Re: Doubt regarding Honeywall

["Earl" <esammons () hush com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What you are seeing is normal for roo-1.x.  We are working on the
next generation Honeywall that will hopefully offer options to do
more selective data capture (and other cool stuff).  i.e. Only
perform data capture to/from Honeypots (or even selected honeypots)
as one example.

Earl

On Tue, 03 Oct 2006 11:46:12 -0400 "mng3 () libero it"
<mng3 () libero it> wrote:
> Hi all,
> I'm configuring a little honeynet: the Honeywall and one honeypot
> running WinXP Pro SP2.
> I have deployed the honeynet in my LAN, so the honeypot is in the
> same subnet of my production system.
>
> My doubt is the following: the Walleye web interface, in the "Top
> 10 Honeypots" section show not only honeypot's IP address, but
> also IP address of some production systems.
>
> Moreover, when I examine the connection tracked by Honeywall, I
> see also connections between system that are NOT the honeypot.
>
> Is this behaviour normal?
> The Honeywall are working fine?
>
> thanks
>
>
>
> ------------------------------------------------------
> Salva ora il tuo preventivo Direct Line e assicurati lo sconto
> extra 5+5% sulla polizza auto entro il 31 Ottobre!
> http://click.libero.it/directline4
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wkYEARECAAYFAkUiojgACgkQk7+e+4lPSm2NMwCdHjIt/q2+G1IYrDURnBCWK4Sps9kA
n1bBgjRbKdPFX3PeqiH94ZyNYrf4
=GquH
-----END PGP SIGNATURE-----