Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

No reverse routing map for 10.0.0.100

From: "chunsheng fu" <chunsheng.fu () nutechsolutions com>
Date: Mon, 5 Apr 2004 11:21:07 -0400
Hi,
I used the following Honeyd configure file(Config1.conf) and tried to ping
10.0.0.100 from a Windows machine.  The ping command returns "Request timed
out".  It is okay to ping other IPs such as 10.0.1.1.  Since I started
Honeyd without daemonizing it, then I went back to the Honeyd screen and saw
the "No reverse routing map for 10.0.0.100".  If I try "tracert 10.1.0.1",
then it can return the right topology.  The funny thing about this is when I
changed to "Config2.conf" following Niels's paper"Honeyd: A Virtual Honeypot
Daemon", then both ping and tracert will not work.  ping command did not
work for any IPs.  I attached Honeyd's onscreen message to Config2.conf.  It
seems ICMP reply messages are normal.  Can any one of you give me a clue?

  1     *        *        *     Request timed out.
  2    20 ms    60 ms    10 ms  10.0.1.1
  3    30 ms    80 ms    80 ms  10.1.0.1

Config1.conf:

route entry 10.0.0.100
route 10.0.0.100 link 10.0.1.0/24
route 10.0.0.100 add net 10.1.0.0/24 10.0.1.1
route 10.0.1.1 link 10.1.0.0/24

Config2.conf:

route entry 10.0.0.100
route 10.0.0.100 link 10.0.0.0/24
route 10.0.0.100 add net 10.1.0.0/16 10.1.0.1
route 10.0.0.100 add net 10.2.0.0/16 10.2.0.1
route 10.1.0.1 link 10.1.0.0/24
route 10.2.0.1 link 10.2.0.0/24


honeyd[1815]: Sending ICMP Echo Reply: 10.0.0.100 -> 10.0.0.42
honeyd[1815]: Sending ICMP Echo Reply: 10.0.0.100 -> 10.0.0.42
honeyd[1815]: Sending ICMP Echo Reply: 10.0.0.100 -> 10.0.0.42
honeyd[1815]: Sending ICMP Echo Reply: 10.0.0.100 -> 10.0.0.42

honeyd[1815]: Connection to closed port: udp (10.0.0.42:137 - 10.1.0.1:137)
honeyd[1815]: Connection to closed port: udp (10.0.0.42:137 - 10.1.0.1:137)
honeyd[1815]: Connection to closed port: udp (10.0.0.42:137 - 10.1.0.1:137)
honeyd[1815]: TTL exceeded for dst 10.1.0.1 at gw 10.0.0.100
honeyd[1815]: TTL exceeded for dst 10.1.0.1 at gw 10.0.0.100
honeyd[1815]: TTL exceeded for dst 10.1.0.1 at gw 10.0.0.100
honeyd[1815]: Sending ICMP Echo Reply: 10.1.0.1 -> 10.0.0.42
honeyd[1815]: Sending ICMP Echo Reply: 10.1.0.1 -> 10.0.0.42

Thanks a lot.
-CF
Previous By Date Next
Previous By Thread Next

Current thread: