Re: A simple questions on redirecting

[<gconnell () middlebury edu>]

In-Reply-To: <20040204090709.30824.qmail () web21409 mail yahoo com>

I may be misunderstanding your question, but it seems to me that all you need is arpd.  arpd is a simple little program 
that looks at arp requests sent out by computers to IP addresses.  If an IP is owned by a computer, it will respond to 
the request with an "arp response" packet saying where the computer is.  If no computer responds within a certain time 
limit (3 secs?), arpd sends its own response, redirecting traffic to your computer (ie: honeypot).  

On the honeyd web page,
http://www.citi.umich.edu/u/provos/honeyd/
go down under the Source Code heading, and you'll see a link for the source for arpd 0.2.  Compile and install that, 
then check out the arpd man page, and you should be set.

    --Cleverduck

> HI All,
>
>  I am a beginner in using honeypot(honeyd) and I need
> to work it as my final year project. But I have
> encountered a big problems.
>  Basically, I can deploy Honeyd but the question is
> how to redirect "malicious" trafic or IP to my
> honeypot?
>  One method is to config Iptables but I don't who is
> going to attack me.So, I don't know the IP. Does it
> mean I need to combine snort and honeyd work together?
> or something like "intelligence" firewall? Any ideas?
>  Please help!:)
>
> Fred
>
> PS My configuration
> Internet----Firewall----local network---honeypot
> Honeypot: Honeyd
> Platform: Linux(kernel >2.4)