Honeypots mailing list archives

honeyd compile error 1.0 and 0.8b

From: Ivan Rivera <esteban_uria () yahoo com>
Date: Fri, 8 Apr 2005 22:29:07 -0700 (PDT)


Hi
I try to compile different version of honeyd (1.0 and
0.8b). I compile and install the following software

libdnet 1.10 (OK)
libevent 1.0c (OK)
libpcap 0.8.3 (OK)

I run ldconfig in the directory of libdnet and when I
try to compile honeyd i get the following error
message.

checking for working addr_cmp in libdnet... configure:
error: you need to install a more recent version of
libdnet

I specify the --with-libdnet=/usr/local but i get the
same error message.

I check documentation but all the documentation do not
say anything about this error, I think is a commond
error message, and i apply all the steps that i found
in the internet to fix this problem but I do not get
the right compile

Why I need to install another version more recent that
i have in my computer? I use 1.10 

Do you have any idea?

Thanks for you help

Ivan


--- James Oliver <686f6e6579 () gmail com> wrote:

Hi,

I'm running honeyd (1.0) with a host based on the
"Linux 2.4.20"
personality. A firewall (iptables 1.2.9) drops all
new outgoing
connections. When I try to ping this Linux host from
outside the
firewall always drops the packet, stating this is a
new connection.

I have analysed the ICMP Echo Replies honeyd sends
for the "Linux
2.4.20" personality and the Code field is set to 1,
even if the ICMP
Echo Request's Code field is 0.

In

http://www.networkmagazine.com/shared/printableArticle.jhtml?articleID=8702910

it is stated that Linux doesn't change the code
field, so I'm
wondering why this happens. I have analysed my own
ICMP Echo
Requests/Replies and looked at
/usr/src/linux/net/ipv4/icmp.c to have
a look at the Linux ICMP code. This code is the same
as the one in the
Linux 2.4.20 sources, so the behaviour should be the
same AFAIK.

Therefore I have now modified my
/usr/share/honeyd/xprobe2.conf in line 237 to

icmp_echo_code = 0

instead of

icmp_echo_code = !0

After this change the firewall accepts the ICMP Echo
Replies of
honeyd's Linux 2.4.20 personality. Nevertheless it
now always changes
the ICMP Echo Replie Code always to 0 which is not
Linux behaviour.

Is the behavior in the original xprobe2.conf
intended? Is there a
mistake on my side?

Thanks for your suggestions,
James


IvAn =^)
esteban_uria () yahoo com

Current thread:

honeyd compile error 1.0 and 0.8b Ivan Rivera (Apr 09)
- <Possible follow-ups>
- Re: honeyd compile error 1.0 and 0.8b gangadhar npk (Apr 09)
- Re: honeyd compile error 1.0 and 0.8b Ivan Rivera (Apr 10)
  - Re: honeyd compile error 1.0 and 0.8b Valdis . Kletnieks (Apr 11)