What process do I have to stop and how to stop them so that my OS does not automatically send any reply. I am using Windows (XP,2000,98) Thanks in advance KingKong
Current thread:
- Stop process King Kong (May 27)
- Re: Stop process Todd MacDermid (May 28)
- <Possible follow-ups>
- RE: Stop process Polazzo Justin (May 28)