Re: Honeyd Webcast follow[-up] & arpd question

[papaia.a () home ro]

Finally got the chance to listen to the webcast (Sunday night is the only part 
of the day "free", in the week, for some of us ... who actually don't have a 
life;)) - very good and convincing. Very nice job, Lance! 

I will take the freedom of asking here a question which I would have asked, 
have I had the chance to listen to the webcast "live": has anybody done any 
serious investigation about the effects of running arpd on a DHCP network 
(related to Lance's observation during webcast, about starting arpd "small", 
due to possible problems - thus my assumption about this problem having been 
discussed before)? My personal experience is that - on a Windows based 
network, where the machines seem to be very chatty by definition - arpd seems 
to overcome the capability of any new system attempting to obtain an IP 
address via DHCP, i.e. once started, arpd takes over almost immediately all 
available addresses, and does not seem to release them?!? I was able to 
totally DoS a DHCP network of Windows machines, by simply running arpd ... no 
others were able to grab an address anymore.

Anybody?!?

TIA,
Papaia

On Wednesday 19 November 2003 08:18 pm, Lance Spitzner wrote:
> I recently did a SANS webcast on Honeyd and was asked two
> questions I did not know the answer to.  I stated in the
> webcast I would find out the answers and reply to the
> maillist. After following up with Niels, this is what I
> learned.
>
> - Can Honeyd support IPv6?
>   No. (that was easy :)
>
> - Does the uptime option always give the same time set
>   in the confirmation, or does it incrementally increase?
>   It incremently increases as you would expect it to.
>
> Always learning something new :)