Honeypots mailing list archives
Re: problems with honeyd 0.8b and ethernet emulation
From: LECLERCQ Eric RD-MAPS-ISS <eric.leclercq () francetelecom com>
Date: Fri, 27 Aug 2004 10:43:26 +0200
Here's more info... I don't think I can make it any simpler:
# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:01:03:07:67:98
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:5 Base address:0x2000
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
# cat config.ethernet
create default
set default default tcp action block
set default default udp action block
set default default icmp action block
create template
set template ethernet "3com"
set template personality "Linux 2.4.7 (X86)"
bind 192.168.1.1 template
# ./honeyd -d -f ./config.ethernet -i eth0
Honeyd V0.8b Copyright (c) 2002-2004 Niels Provos
honeyd: epoll_create: Function not implemented
honeyd[1370]: started with -d -f ./config.ethernet -i eth0
Warning: Impossible SI range in Class fingerprint "IBM OS/400 V4R2M0"
Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT
4.0 SP3"
honeyd[1370]: listening promiscuously on eth0: (arp or ip proto 47 or
(ip )) and not ether src 00:01:03:07:67:98
./config.ethernet:10: Template "template" is configured with ethernet
address but there is no interface that can reach 192.168.1.4
honeyd: parsing configuration file failed # config.ethernet2 create default set default default tcp action block set default default udp action block set default default icmp action block create template set template ethernet "3com" set template personality "Linux 2.4.7 (X86)" bind 192.168.1.3 template # ./honeyd -d -f ./config.ethernet2 -i eth0 Honeyd V0.8b Copyright (c) 2002-2004 Niels Provos honeyd: epoll_create: Function not implemented honeyd[1375]: started with -d -f ./config.ethernet2 -i eth0 Warning: Impossible SI range in Class fingerprint "IBM OS/400 V4R2M0"Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT 4.0 SP3" honeyd[1375]: listening promiscuously on eth0: (arp or ip proto 47 or (ip )) and not ether src 00:01:03:07:67:98
honeyd[1375]: Demoting process privileges to uid 32767, gid 32767 ^C honeyd[1375]: exiting on signal 2So, eth0 is 192.168.1.2. Honeyd runs fine on 192.168.1.3 but fails to start with 192.168.1.1. Does it expect eth0's IP address to be _before_ any honeypot address?
-- Eric
Current thread:
- problems with honeyd 0.8b and ethernet emulation LECLERCQ Eric RD-MAPS-ISS (Aug 23)
- Re: problems with honeyd 0.8b and ethernet emulation VHP3 (Aug 26)
- Re: problems with honeyd 0.8b and ethernet emulation Laurent OUDOT (Aug 27)
- Re: problems with honeyd 0.8b and ethernet emulation LECLERCQ Eric RD-MAPS-ISS (Aug 27)
- Re: problems with honeyd 0.8b and ethernet emulation VHP3 (Aug 26)