Very frustrated with Honeyd......

[Mr.Konfess0r <konfess0r () yahoo com>]

Ok... I guess I don't know where to start exactly. This is my first time setting up a honey pot and using Honeyd. I 
read through the documentation and in my interpretation of it all... I have attempted to set it up "as advertised" on a 
Redhat 9 platform. 

All of the required RPM's are installed...

Here is my "Personality" 

=====================================================================
### Win2k Personality
create win2k
set win2k personality "Windows 2000 server SP2"
set win2k default tcp action reset
set win2k default udp action reset
set win2k default icmp action block
set win2k uptime 3567
set win2k droprate in 13
add win2k tcp port 21 "sh scripts/win32/win2k/msftp.sh $ipsrc $sport $ipdst $dport"
# This will redirect incomming windows-filesharing back to the source
add win2k udp port 137 proxy $ipsrc:137
add win2k udp port 138 proxy $ipsrc:138
add win2k udp port 445 proxy $ipsrc:445
add win2k tcp port 137 proxy $ipsrc:137
add win2k tcp port 138 proxy $ipsrc:138
add win2k tcp port 139 proxy $ipsrc:139
add win2k tcp port 445 proxy $ipsrc:445
bind 192.168.1.130 win2k
=====================================================================

My ip address in this case I set to 192.168.1.131

So then I do the following command:

"honeyd -f win2k -a nmap.prints -i eth0"

and I receive the following messages:

====================================================================
Warning: Impossible SI Range in Class Fingerprint "IBM OS/400 V4R2MO"
Warning: Impossible SI Range in Class Fingerprint "Microsof Windows NT 4.0 SP3"

Honeyd[2348]: Listening promiscuously on Eth0: arp or ip proto 47 or (udp and src port 62 and dest port 68) or (IP )) 
and not ether src (my mac address)
Honeyd: make_socket_ai:address already in use
Honeyd: pyextend_webserver_init: make_socket:address already in use
====================================================================

Of course I've tried various combinations of commands at this point
and it feels like I'm just throwing commands at it to get it to work
properly.


Few questions I have.... Okay, I am just trying to get this initially to work. 

1. What am I doing wrong here?
2. Does the IP address need to be the same or different as in the config file? 
3. Do I need to set up a route on this box to make this "virutally" seen?

My testing method I want to accomplish at this point is just hooking up 2 PC's to a basic switch. 1 of course being the 
honeyd box. Initially I just want to be able to nmap the box and get an OS fingerprint of Windows. 

Once I get this far, I think I should be able to get beyond my initial brick wall. 


Hey ladies and gentlemen, any help that I receive I will greatly appreciate it. I'm sorry I have to ask such "dumb" 
questions, but I'm hoping that at least someone else out there has the same one. In any case, God bless you all. Thank 
you.