Honeypots mailing list archives
Running Honeyd on interface IP
From: Evgeniy Arbatov <arbatovevgeniy () gmail com>
Date: Wed, 22 Jul 2009 12:10:50 +0300
Hello, I have a question concerning the configuration of Honeyd IP address. I want to make my honeypot visible by the IP address of host computer interface. I have the following setup, within the same physical host: 1.1.1.1 (interface IP)-> 2.2.2.2 (honeyd IP) So if I ssh to the honeyd, I want to ssh to 1.1.1.1. I guess this is something that can be done with iptables, for example like this: iptables -A FORWARD -s 1.1.1.1 -p tcp --dport 22 -d 2.2.2.2 -j ACCEPT iptables -A INPUT -p tcp --sport 22 -j ACCEPT I also add a route for 2.2.2.2 to be accessible from loopback: route add -host 2.2.2.2 lo Then I enable IP forwarding in /etc/sysctl.conf: net.ipv4.ip_forward = 1 And in the configuration for Honeyd I say: add sshhost tcp port 22 "./ssh.sh" bind 2.2.2.2 sshhost Finally, I run my Honeyd like this, binding it to my Loopback: honeyd -d -l /tmp/honeypot/packet.log -f smtp.conf -i lo But I am still unable to access port 22 of my honeypot. What can be missing? I am running honeyd-1.5b. This is what I get by running Honeyd in the debug mode: honeyd[3388]: listening on lo: ip honeyd[3388]: Demoting process privileges to uid 99, gid 99 honeyd[3388]: rrdtool returning errors - restarting. honeyd[3388]: Respawing rrdtool too quickly honeyd[3388]: Connection request: tcp (1.1.1.1:40805 - 1.1.1.1:22) honeyd[3388]: Killing attempted connection: tcp (1.1.1.1:22 - 1.1.1.1:40805) honeyd[3388]: Connection dropped by reset: tcp (1.1.1.1:40805 - 1.1.1.1:22) honeyd[3388]: rrdtool returning errors - restarting. honeyd[3388]: Respawing rrdtool too quickly Thank you! Regards, Evgeniy
Current thread:
- Running Honeyd on interface IP Evgeniy Arbatov (Jul 22)