Re: newbi question

[Fabian Bieker <fabian.bieker () web de>]

On Thu, May 22, 2003 at 10:45:45AM +0200, Cabotse Aur?lien wrote:
>    #arpd 10.7.1.116

I don't know if the above is correct, because i don't use arpd.
I run honeyd at a university network and it would break their dhcp 
server.

>    # honeyd -p nmap.prints -f /etc/honeyd/honeyd.conf -a nmap.assoc  
> 10.7.1.116
> - Connecting to Tcp prelude Manager server 10.3.3.224:5554.
> - SSL authentication succeed with Prelude Manager.
> honeyd[1524]: listening on eth0: ip and (dst 10.7.1.116) and not ether 
> src 00:60:b0:67:89:93
>
> And nothing append when I do a scan or a ping
> I don't known what is wrong

You don't have to use arpd, try Christian's method, or try this:
Add the ip_addr used by honeyd to the (correct) interface of your debian
host, e.g:
# ifconfig eth0:0 10.7.1.116
Then drop all incoming packets to this destination and acceppt all 
outgoing packets from this src addr using iptables, e.g:
# iptables -I INPUT -i eth0 -d $IP -j DROP
# iptables -I OUTPUT -o eth0 -s $IP -j ACCEPT
(honeyd will get the packets anyway, because it uses pcap-sniffing
 and your debian host, will not answer the packets.)

hope this helps,

        Fabian
-- 
BOFH excuse #389:
/dev/clue was linked to /dev/null

Attachment: _bin
Description: