Re: Honeyd 1.0 DHCP Question

[Niels Provos <provos () citi umich edu>]

Hi Patrick,

the dhcp command works very much like the bind command.  You want to use
it only after you have completely configured your template.  It works
only for interfaces that you specify with the -i flag.  It might also
help to create the default template so that it blocks all traffic.

Niels.

On Thu, Feb 03, 2005 at 09:12:15AM -0000, patrickstjohn () gmail com wrote:
> First off I want to say thanks to Niels and his helpers for the great software and major improvements to honeyd. Also 
> thanks to the posters on this list I've learned alot and fixed alot of problems by reading through the threads. 
>
> Question: I've been unable as of yet to get dhcp honeypots working. Ultimately I would like to get 3 virtual 
> honeypots obtaining dhcp addresses. My first try at this so far has been unsuccessful. Here is my ultra-basic config 
> for a XP honeypot.
>
> honeyd.conf
> -------------
> create xp
> dhcp xp on eth0 ethernet "mac address in quotes"
> set xp personality "Microsoft Windows XP Professional SP1"
> set xp default tcp action reset
> set xp default udp action reset
> set xp default icmp action open
> set xp uid 32767 gid 32767
> <I'll have various scripts set up after this when I get
> it working>
> -------------
>
> Now eth0 and the mac address is the actual information from my machine. It will start up fine but won't get a new ip 
> address (stays with my static IP). And when I make up a bogus eth1 with a fake mac address it says that eth1 doesn't 
> exist (which it doesn't). So how does the DHCP setup work? I read the man page but it was a little confusing on this 
> point. Has anyone gotten it to work and mind showing their setup for it? I'd appreciate any insight. Thank you.
>
> Patrick