Honeypots mailing list archives

RE: ARP responding honey pot to any unused ip address

From: "Roger A. Grimes" <roger () banneretcs com>
Date: Mon, 25 Apr 2005 10:39:03 -0400

Mosin,

Honeyd is very customizable. While you can allow the behavior you
describe below to take place, you can tell Honeyd (and Arpd) to behave
differently. You can customize your Honeyd config file to only have
static IP addresses and not to respond to all unknown IP addresses. It's
flexible and you can design the behavior.

Roger

************************************************************************
***
*Roger A. Grimes, Banneret Computer Security, Computer Security
Consultant 
*CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), CEH, CHFI
*email: roger () banneretcs com
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus Protection for Windows by
O'Reilly
*http://www.oreilly.com/catalog/malmobcode
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
************************************************************************
****

 

-----Original Message-----
From: mohsin saleem [mailto:mohsinsaleem36 () yahoo com] 
Sent: Sunday, April 24, 2005 6:23 PM
To: honeypots () securityfocus com
Subject: ARP responding honey pot to any unused ip address

hi!!
we are a group of friends working to implement honeyD for windows, or u
can say trying to port it to windows.
though we know it has been recently ported to windows, but we started
this work couple of months ago, so not gonna leave this project now:) I
have found some bug in it, as i discuss it :
a hacker tries to find around 50 IP address in a network honeyD finds
them to be acvailable.
it acclaims them and starts commyunicating with hacker.
hacker tests them all for being win2k professional.
honey shows this nicely.
Now any hacker having a bit of common sense will start laughing:
50 IPs + having HOST OS as WIN2K + OFFERING 100% same services!!!
infact, 50 SERVERS OFFERING 100% SAME service ..OO MY GOD.. it never
happens he will laugh.
I dont know whether I'm right or wrong, please help me to ge things
clear.
thanx
Mohsin Saleem
~*~ Elite Hacker from PAKISAN~*~
 

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

Current thread:

ARP responding honey pot to any unused ip address mohsin saleem (Apr 24)
- Re: ARP responding honey pot to any unused ip address Valdis . Kletnieks (Apr 24)
- Re: ARP responding honey pot to any unused ip address sushant (Apr 24)
- <Possible follow-ups>
- RE: ARP responding honey pot to any unused ip address Roger A. Grimes (Apr 27)