Honeypots mailing list archives
start honeyd on interface without ip address (hide honeyd host)
From: James Oliver <686f6e6579 () gmail com>
Date: Mon, 14 Feb 2005 14:41:35 +0100
Hi, According to http://www.honeyd.org/faq.php#badaddr the interface on which honeyd gets started needs an IP address. I'd like to hide the honeyd host from the network and wish that only the virtual hosts created by honeyd are seen. I have already tried the solution described by Fabian Bieker in <20040131135138.GC25111 () mogul lan> but that didn't work. I get no response from the simulated host and a nmap scanning the IP address shows me that all ports are filtered. When I start honeyd and try to reach the simulated honeyd host it prints "arp reply [IP address of honeyd host] is-at [MAC address]" but I can't figure out where this MAC address is coming from. It's not one I have in my configuration file and it's not one of the ones of the 2 computers connected. Are there any other methods to implement the hiding of the honeyd host? I'm running Debian Sarge with Linux kernel 2.4.27, honeyd 1.0, iptables 1.2.11. My iptables rule: # /sbin/iptables -A INPUT -j DROP My honeyd configuration: create template set template personality "Linux Kernel 2.4.20" set template default tcp action reset set template default udp action reset set template default icmp action open add template tcp port 80 "sh scripts/linux/suse8.0/apache.sh" set template ethernet "[MAC address]" bind [IP address of honeyd host] template Thanks for your help, James
Current thread:
- start honeyd on interface without ip address (hide honeyd host) James Oliver (Feb 14)