Re: Honeyd on Win32

["Roger A. Grimes" <roger () banneretcs com>]

That's the error message of the day.  Several of us have been asking for
help with over the last few weeks, and it hasn't been solved.

Michael, can we offer money to get you to trace this one?

Roger

****************************************************************************
****
*Roger A. Grimes, Computer Security Consultant
*CPA, MCSE:Security (NT/2000/2003/MVP), CNE (3/4), A+
*email: roger () banneretcs com
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus Protection for Windows by O'Reilly
*http://www.oreilly.com/catalog/malmobcode
*Author of upcoming Honeypots for Windows (Apress)
****************************************************************************
*****

----- Original Message ----- 
From: "Heidecker, Dagmar" <Dagmar.Heidecker () ntx at>
To: <honeypots () securityfocus com>
Sent: Monday, March 08, 2004 4:59 AM
Subject: Honeyd on Win32


Hi!
I downloaded honeyd for win32 and installed Winpcap 3.0 beta. I disabled all
network devices (including vmware network devices) except one, rebootet the
machine and tried to run Honeyd with the command:

honeyd -d -f honeyd.conf

I use an easy configuration file for honeyd.conf :
### Windows computers
create windows
set windows personality "Windows NT 4.0 Server SP5-SP6"
set windows default tcp action reset
set windows default udp action reset
add windows tcp port 80 open
add windows tcp port 139 open
add windows tcp port 137 open
add windows udp port 137 open
add windows udp port 135 open
set windows uptime 3284460
bind 192.168.2.201 windows


192.168.2.201 is not ont the same subnet like my "real" IP address.

The error message I get is:
intf_get: no such device or address

I tried different virtual IP addresses, I tried to add the device (-i eth0,
IP address etc.) to the command.

What else can I do?

Thank you for your help!

Dagmar