RE: honeyd and routing

["Roshen Chandran" <roshen.chandran () paladion net>]

> Does someone have a recipe how to make the honeyd listen to network 
> traffic on it's specifiyed devices without strange and cryptic routing?

You could use the -i option for Honeyd to listen on a specified
interface

./honeyd -f honeyd.conf -i eth1 


> Another problem ist that when I redirect traffic from the inter net to
a 
> honeyd-host it won't respond to requests (for example telnet).

Does it respond to ping? Could you give more details? The relevant
section your honeyd.conf would be useful.

Thanks!
-Roshen

Roshen Chandran
Paladion Networks
http://www.paladion.net



-----Original Message-----
From: fleshcrawler [mailto:fleshcrawler () fleshcrawler dyndns org] 
Sent: Sunday, December 21, 2003 7:22 PM
To: honeypots () securityfocus com
Subject: honeyd and routing


Hello,

I now managed to set up a running honeyd network. While doing this I
encountered some awful problems. I have 2 ethernet devices in my box.
eth0 is the local network and eth1 is the honey-net mixed with vservers.
Somehow I had to setup strange routing tables to get the honeyd
answering the requests to the network. I had to route the local
10.0.0.0/8 on eth0 network through the 192.168.0.0/16 network on eth1
and then honeyd respondet to requests. This is somehow strange because
the honeyd is setup to listen on eth0.

Does someone have a recipe how to make the honeyd listen to network
traffic on it's specifiyed devices without strange and cryptic routing?

Another problem ist that when I redirect traffic from the inter net to a
honeyd-host it won't respond to requests (for example telnet).

Thank's for your patience!