Re: Honeyd on a single host...

[raymond <ip_raymond () yahoo com>]

Hi,

hv you tried to bind the honeyd directly to the
interface and then use arp to answer the arp request
so as to direct ip traffic at layer2 ?


--- Peter Bates <Peter.Bates () lshtm ac uk> wrote:
> Hello all...
>
> I just thought I'd ask here, to see if anyone else 
> had a working configuration for anything similar.
>
> I have a Linux box... ppp0 is the outside world,
> eth0 is 192.168.1.0/24 for some internal hosts
> (which are then masqueraded with iptables), and 
> also an eth1 in the machine, that isn't connected or
> being used.
>
> eth0 provides DHCP services, so I'm trying to avoid
> arpd,
> but I obviously need to run honeyd on eth0 (or eth1)
> as it
> coughs on trying to bind to ppp0.
>
> So, I run it bound to eth0 or eth1, and then try 
>
> iptables -t nat -I PREROUTING  -p tcp --dport !22 -i
> ppp0
> -j DNAT --to-destination 192.168.1.200
>
> (I've configured honeyd to 'pretend' to be
> 192.168.1.200)
>
> The traffic appears to come in, but never gets
> anywhere near
> honeyd ...
>
> Before I start reconsidering and just redirecting
> traffic to my 
> home machine to my working honey(d)net, does anyone
> have
> a working configuration like the above that they are
> using?
>
> I can get things working if I use a second box
> attached to eth0,
> but I'm trying to avoid having my home littered with
> computers :)
>
> Thanks...
--------------------------------------------------------------------------------------------------->
> Peter Bates, Systems Support Officer, Network
> Support Team.
> London School of Hygiene & Tropical Medicine.
> Telephone:0207-958 8353 / Fax: 0207- 636 9838 


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com