Honeypots mailing list archives
Re: newbi question
From: Fabian Bieker <fabian.bieker () web de>
Date: Thu, 22 May 2003 17:35:01 +0200
On Thu, May 22, 2003 at 10:45:45AM +0200, Cabotse Aur?lien wrote:
#arpd 10.7.1.116
I don't know if the above is correct, because i don't use arpd. I run honeyd at a university network and it would break their dhcp server.
# honeyd -p nmap.prints -f /etc/honeyd/honeyd.conf -a nmap.assoc 10.7.1.116 - Connecting to Tcp prelude Manager server 10.3.3.224:5554. - SSL authentication succeed with Prelude Manager. honeyd[1524]: listening on eth0: ip and (dst 10.7.1.116) and not ether src 00:60:b0:67:89:93 And nothing append when I do a scan or a ping I don't known what is wrong
You don't have to use arpd, try Christian's method, or try this: Add the ip_addr used by honeyd to the (correct) interface of your debian host, e.g: # ifconfig eth0:0 10.7.1.116 Then drop all incoming packets to this destination and acceppt all outgoing packets from this src addr using iptables, e.g: # iptables -I INPUT -i eth0 -d $IP -j DROP # iptables -I OUTPUT -o eth0 -s $IP -j ACCEPT (honeyd will get the packets anyway, because it uses pcap-sniffing and your debian host, will not answer the packets.) hope this helps, Fabian -- BOFH excuse #389: /dev/clue was linked to /dev/null
Attachment:
_bin
Description:
Current thread:
- newbi question Cabotse Aurélien (May 21)
- Re: newbi question Fabian Bieker (May 22)
- Re: newbi question Cabotse Aurélien (May 22)
- Message not available
- Re: newbi question Cabotse Aurélien (May 22)
- Re: newbi question Christian Kreibich (May 22)
- Re: newbi question Fabian Bieker (May 22)
- Re: newbi question Cabotse Aurélien (May 22)
- Re: newbi question Fabian Bieker (May 22)