Honeypots mailing list archives
RE: send problem on honeyd win32
From: "Roger A. Grimes" <rogerg () cox net>
Date: Wed, 27 Aug 2003 08:18:00 -0400
The symptom still sounds like a static route problem. I've wrestled with it before myself. Run route print>c:\file.txt and send the file. This will print out your local Windows routing table and give us something to go on. You can also run a sniffer (like Ethereal or Snort) on the host machine and on the remote machine to verify that Honeyd is responding. If I'm correct, Ethereal or Snort running on the host machine will confirm that Honeyd is sending back Echo replies, but the remote machine will not see the replies...their getting lost in the ether <grin> Also, remember Honeyd must be on its own subnet. From the addresses you sent below I can't tell without the subnet mask, but your route table will help. Roger -----Original Message----- From: Philippe Bogaerts [mailto:xxradar () radarhack com] Sent: Wednesday, August 27, 2003 5:32 AM To: rogerg () cox net; honeypots () securityfocus com Subject: RE: send problem on honeyd win32 Hello, i have checked this ... (other traffic is working fine to existing hosts) ex ping from 192.168.10.44 to 192.168.10.66 (machine running honeyd) is working ping from 192.168.10.44 to 192.168.10.55 (virtual machine) is not receiving the reply, although honeyd says it sends it in debug mode. There is no arp problem, or honeyd cannot seem to find the correct mac address. Is there entry in the honeyd.conf to force it to use the correct interface ? I suppose it uses the win32 arp entries and route entries ? Tx -----Original Message----- From: Roger A. Grimes [mailto:rogerg () cox net] Sent: Tuesday, August 26, 2003 4:26 PM To: Philippe Bogaerts; honeypots () securityfocus com Subject: RE: send problem on honeyd win32 Usually it's a static route problem. You've got to make sure that packets headed back from Honeyd are routed back off it's interface through its host computer's interface. Roger *************************************************************************** *Roger A. Grimes, Computer Security Consultant *CPA, MCSE (NT/2000), CNE (3/4), A+ *email: rogerg () cox net *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode/ *Author of Apress's upcoming Honeypots for Windows *************************************************************************** -----Original Message----- From: Philippe Bogaerts [mailto:xxradar () radarhack com] Sent: Tuesday, August 26, 2003 9:44 AM To: honeypots () securityfocus com Subject: send problem on honeyd win32 Hello, does anybody has an idea what might be the problem ? I have installed honeyd on win32 with winpcap 3.0. When i ping a virtual host, i see that honeyd replies (in debug mode), but the packet is not actual send on the network ? I've tried it on multiple w2k machines, no luck. Greetings,
Current thread:
- send problem on honeyd win32 Philippe Bogaerts (Aug 26)
- Re: send problem on honeyd win32 Michael A. Davis (Aug 26)
- RE: send problem on honeyd win32 Roger A. Grimes (Aug 26)
- RE: send problem on honeyd win32 Philippe Bogaerts (Aug 27)
- RE: send problem on honeyd win32 Roger A. Grimes (Aug 27)
- RE: send problem on honeyd win32 Philippe Bogaerts (Aug 27)