Honeypots mailing list archives

Re: newbi question

From: Christian Kreibich <christian () whoop org>
Date: 22 May 2003 15:18:32 +0100

Hi,


where are you doing this pinging/scanning from? It must not be the same
host as that gets explicitly excluded (and not ether src
00:60:b0:67:89:93) ...

Btw you don't *have* to use arpd -- you could also just manually set up
arp so that the network thinks packets going to 10.7.1.116 will be
answered by the honeypot.

Cheers,
Christian.

On Thu, 2003-05-22 at 09:45, Cabotse Aurélien wrote:

ravenlord a écrit:

hi,
----- Original Message ----- 
From: "Cabotse Aurélien" <aurelien.cabotse () srt-poste fr>
To: <honeypots () securityfocus com>
Sent: Wednesday, May 21, 2003 7:37 AM
Subject: newbi question

And when i scan the honeypot I obtain the original  O.S. and not the
honeypot


my guest is you should run arpd first,
and make sure 10.7.1.112 is not the host ip,

Ok I made a mistake.
Now I emulate a new host IP 10.7.1.116 withn Windows NT on my debian 
10.7.1.112 in a LAN network 10.0.0.0/8
        create template   
        set template personality "Windows NT 4.0 Server SP5-SP6"
        set template default tcp action reset
        set template default udp action reset
        add template tcp port 80 "perl scripts/iisemulator-0.95/iisemul8.pl"
        add template tcp port 139 open
        add template tcp port 137 open
        add template udp port 137 open
        add template udp port 135 open
        set template  uptime 3284460
        bind 10.7.1.116 template
I  run
    #arpd 10.7.1.116
then run  
    # honeyd -p nmap.prints -f /etc/honeyd/honeyd.conf -a nmap.assoc  
10.7.1.116
- Connecting to Tcp prelude Manager server 10.3.3.224:5554.
- SSL authentication succeed with Prelude Manager.
honeyd[1524]: listening on eth0: ip and (dst 10.7.1.116) and not ether 
src 00:60:b0:67:89:93

And nothing append when I do a scan or a ping
I don't known what is wrong

-- 
Aurélien Cabotse

-- 
________________________________________________________________________
                                                    http://www.whoop.org

Current thread:

newbi question Cabotse Aurélien (May 21)
- Re: newbi question Fabian Bieker (May 22)
  - Re: newbi question Cabotse Aurélien (May 22)
- Message not available
  - Re: newbi question Cabotse Aurélien (May 22)
    - Re: newbi question Christian Kreibich (May 22)
    - Re: newbi question Fabian Bieker (May 22)