RE: honeyd and cable modem

["Roshen Chandran" <roshen.chandran () paladion net>]

Not sure how exactly dhcp affects this - I've *not* tried Honeyd in a
DHCP environment. Let me try and explain how you would use Honeyd when
you have only one IP available, and that has to be shared between the
host and the virtual honeypot in a *static* IP environment. 

1. Assign a private IP to eth0, and set the gateway to be the cable
modem
2. Assign the valid static IP to the honyepot, by binding the IP in the
conf file to the template
3. Run Arpd to spoof responses for the valid IP


> Would I just use something like the following:
>       bind 62.63.64.x windows

No, you'll have to bind each IP address line by line- afaik, Honeyd does
not support a network range with 'bind'. However, arpd supports a
network range, so you can specify the network range in the arpd command.

However, I recall Niels had recommended in an earlier post that the arpd
range should not be overlapping with the DHCP range. The Honeyd FAQ
states that DHCP stops working on the n/w when arpd responds for all
unused IP addresses.
http://www.citi.umich.edu/u/provos/honeyd/faq.html#no_answer Not certain
how this relates to your setup. 

Thanks!
Roshen

Roshen Chandran
Paladion Networks
http://www.paladion.net



-----Original Message-----
From: Craig Sharp [mailto:Cashar () Roushind com] 
Sent: Wednesday, December 17, 2003 6:35 PM
To: roshen.chandran () paladion net; honeypots () securityfocus com
Subject: RE: honeyd and cable modem


Roshen,

You understand correctly.  I only have one IP available and that is
currently assigned to eth0 via dhcp.

Please explain further.  If I have a 62.63.64.x address assigned from
the cable modem to eth0, how would I bind that address in honeyd.conf?
Would I just use something like the following:

bind 62.63.64.x windows

Do I assign the invalid IP to eth0 and then arpd the dhcp address?  The
cable modem must see the MAC address to function properly so I am not
sure what to do.

Craig