Honeypots mailing list archives
Honeyd questions.
From: John Lyons <john.lyons () heanet ie>
Date: Wed, 16 Apr 2003 17:09:18 +0100
I've been setting up honeyd for the last day or two and have been successful in getting most of the set-up working. There's two particular areas however I've been having difficulty with. One is the virtual routing, I can find very little documentation on this and I'm not sure of the format this should take within the .conf file ? Has anyone got this working at the moment who'd like to mail or post the relevant part of their .conf file with comments ? :-) The second problem Ive come accross is with the scripts, currently when I run the script from command line on the box running honeyd it runs perfectly. john@***:~/honeyd/honeyd/scripts$ sh pop3.sh +OK QPOP (version 2.53) at ***. starting. user blah +OK Password required for blah. pass blah -ERR Password supplied for "blah" is incorrect. quit +OK Pop serrver at ***. signing off. Ive got the following line in my honeyd.conf which is associated with a particular IP : add linux tcp port 110 "sh /honeyd/honeyd/scripts/pop3.sh" When I scan the IP in question this port shows up as open. However when I connect to the the virtual machine reporting port 110 open, the script doesnt run and just returns : john@***:~$ telnet *.*.*.* 110 Trying *.*.*.* Connected to *.*.*.* Escape character is '^]'. Connection closed by foreign host. john@***:~$ Permissions etc. look fine for the scripts, the honeyd box is running Debian Woody. Thanks for any help in advance ... John
Current thread:
- Honeyd questions. John Lyons (Apr 16)