Honeypots mailing list archives
Re: Doubt regarding Honeywall
From: "Earl" <esammons () hush com>
Date: Tue, 3 Oct 2006 13:03:08 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What you are seeing is normal for roo-1.x. We are working on the next generation Honeywall that will hopefully offer options to do more selective data capture (and other cool stuff). i.e. Only perform data capture to/from Honeypots (or even selected honeypots) as one example. Earl On Tue, 03 Oct 2006 11:46:12 -0400 "mng3 () libero it" <mng3 () libero it> wrote:
Hi all, I'm configuring a little honeynet: the Honeywall and one honeypot running WinXP Pro SP2. I have deployed the honeynet in my LAN, so the honeypot is in the same subnet of my production system. My doubt is the following: the Walleye web interface, in the "Top 10 Honeypots" section show not only honeypot's IP address, but also IP address of some production systems. Moreover, when I examine the connection tracked by Honeywall, I see also connections between system that are NOT the honeypot. Is this behaviour normal? The Honeywall are working fine? thanks ------------------------------------------------------ Salva ora il tuo preventivo Direct Line e assicurati lo sconto extra 5+5% sulla polizza auto entro il 31 Ottobre! http://click.libero.it/directline4
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wkYEARECAAYFAkUiojgACgkQk7+e+4lPSm2NMwCdHjIt/q2+G1IYrDURnBCWK4Sps9kA n1bBgjRbKdPFX3PeqiH94ZyNYrf4 =GquH -----END PGP SIGNATURE-----
Current thread:
- Doubt regarding Honeywall mng3 () libero it (Oct 03)
- 答复: Doubt regarding Honeywall lobatt (Oct 03)
- <Possible follow-ups>
- Re: Doubt regarding Honeywall Earl (Oct 03)