Honeypots mailing list archives
Problem understanding honeyd config
From: Jonathan Lowther <jon.lowther () activis com>
Date: 6 Apr 2005 15:42:07 -0000
I'm a honeyd newbie!! I have just installed honeyd 1.0 and am having trouble understanding how to configure it. I have a registered address range that I have placed behind a real firewall. On the subnet there is a server running redhat ES3.0. My intention is to allow port 80, 25 etc through the firewall to a small range of addresses on the subnet. I am then planning to configure honeyd so that it creates virtual servers for that range of addresses (192.168.1.3 --> 192.168.1.10 for example ). The addresses currently used (for example) are: 192.168.1.1 - The firewall and def gateway for the honeyd server 192.168.1.2 - The real address of the redhat/honeyd server. The server only has one interface (eth0) I wasn't going to have anything too complicated and I was planning to have a variety of virtual devices (Windows, Apple MAC, OpenBSD devices etc). On the firewall I was planning to add host routes for each of these IP addresses so that traffic is sent to the honeyd server (so I won't need to use arpd).
From the config samples that I have looked at I can't seem to find a simple
setup like this. Most of the setups talk about creating routers. I'm not sure if I have to create a router for the network since the firewall is already acting as a router between my subnet and the rest of the Internet. The config I have tried so far is as follows: route entry 192.168.1.2 network 192.168.1.0/26 route 192.168.1.2 link 192.168.1.0/26 #Create a cisco router create router set router personality "Cisco IOS 11.3 - 12.0(11)" set router default tcp action reset set router default udp action reset add router tcp port 23 "/usr/bin/perl /usr/share/doc/honeyd-1.0/scripts/router-telnet.pl" set router uid 32767 gid 32767 set router uptime 1327650 bind 192.168.1.2 router ### Windows NT4 web server create windows set windows personality "Windows NT 4.0 Server SP5-SP6" add windows tcp port 80 "perl scripts/iis-0.95/iisemul8.pl" add windows tcp port 139 open add windows tcp port 137 open add windows udp port 137 open add windows udp port 135 open set windows default tcp action reset set windows default udp action reset bind 192.168.1.3 windows bind 192.168.1.4 windows bind 192.168.1.5 windows bind 192.168.1.6 windows And I have run this using the command: honeyd -d -disable-webserver -f config.test 192.168.1.0/26 However I get the following error: honeyd: interface_new: intf_get: No such device Also, I'm not sure if I should harden the honeyd server before I make it accessable to the rest of the world (I couldn't find any reference to this either). I've had a look through the FAQ and the mailing lists, and I can't find a simple answer to my questions. I'm probably totally misunderstanding the concept of honeyd (so please accept my apologies), but any suggestions for where I am going wrong would be very useful. Thanks and regards, Jonathan Lowther
Current thread:
- Problem understanding honeyd config Jonathan Lowther (Apr 06)
- Re: Problem understanding honeyd config Filip Wantuch (Apr 06)