RE: honeywall

["David Watson" <david () honeynet org uk>]

Andrew,

 

Sounds like a fun challenge! :-)

 

Headless operation is usually not a problem and it should be possible to
build and configure the Roo Honeywall system remotely (although hardware
changes could be an issue when swapping hard disks). However, you need to
bear a few things in mind when setting up the configuration:

 

1)     Roo expects that eth0 will be used for the outside of the transparent
layer 2 bridge and that eth1 will be used for the (honeypot facing) inside
interface. 

2)     Neither interface eth0 or eth1 has an IP address assigned and the
Honeywall cannot be remotely managed using these interfaces

3)     A management interface is optional, and this defaults to eth2

4)     If you choose to enable remote management, you need to ensure that
your management station's IP address is contained in the list of authorised
management hosts

5)     You also need to ensure that you can correctly route to the assigned
eth2 IP address (usually a separate isolated management LAN, but can be a
cross over cable)

6)     By default the Honeywall console device is the video console,
although this can be changed to use a serial port. Since Roo is a modified
Fedora Core distribution, follow the available documentation available
online about this process

7)     If all else fails, you can always allow outbound shell access from
the Honeywall and set up an /etc/rc2.d script that automatically launches a
remote shell to your desktop on bootup. This should at least get you an
interactive prompt on the Honeywall system.

 

Personally I`d suggest that you build a normal Honeywall first and become
familiar and confident with its configuration before you try to build a
fully headless system on alternative hardware, as starting from scratch
might be slightly daunting. VMWare or similar can be helpful here if you
don`t have the necessary hardware available. Again, because of the standard
Fedora Core platform underneath the bonnet, you might also want to look at
Redhat's kickstart process and consider using a custom remote network
kickstart install onto the box in question - you might find this is easier
than porting the hard disks between different architectures.

 

Good luck, and let us know how it goes.

 

Thanks,

 

David

 

David Watson


UK Honeynet Project

www.ukhoneynet.org

david () honeynet org uk

 

  _____  

From: Andrew Duane [mailto:elminster13 () gmail com] 
Sent: 19 November 2005 16:40
To: honeypots () securityfocus com
Subject: honeywall

 

Hi all,

 

I am currently playing with setting up a honey net. I have a rather unusual
setup. I have a box that I would like to use with has no monitor port
(headless) and no cd rom drive. Although it does have three network cards. I
use it for different IDS usually.

 

I would like to stick honeywall on the device so I took the hard disc out
built it in a laptop set some config options dropped it back into the box
and now im stuck. As my laptop has only one port I had to manually set the
IP of eth0 so: ifconfig 192.168.1.1 netmask 255.255.255.0 then used a cross
over cable to see if I could ssh to it but no joy. Stopped iptables without
success. Idea being if I could connect to the device while in the laptop I
should be able to once it's in my headless box.

 

There is a console port on the box which would be ideal to manage it with
but it does not appear to work? Has console access been disabled?

 

Any suggestions would be great.

 

Regards

 

Andrew