Honeypots mailing list archives
Re: Data Capture and Data Control
From: Yoshihiro Shibuya <SND13571 () nifty com>
Date: Thu, 13 Mar 2003 16:17:50 +0900 (JST)
Hello Mr. Rob, Thank you for your advise! I'm trying again and tell after time.
Also, I have another IDS machine in a lab network, I can notice some scans for our honeypot's IP address and other machine's honeypot. But TCPFLOW on our Honeypot's host os doesn't capture ONLY the IP address of the honeypot.Not too sure what you are asking, but I think you are trying to say that you see traffic on the honeypot that belongs to external traffic. Is this right? An ascii picture might make it easier to understand. Rob
My virtual honeynet is following; --------------------------------------------- | | | ----------- ----------- | | | | | | | | | | vmnet1 | | | eth0 | | Guest OS |---------| Host OS |----|-------> INTERNET | | | | | | | |(honeypot) | | (VMware) | | | | | | | | | ----------- ----------- | --------------------------------------------- Guest OS has IP (eth0) 192.168.79.2 Host-Only Host OS has IP (eth0) (A class C external address) (vmnet1) 192.168.79.1 But after running modified rc.firewall script, when I type /sbin/ifconfig, host os's IP(eth0), br0, vmnet1 don't have IP address, and Guest os(honeypot)'s address is 192.168.79.2 when I type /sbin/ifconfig on Guest os. But when I type ping command and so on at Guest(honeypot), network don't reachable. Sorry of my poor English, please give some advises. Regards, sincerely, Yoshihiro Shibuya <SND13571 () nifty com>
Current thread:
- Data Capture and Data Control yoshi03j (Mar 12)
- Re: Data Capture and Data Control Rob McMillen (Mar 12)
- Re: Data Capture and Data Control Yoshihiro Shibuya (Mar 13)
- <Possible follow-ups>
- RE: Data Capture and Data Control Gonzalez, Albert (Mar 13)
- Re: Data Capture and Data Control Rob McMillen (Mar 12)