Honeypots mailing list archives
Re: results of the first honeyd challenge (dynamic honeynet?)
From: Niels Provos <provos () citi umich edu>
Date: Tue, 1 Apr 2003 09:40:17 -0500
On Tue, Apr 01, 2003 at 09:42:55AM +0200, Wim Mees wrote:
If the DHCP server then hands out this address to a client, this client will in turn probe with an ARP request to see whether this IP address is really really free. Since you don't block the client, its ARP request will be received by the honeypot and will receive and ARP reply from arpd. As a result, the client will not accept the lease :(
You can configure arpd to take IP addresses from certain IP ranges. You just need to make sure that there is no overlap with the IP address range of the DHCP server. Niels.
Current thread:
- Re: results of the first honeyd challenge (dynamic honeynet?) Lance Spitzner (Mar 31)
- Re: results of the first honeyd challenge (dynamic honeynet?) Wim Mees (Apr 01)
- Re: results of the first honeyd challenge (dynamic honeynet?) Niels Provos (Apr 01)
- Re: results of the first honeyd challenge (dynamic honeynet?) Wim Mees (Apr 01)
- Re: results of the first honeyd challenge (dynamic honeynet?) Niels Provos (Apr 01)
- Re: results of the first honeyd challenge (dynamic honeynet?) Wim Mees (Apr 01)