Honeypots mailing list archives
Re: honeyd - single ip address
From: Hugo Teso Torío <HugoT () mkzingenieria com>
Date: Tue, 16 Dec 2003 17:33:01 +0100
Hi, arpd <IP> honeyd -p nmap.prints -f honeyd.conf <IP> With the above command, the arpd process will monitor the IP if it's UNUSED; after that, the honeyd command will set the templetes that are on your honeyd.conf "binded" to that IP, also It will load the nmap.prints that is the actual database that the scanning tool Nmap uses to fingerprint operating systems. You can add "-x xprobe2.prints" to load the database for xprobe. Your honeyd.conf appears to be correct. Take into acount that what honeyd makes is to redirect all the "calls" for the range of IPs you used in the arpd to your box and then interact depending on the template you asigned to that IP (in honeyd.conf with the "bind <IP>"). You really don't add a new IP direction to your box. Arpd is used for ARP spoofing; this is what actually monitors the unused IP space and directs attacks to the Honeyd honeypot. Take a look to "http://www.securityfocus.com/infocus/1659" for more info; if that doesn't solve your problem specify a little bit more your question. Remeber, honeyd doesn't work over used IPs; at the FAQ (http://www.citi.umich.edu/u/provos/honeyd/faq.html) tells you how to use honeyd without a network. Best regards ----- Original Message ----- From: "Mario Ohnewald" <mario.ohnewald () linux net> To: <honeypots () securityfocus com> Sent: Tuesday, December 16, 2003 4:18 PM Subject: honeyd - single ip address
Hello! I want to run honeyd on a host which is only allowed to have ONE ip
address.
SO what i am trying to do now is to set up honeyd to listen to that one ip
address and some ports like telnet or IIS.
Is this even possible? Here is what i did: # arpd <IP> # honeyd -f honeyd.conf <IP> My honeyd.conf file: ------------------------- ### Windows computers (default) create default set default personality "Windows NT 4.0 Server SP5-SP6" set default default tcp action reset add default tcp port 1110 "sh pop3.sh" add default tcp port 125 block add default tcp port 121 "sh ftp.sh" #add default udp port 139 drop set default uptime 3284460 ### Cisco router create router set router personality "Cisco 4500-M running IOS 11.3(6) IP Plus" add router tcp port 23 "/usr/bin/perl router-telnet.pl" set router default tcp action reset set router uid 32767 gid 32767 set router uptime 1327650 # Bind specific templates to specific IP address # If not bound, default to Windows template bind <IP> router Cheers, Mario _____________________________________________________________ Linux.Net -->Open Source to everyone Powered by Linare Corporation http://www.linare.com/
Current thread:
- honeyd - single ip address Mario Ohnewald (Dec 16)
- Re: honeyd - single ip address Hugo Teso Torío (Dec 16)
- Re: honeyd - single ip address Devilscrow Sr (Dec 16)
- RE: honeyd - single ip address John (Dec 16)
- RE: honeyd - single ip address roshen.chandran (Dec 16)
- RE: honeyd - single ip address John (Dec 16)