Re: [mailinglists] SMB lure and honeyd's subsystem virtualization

["KeyFocus" <support () keyfocus net>]

Hi


> does anybody have tried to build an SMB lure using samba and honeyd's
subsystem virtualization yet?
> I have tried using the following config [section], ending up with a
problem:
>
SMB is a mess of multiple protocols and sub-systems which all have to be
working even to do basic operations. If anyone of these is not configured
properly then SMB is likely to fail.
Maybe someone on the Samba team can tell you how to load Samba with the
sub-system e.g. srvsvc, samr etc disabled.

> Any ideas what's going wrong?
> Or any ideas or alternatives building an SMB lure using honeyd and samba
(except proxying traffic to port 139 etc.)?
>

A custom Samba build, with a lot of the service functionality stubed out, is
probably the best option.
We looked into this but opted instead to develop a SMB emulation from the
ground up.

> Thanks, Sven.

- Tom
www.keyfocus.net