start honeyd on interface without ip address (hide honeyd host)

[James Oliver <686f6e6579 () gmail com>]

Hi,

According to http://www.honeyd.org/faq.php#badaddr the interface on
which honeyd gets started needs an IP address. I'd like to hide the
honeyd host from the network and wish that only the virtual hosts
created by honeyd are seen.

I have already tried the solution described by Fabian Bieker in
<20040131135138.GC25111 () mogul lan> but that didn't work. I get no
response from the simulated host and a nmap scanning the IP address
shows me that all ports are filtered.

When I start honeyd and try to reach the simulated honeyd host it
prints "arp reply [IP address of honeyd host] is-at [MAC address]" but
I can't figure out where this MAC address is coming from. It's not one
I have in my configuration file and it's not one of the ones of the 2
computers connected.

Are there any other methods to implement the hiding of the honeyd host?

I'm running Debian Sarge with Linux kernel 2.4.27, honeyd 1.0, iptables 1.2.11.

My iptables rule:
# /sbin/iptables -A INPUT -j DROP

My honeyd configuration:
create template
set template personality "Linux Kernel 2.4.20"
set template default tcp action reset
set template default udp action reset
set template default icmp action open
add template tcp port 80 "sh scripts/linux/suse8.0/apache.sh"
set template ethernet "[MAC address]"
bind [IP address of honeyd host] template

Thanks for your help,
James