Re: honeyd config question

[Niels Provos <provos () citi umich edu>]

On Wed, Aug 04, 2004 at 01:10:42PM -0700, Earl wrote:
> This may sound dumb but is there a way to run a scrip
> on everything that hits a particular honeypot...
>
> Something like this:
>
> create mytemplate
> set mytemplate personality "BeOS 4 - 4.5"
> set mytemplate default tcp action reset
> set mytemplate default udp action reset
> set mytemplate default icmp action reset
> add mytemplate tcp port * "sh /scripts/blah.sh"
> add mytemplate udp port * "sh /scripts/blah.sh"
> bind w.x.y.z mytemplate
>
> Niels' syntax checking aborts when I try the above and
> I've tried everyting else I can think of to no avail. 

There is no such thing as * for a port.  You can specify a script
as the default action for a protocol.

Niels.