Re: hybrid virtual honeynets

[joe smith <joe () joesmith homeip net>]

Angel,

Assuming you are using one machine for gateway and one for VMware host

Gateway: yes you need to bridge your external and internal interface.
HostOS: VMware will install the necessary kenel modules for bridging.  
If you set your vm network setting to bridge, you are good to go.

Assuming you intend to run sebek server and rc.firewall script on the 
gateway, hybrid does not have any affect.  To the gateway, the virutal 
machine is just another host on the interal network.

J

Angel Avila wrote:

> Hi, I've recently became real interested in honeynets.
> I am trying to build a hybrid virtual honeynet.  I've
> been following the KYE: Gen II honeynet and Learning
> with VMWare whitepaper as guides for the development.
>
> The question I have pertains to bridging.  Will I have
> to have a bridge running on both machines (gateway,
> hostOS of honeypots)?  How does running a hybrid
> affect running tools like sebek or rc.firewall script?
>
> I am assuming that on the gateway side I will have the
> rc.firewall's LAN_IFACE variable and bridge interface
> set to ETH1 (my gateway only has 2 eth cards).  This
> will be the same for the other tools such as
> snort_inline and snort.
>
> I am not sure on the hostOS side. 
>
> I've kinda gotten confused, since I am trying to
> follow the two whitepapers.
>
> I would appreciate any suggestions.
>
> Thanks
>
>
>
>                 
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - You care about security. So do we.
> http://promotions.yahoo.com/new_mail
>
>