Honeypots mailing list archives
Re: Honeyd, dummy interface, default actions
From: "Hauguet, Francis" <francis.hauguet () eads com>
Date: Tue, 18 Jan 2005 17:12:30 +0100
LECLERCQ Eric RD-MAPS-ISS wrote:
I'm fiddling a bit with honeyd in a situation where I want a box withonly one IP address to listen on all ports (all but a few, SSH for example) with a custom script (one for tcp and udp).
Hi,If you don't care having your virtual box using the same subnet as the host, you can use the "ethernet" keyword in your config file. If you have to use a different subnet, you may try to use a tun/tap virtual interface.
Full honeyd.conf: create honey set honey personality "Microsoft Windows XP Professional SP1" set honey default icmp action open set honey default udp action "echo udp" set honey default tcp action" echo tcp"Also there doesn't seem to be any way for the script to know the protocol used for the connection, couldn't there be a HONEYD_IP_PROTO environment variable passed to the scripts?
Humm, seems you have answered your own question with your example ;) (use a != argument for a script used with tcp and a script used with udp). regards, -- Francis Hauguet
Current thread:
- Honeyd, dummy interface, default actions LECLERCQ Eric RD-MAPS-ISS (Jan 17)
- Re: Honeyd, dummy interface, default actions Hauguet, Francis (Jan 19)
- Message not available
- Re: Honeyd, dummy interface, default actions LECLERCQ Eric RD-MAPS-ISS (Jan 19)
- Re: Honeyd, dummy interface, default actions Hauguet, Francis (Jan 19)
- Re: Honeyd, dummy interface, default actions LECLERCQ Eric RD-MAPS-ISS (Jan 19)