Honeypots mailing list archives
RE: honeywall
From: "David Watson" <david () honeynet org uk>
Date: Mon, 28 Nov 2005 11:20:06 -0000
Andrew, Sounds like a fun challenge! :-) Headless operation is usually not a problem and it should be possible to build and configure the Roo Honeywall system remotely (although hardware changes could be an issue when swapping hard disks). However, you need to bear a few things in mind when setting up the configuration: 1) Roo expects that eth0 will be used for the outside of the transparent layer 2 bridge and that eth1 will be used for the (honeypot facing) inside interface. 2) Neither interface eth0 or eth1 has an IP address assigned and the Honeywall cannot be remotely managed using these interfaces 3) A management interface is optional, and this defaults to eth2 4) If you choose to enable remote management, you need to ensure that your management station's IP address is contained in the list of authorised management hosts 5) You also need to ensure that you can correctly route to the assigned eth2 IP address (usually a separate isolated management LAN, but can be a cross over cable) 6) By default the Honeywall console device is the video console, although this can be changed to use a serial port. Since Roo is a modified Fedora Core distribution, follow the available documentation available online about this process 7) If all else fails, you can always allow outbound shell access from the Honeywall and set up an /etc/rc2.d script that automatically launches a remote shell to your desktop on bootup. This should at least get you an interactive prompt on the Honeywall system. Personally I`d suggest that you build a normal Honeywall first and become familiar and confident with its configuration before you try to build a fully headless system on alternative hardware, as starting from scratch might be slightly daunting. VMWare or similar can be helpful here if you don`t have the necessary hardware available. Again, because of the standard Fedora Core platform underneath the bonnet, you might also want to look at Redhat's kickstart process and consider using a custom remote network kickstart install onto the box in question - you might find this is easier than porting the hard disks between different architectures. Good luck, and let us know how it goes. Thanks, David David Watson UK Honeynet Project www.ukhoneynet.org david () honeynet org uk _____ From: Andrew Duane [mailto:elminster13 () gmail com] Sent: 19 November 2005 16:40 To: honeypots () securityfocus com Subject: honeywall Hi all, I am currently playing with setting up a honey net. I have a rather unusual setup. I have a box that I would like to use with has no monitor port (headless) and no cd rom drive. Although it does have three network cards. I use it for different IDS usually. I would like to stick honeywall on the device so I took the hard disc out built it in a laptop set some config options dropped it back into the box and now im stuck. As my laptop has only one port I had to manually set the IP of eth0 so: ifconfig 192.168.1.1 netmask 255.255.255.0 then used a cross over cable to see if I could ssh to it but no joy. Stopped iptables without success. Idea being if I could connect to the device while in the laptop I should be able to once it's in my headless box. There is a console port on the box which would be ideal to manage it with but it does not appear to work? Has console access been disabled? Any suggestions would be great. Regards Andrew
Current thread:
- honeywall Andrew Duane (Nov 19)
- RE: honeywall David Watson (Nov 28)
- Re: honeywall Andrew Duane (Nov 28)
- RE: honeywall David Watson (Nov 28)