Honeypots mailing list archives
Honeyd - why this behavior
From: "Ivan Esteban Rivera Uria" <irivera () bnc-corp com>
Date: Tue, 19 Apr 2005 18:57:33 -0500
I donĀ“t know why honeyd has the following behavior. I make my configuration file like this: --># templates -->create default -->set default default tcp action block -->set default default udp action block --> --> --> --># windows -->create windowsxp -->set windowsxp personality "Cisco Router/Switch with IOS 11.2" -->set windowsxp default tcp action reset -->set windowsxp default udp action reset -->set windowsxp uptime 1728650 -->add windowsxp tcp port 80 proxy www.google.com:80 -->add windowsxp tcp port 135 open -->add windowsxp tcp port 445 open --> --># router -->create router -->set router personality "Cisco 1601 (IOS 11.0) or DECbrouter90T1 (Runs Cisco IOS 10.2(5))" -->set router default tcp action reset -->set router default udp action reset -->add router tcp port 23 open --> -->bind 192.168.31.115 windowsxp -->bind 192.168.31.116 router -->bind 192.168.31.117 router When I run nmap -sT -PT -PI -p 22-26 -T 192.168.31.117 , I get the following information -->Starting nmap V. 3.00 ( www.insecure.org/nmap ) -->Interesting ports on (192.168.31.117): -->Port State Service -->22/tcp filtered ssh -->23/tcp open telnet -->24/tcp filtered priv-mail -->25/tcp open smtp -->26/tcp filtered unknown -->Nmap run completed -- 1 IP address (1 host up) scanned in 13 seconds Why I see open more port, I do not make that configuration... I make honeyd-1.0 in Fedora Core 3 box and the kernel version is 2.6.11-1-14_FC3. I use all new versions. I execute the following command # honeyd -d -p nmap.prints -f honeyd.conf2 -l honeyd.log -u 500 -g 500 --disable-webserver I do not understand why this behavior... could you help me? Thanks Ivan
Current thread:
- Honeyd - why this behavior Ivan Esteban Rivera Uria (Apr 19)