RE: honeyd - single ip address

["John" <john () flaccess com>]

I downloaded honeyd and installed IT fine on a slackware 8.1 box. I have a
few external ip's I would like to use for the project. Anyone have a complex
config or simple config to show methods from small to large networks, using
1 ip to many ip's working as is please email a copy to me () knight420 com
Thanks for any help provided!

-Knight420
www.knight420.com

-----Original Message-----
From: Devilscrow Sr [mailto:devilscrow () gawab com] 
Sent: Tuesday, December 16, 2003 1:19 PM
To: mario.ohnewald () linux net
Cc: honeypots () securityfocus com
Subject: Re: honeyd - single ip address

Just in case you have supplied an actual copy of your config....

Guess you have got your pop server port mixed up...... != 1110
think it should be == 110

secondly i agree with hugo. You will have to use -p nmap.prints and | or 
-x xprobe2.prints with the configs he mentioned....

-dev

Mario Ohnewald wrote:

> My honeyd.conf file:
> -------------------------
> ### Windows computers (default)
> create default
> set default personality "Windows NT 4.0 Server SP5-SP6"
> set default default tcp action reset
> add default tcp port 1110 "sh pop3.sh"
> add default tcp port 125 block
> add default tcp port 121 "sh ftp.sh"
> #add default udp port 139 drop
> set default uptime 3284460
> ### Cisco router
> create router
> set router personality "Cisco 4500-M running IOS 11.3(6) IP Plus"
> add router tcp port 23 "/usr/bin/perl router-telnet.pl"
> set router default tcp action reset
> set router uid 32767 gid 32767
> set router uptime 1327650
> # Bind specific templates to specific IP address
> # If not bound, default to Windows template
> bind <IP> router
>
>
> Cheers, Mario
>
> _____________________________________________________________
> Linux.Net -->Open Source to everyone
> Powered by Linare Corporation
> http://www.linare.com/
>
>
>