Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

WG: Honeyd on Win32

From: "Heidecker, Dagmar" <Dagmar.Heidecker () ntx at>
Date: Tue, 9 Mar 2004 21:09:19 +0100
Thank you for your answer!
 
I do not think that I have a VMWare problem as I disabled all adapters except the one I use.
 
I downloaded the new file and cannot see any difference. Still the intf_get: no such device or address error.
What's about disabling all hidden network devices (e.g. wan miniport for pptp) or qos-packet scheduler?
 
By the way: There is still an error in the nmap.prints file. Honeyd reports "Impossible SI range in Class fingerprint 
"Windows NT 4 SP3"". I removed that section from the file and the error disappeared.

Dagmar


________________________________

Von: Michael A. Davis [mailto:mike () datanerds net]
Gesendet: Di 09.03.2004 04:38
An: honeypots () securityfocus com
Betreff: RE: Honeyd on Win32




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

No money is needed.

A new version of honeyd-0.5 for win32 is available at:
http://www.datanerds.net/~mike/binaries/honeyd-0.5-win32.zip
I the new zip file should be posted to the SecurityProfiling
(http://www.securityprofiling.com) website in the morning.

This zip file contains a new binary which should fix the issues with
VMWare.

Please let me know how it goes.

Michael A. Davis


-----Original Message-----
From: Roger A. Grimes [mailto:roger () banneretcs com]
Sent: Monday, March 08, 2004 5:13 PM
To: Heidecker, Dagmar; honeypots () securityfocus com
Subject: Re: Honeyd on Win32

That's the error message of the day.  Several of us have been
asking for help with over the last few weeks, and it hasn't
been solved.

Michael, can we offer money to get you to trace this one?

Roger

**************************************************************
**************
****
*Roger A. Grimes, Computer Security Consultant *CPA,
MCSE:Security (NT/2000/2003/MVP), CNE (3/4), A+
*email: roger () banneretcs com
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus Protection for
Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode
*Author of upcoming Honeypots for Windows (Apress)
**************************************************************
**************
*****

----- Original Message -----
From: "Heidecker, Dagmar" <Dagmar.Heidecker () ntx at>
To: <honeypots () securityfocus com>
Sent: Monday, March 08, 2004 4:59 AM
Subject: Honeyd on Win32


Hi!
I downloaded honeyd for win32 and installed Winpcap 3.0 beta.
I disabled all
network devices (including vmware network devices) except
one, rebootet the
machine and tried to run Honeyd with the command:

honeyd -d -f honeyd.conf

I use an easy configuration file for honeyd.conf :
### Windows computers
create windows
set windows personality "Windows NT 4.0 Server SP5-SP6"
set windows default tcp action reset
set windows default udp action reset
add windows tcp port 80 open
add windows tcp port 139 open
add windows tcp port 137 open
add windows udp port 137 open
add windows udp port 135 open
set windows uptime 3284460
bind 192.168.2.201 windows


192.168.2.201 is not ont the same subnet like my "real" IP address.

The error message I get is:
intf_get: no such device or address

I tried different virtual IP addresses, I tried to add the
device (-i eth0,
IP address etc.) to the command.

What else can I do?

Thank you for your help!

Dagmar





-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQE08Odo69WASbsMmEQIKFwCg7gi2z2l9mOHFhxqsTfyM8YjRoVMAniZi
V3u3LG0yEhpN8vLG1AGGpLd4
=jmaY
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: