Re: single honeypot with honeyd

[Niels Provos <provos () citi umich edu>]

Create a default template that ignores all traffic and then start
Honeyd with the IP range of the DHCP servers.

Niels.

On Wed, Jun 22, 2005 at 10:12:15PM -0000, honeypots () digamma net wrote:
> I'm using this simple configuration file:
>
> create routerone
> set routerone personality "Cisco 7206 running IOS 11.1(24)"
> set routerone default tcp action reset
> add routerone tcp port 23 "scripts/router-telnet.pl"
>
> dhcp routerone on eth0 ethernet "made:up:mac:address"
>
> Honeyd acquires an IP from my local DHCP server without any trouble.  But I still need to specify a network address 
> at the command line, and that's a problem. I only want it to listen on the IP it acquires via DHCP.  Specifying no 
> network addresses causes Honeyd to respond to EVERY IP on the Internet, taking my whole network offline. (Luckily I 
> did it after most coworkers had gone home!)
>
> Is there a way around this?