RE: GenII Honeynet with NAT

["Stejerean, Cosmin" <cstejere () cti depaul edu>]

It depends on where your attacker will be located. If you will use an
attacker within your private network you will not have to worry about
the NAT router. However if you plan to use a computer to attack from the
outside you will need to enable port forwarding on the NAT router and
forward specific ports to certain machines. That might work since in
most cases the ports for Windows 2000 are different from the ports from
Red Hat.

 

However the reason your IT administrator wants you to use a NAT firewall
is likely because otherwise your honey pots will be exposed to attacks
from the wild. While that is great if you want to study real attacks it
can be a great risk if you do not configure things properly. I would
recommend that you start testing internally and once you feel
comfortable you can move to outside attacks if you can get permission
from the IT department.

 

 

Regards,


Cosmin Stejerean

cstejere () cs depaul edu

________________________________

From: Martin Kristensen [mailto:martink () student hin no] 
Sent: Tuesday, March 01, 2005 6:16 AM
To: honeypots () securityfocus com
Subject: GenII Honeynet with NAT

 

 

Hi everyone!
We are two students who are studying the Honeynet technology for a
project we are doing.
We have a question about the use of NAT.
Our IT-administrator will provide the Internet access for us, but he
will not give us a public IP. He wants to use a router which performs
NAT to the Honeynet, so the NAT will be performed before the Honeywall
gateway.
Will this be a problem for us with using the bridging mode and
rc.firewall script?

Use this link to see how our network looks:
http://home.no/martinkr/design.jpg


Thanks for any help!

Regards

Martin Kristensen
martink () student hin no