Honeypots mailing list archives

RE: Error with honeyd win32

From: "Roger A. Grimes" <roger () banneretcs com>
Date: Wed, 29 Dec 2004 10:22:48 -0500

First, Honeyd and the related utilities don't work well on XP SP2, if at
all.  I've abandoned, for right now, even trying to get it to work on my
SP2 machine.  Microsoft hardened the Windows IP stack to prevent
malicious attacks, and in the process cause other issues to legitimate
programs.  I'm pretty sure there are tweaks we can make to SP2 to open
the necessary processes back up, but I haven't had time to troubleshoot
it, yet.

I believe Michael Davis is working on an updated version to be released
one day.

But if you want to try t/s:
Try isolating the problem with Windump first.

Download windump.exe from http://winpcap.polito.it and then run

Windump.exe -D

This should return information about your Nic.  If it doesn't then there
is a problem between Winpcap and your nic.

Then type in honeyd.exe -W and you should see results similar to the
windump output.

Also, when troubleshooting these types of problems, minimalize the
command line parameters so they aren't involved.

Roger

************************************************************************
***
*Roger A. Grimes, Banneret Computer Security, Computer Security
Consultant 
*CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), CEH, CHFI
*email: roger () banneretcs com
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus Protection for Windows by
O'Reilly
*http://www.oreilly.com/catalog/malmobcode
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
************************************************************************
****



-----Original Message-----
From: kimyenlists () yahoo com [mailto:kimyenlists () yahoo com] 
Sent: Wednesday, December 29, 2004 4:42 PM
To: honeypots () securityfocus com
Subject: Error with honeyd win32



I have installed honeyd0.5a for win32 and installed winpcap 3.0 beta.  I
have setup the config file and input this command and receive the
following output...

C:\honeyd-0.5a>honeyd -d -P -l C:\honeyd-0.5a\logs\honeyd.log -p
C:\honeyd-0.5a\nmap.prints -f C:\honeyd-0.5a\honeyd.conf
honeyd-win32: Unable to query adapter \Device\NPF_GenericNdisWanAdapter
for MAC Address. Error Code: 0

I am using XP Pro with SP2.  I have searched google and the archive of
this list but cannot find any information on this error.  Any help would
be much appreciated.

Current thread:

Error with honeyd win32 kimyenlists (Dec 29)
- <Possible follow-ups>
- RE: Error with honeyd win32 Smith, Ryan (Dec 29)
- RE: Error with honeyd win32 Roger A. Grimes (Dec 29)