RE: honeyd

["Stacy Olivas" <olivas () digiflux org>]

I had the same problem at first on my FreeBSD system.  You need to turn
on polling mode with the -P switch.

Then it works.

Hope this helps

-Stacy (olivas () digiflux org)

-----Original Message-----
From: mike () honeynet org [mailto:mike () honeynet org] 
Sent: Sunday, October 27, 2002 2:19 AM
To: Alan Neville
Cc: honeypots () securityfocus com
Subject: Re: honeyd

The answer to one of your questions is on the honeyd page...

"If your kqueue implementation does not support bpf file descriptors,
define the environment variable EVENT_NOKQUEUE to yes"

Not sure about the token, try removing any new lines at the end.

Mike

On Sat, 26 Oct 2002, Alan Neville wrote:

> Hello:
>
> When running honeyd on my FreeBSD 4.5 system, with the following
syntax:
> honeyd -d -p nmap.prints -f config.sample -i fxp0
>
> I seem to get some strange errors which don't seem to be covered
within the
> FAQ (http://www.citi.umich.edu/u/provos/honeyd/faq.html). The
following
> lines are the errors produced when attempting to start honeyd as root.
>
> config.sample:11 illegal token
> config.sample:11 syntax error
> honeyd[7255]: listening on fxp0: (tcp or icmp or udp_ and not ether
src
> 00:a0:c
> 9:ad:af:07
> honeyd[7255]: Kqueue does not recognize bpf filedescriptor.
> Oct 26 22:41:31 charlie honeyd[7255]: Kqueue does not recognize bpf
> filedescriptor.
>
> The following is a copy of my config.sample file:
>
> # Example of a simple host template and its binding
> annotate "AIX 4.0 - 4.2" fragment old
> create template
> set template personality "AIX 4.0 - 4.2"
> add template tcp port 80 "sh scripts/webd.sh"
> add template tcp port 22 "sh scripts/test.sh $ipsrc $dport"
> add template tcp port 21 proxy $ipsrc:23
> set template default tcp action reset
>
> bind 192.168.1.4 template
>
> Any ideas?
>
> -Alan