Honeypots mailing list archives
Re: Arpd on FC3
From: Maximillian Dornseif <dornseif () informatik rwth-aachen de>
Date: Fri, 5 Aug 2005 11:31:50 +0200
On 2005-07-08 14:18:49 +0200, seamus blarnum <crpyt0k1d () yahoo com> said:
Has anyone come up with a fix or work-around for Arpd on Fedora Core 3? I keep getting syntax errors and from reading insecure.org and a few other sources I seem to not be the only one dealing with this issue.
You should consider to avoid using arpd at all. If your network is not that big you should be able to use the wonderful new honeyd 1.0 features to get your traffic to honeyd. If your network is complex you for sure should avoid arpd because it will break to much stuff. If your network is really big (e.g. /17) you shouldn't use arp at all but routing to get traffic to your system because most network equipment can't really handle tenthousands of notes on the same segments.
See http://blogs.23.nu/antlab/stories/4485/ and http://md.hudora.de/presentations/2005-bh-honeypots-03-honeyd.pdf (slide 7pp)
Also be aware that some morons (debian?) decided to rename arpd into 'farpd'. There is another arpd wich is meant as an userland replacement for the kernel's arp cache. So be sure to actually use the correct arpd if you insist on using arpd at all.
Regards Maximillian Dornseif -- Maximillian Dornseif Laboratory for Dependable Distributed Systems, RWTH Aachen University Tel. +49 241 80-21431 - http://md.hudora.de/
Current thread:
- Arpd on FC3 seamus blarnum (Jul 08)
- Re: Arpd on FC3 Frankie Li (Jul 23)
- Re: Arpd on FC3 Maximillian Dornseif (Aug 05)
- RE: Arpd on FC3 Christopher Cook (Aug 08)