Re: honeypot sw for nmap testbed?

[Laurent OUDOT <oudot () rstack org>]

Hi guy,

You should glance at the Honeyd web site :
http://www.citi.umich.edu/u/provos/honeyd

Honeyd, from Niels Provos, is a free powerfull solution to create a safe
playground for a fan club of nmap end users.

It will use nmap (and xprobe !) files to simulate a stack IP.

For example, if you want that 10.0.0.1 looks like being a playstation 2,
that's okay u'll need 2 or 3 lines to add in the configuration file. Oh
now you want to add a Windows XP box, just ask Honeyd !

Just try and it'll give you ideas to easily play with random networks.

Have fun,

laurent

Bennett Todd a écrit:
> I'm looking in to trying to make a pleasant playpen for someone
> trying to learn nmap.
>
> It seems to me that some honeypot software ought to be a nice
> starting place, for creating something that looks like a big,
> interesting, diverse network on e.g. 127.1/16.
>
> Does this sound realistic, or am I completely out to lunch on what
> things like honeyd are good for?
>
> My real fantasy would be to craft up some scripts that take nmap's
> OS and application signature databases as input, and build random
> nets populated with machines that look like all kinds of stuff that
> nmap knows about. Anybody heard of anything like this? Sort of
> vaguely like what stick does to snort.
>
> Thanks,
>
> -Bennett