Honeypots mailing list archives
Fw: Running Honeyd
From: "Steve Harvey" <sxh12u () cs nott ac uk>
Date: Fri, 18 Mar 2005 13:15:12 -0000
After reading the faq i understand that honeyd requires its own ip address so i decided to set up a virtual ipaddress as follows: eth0 Link encap:Ethernet HWaddr 00:04:75:E9:B9:70 inet addr:128.243.23.175 Bcast:128.243.23.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:42552 errors:0 dropped:0 overruns:0 frame:0 TX packets:34748 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:10908297 (10.4 MiB) TX bytes:3402249 (3.2 MiB) Interrupt:5 Base address:0xe800 eth0:1 Link encap:Ethernet HWaddr 00:04:75:E9:B9:70 inet addr:128.243.23.174 Bcast:128.243.255.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:5 Base address:0xe800 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:24870 errors:0 dropped:0 overruns:0 frame:0 TX packets:24870 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1016776 (992.9 KiB) TX bytes:1016776 (992.9 KiB) i also understand that honeyd requires traffic to be forwarded to it as it does not intercept any network traffic so i used arpd to monitor the ipaddress of eth0:1 arpd 128.243.23.174i can ping ip address but when i nmap the address i get the same response as
i would if i nmaped eth0 i.e PORT STATE SERVICE 22/tcp open ssh Why can i not get arpd to push the traffic to my honeyd...I have noticedthat everyone uses arpd for blocks of ip addresses...i cannot really do this
as i want to deploy honeyd on my university network and the security group would not be best impressed if i stole all their unused ips! Thanks Steve Harvey
Current thread:
- Fw: Running Honeyd Steve Harvey (Mar 18)
- <Possible follow-ups>
- RE: Running Honeyd Roger A. Grimes (Mar 18)
- RE: Running Honeyd Mohan Chirumamilla (Mar 19)