Honeyd ping problem

[brian.g.plourde () us pwc com]

I was hoping someone could help me with a honeyd ping problem that I am 
having.  My honeyd.conf file is extremely simple, a couple of addresses 
bound to a windows template.  I run arpd, then honeyd with a -df switch 
pointing to the same segment of my 172 network that arpd is pointing to.

The problem is that honeyd is replying to ALL addresses within my 
designated range-- even when they are not bound to hosts in my conf file. 
For example, I can ping 172.x.x.25 (bound to windows) and 172.x.x.30 (not 
bound) and I receive the same reply-- even with a traceroute.

I run an nmap scan to the 25 address and it properly reports back the only 
open ports-- any other IP in the range reports back a list of thousands of 
"open" ports.

Anyone seen this before?  I am new to honeyd and honeypots in general.

Thanks,

-Brian

_________________________________________________________________
The information transmitted is intended only for the person or entity to 
which it is addressed and may contain confidential and/or privileged 
material.  Any review, retransmission, dissemination or other use of, or 
taking of any action in reliance upon, this information by persons or 
entities other than the intended recipient is prohibited.   If you 
received this in error, please contact the sender and delete the material 
from any computer.