Honeypots mailing list archives
Sebek problems with Honeywall in NAT-Mode
From: heiko.helmle () basf-ag de
Date: Thu, 2 Oct 2003 15:10:47 +0200
Hello everybody, I had a little problem getting sebek2 to work in nat-mode. It seems that sebek sends its udp-packets out with a TTL of 1. On a bridging honeywall this is not a problem, but on a NAT-ting firewall, those packets are rejected and never reach the FORWARD-chain (which prevents logging to syslog - snort gets them anyway). I experimented with the sebek sources and changed the TTL to 2 and the honeywall now logs (and drops) the packets correctly. Is there any security problem with setting the TTL to something higher than 1 (for NAT and bridge-mode)? Regards Heiko Helmle
Current thread:
- Sebek problems with Honeywall in NAT-Mode heiko . helmle (Oct 02)
- Re: Sebek problems with Honeywall in NAT-Mode Edward Balas (Oct 02)