Honeypots mailing list archives
RE: Honeypot on DSL
From: Christian Kreibich <christian () whoop org>
Date: Wed, 11 May 2005 13:33:58 -0700
Hi, I did something similar a while ago. The simplest way was to have the firewall *block* everything inbound so the machine's real IP stack couldn't start to process the packets. Honeyd will still work because pcap will snoop the packets before they get dropped at the firewall. Besides that, I allowed outbound, and also ssh inbound from a remote management machine (making sure that this traffic wasn't fed into honeyd). So something like the below (this is recalled from memory so might be bogus). # Drop everything we have iptables -F INPUT iptables -F FORWARD # Allow connections initiated outbound, drop everything else. iptables -A INPUT -s <my remote machine> -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -j DROP # Don't forward either. iptables -A FORWARD -j DROP Cheers, Christian. On Tue, 2005-05-10 at 22:05 +0200, Andreas Rittershofer wrote:
Am Dienstag, den 10.05.2005, 14:54 -0500 schrieb Stejerean, Cosmin:From the internet you should only receive traffic directed at your IPaddress and for DSL you usually only get one IP address which might be why you can not get it to work listening on another IP address.I don't want it to listen to another IP address; the honeypot should listen to the IP address I have when I'm online.If you make it listen on the same address check to see if the firewall on the host machine is turned off, it might be intercepting the traffic before the honeypot sees it.The firewall is off. mfg ar
-- ________________________________________________________________________ http://www.cl.cam.ac.uk/~cpk25 http://www.whoop.org
Current thread:
- Honeypot on DSL Andreas Rittershofer (May 09)
- <Possible follow-ups>
- RE: Honeypot on DSL Stejerean, Cosmin (May 09)
- RE: Honeypot on DSL Andreas Rittershofer (May 09)
- Re: Honeypot on DSL Carol Overes (May 10)
- Message not available
- Re: Honeypot on DSL Andreas Rittershofer (May 10)
- Re: Honeypot on DSL Jan Reister (May 10)
- Re: Honeypot on DSL Jan Reister (May 11)
- RE: Honeypot on DSL Andreas Rittershofer (May 09)
- RE: Honeypot on DSL Andreas Rittershofer (May 11)
- RE: Honeypot on DSL Christian Kreibich (May 11)
- RE: Honeypot on DSL Andreas Rittershofer (May 12)