Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

"Connection to closed port" error

From: Sandy Turner <slt () lanl gov>
Date: Mon, 02 May 2005 16:54:14 -0700
When I use the subsystem command with openradius (Fedora Core 3) and send it an Authentication Request from another machine (NTRadPing), I'm getting the error below. I saw the same problem on Free Radius. Any thoughts?
honeyd[5682]: Connection to closed port: udp (45.128.14.161:1123 - 45.128.14.100:1812) 

Here is my config.radius:

# Set up the hosts
create template
set template personality "Linux 2.4.7 (X86)"
set template default udp action open
add template subsystem "/usr/local/sbin/radiusd -dall -b" shared

bind 45.128.14.100 template

Here is my honeypot log:
[root@localhost honeyd-1.0a-rc2]# arpd 45.128.14.100 arpd[5680]: listening on eth0: arp and (dst 45.128.14.100) and not ether src 00:03:47:92:b2:1d [root@localhost honeyd-1.0a-rc2]# honeyd -d -u 0 -g 0 -f ./config.radius 45.128.14.100 
Honeyd V1.0a Copyright (c) 2002-2004 Niels Provos
honeyd[5682]: started with -d -u 0 -g 0 -f ./config.radius 45.128.14.100
Warning: Impossible SI range in Class fingerprint "IBM OS/400 V4R2M0"
Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT 4.0 SP3"honeyd[5682]: listening promiscuously on eth0: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip and (host 45.128.14.100))) and not ether src 00:03:47:92:b2:1d 
honeyd[5682]: Demoting process privileges to uid 0, gid 0
[misc] meta_newfromdict: Opening /usr/local/etc/openradius/dictionary
[misc] conf_new: Opening /usr/local/etc/openradius/configuration
[misc] conf_new: Opening /usr/local/etc/openradius/behaviour
[recv] conf_start: Opening socket on 0.0.0.0, port 1812
honeyd[5682]: Subsytem "/usr/local/sbin/radiusd -dall -b" binds 45.128.14.100:1812 
[recv] conf_start: Opening socket on 0.0.0.0, port 1813
honeyd[5682]: Subsytem "/usr/local/sbin/radiusd -dall -b" binds 45.128.14.100:1813 [proc] conf_start: Starting /usr/local/lib/openradius/radclient for Radiusclient[proc] conf_start: Starting /usr/local/lib/openradius/ascfile for Usersfile 
[proc] conf_start: Starting /usr/local/lib/openradius/ascfile for Realmsfile
[proc] conf_start: Starting /usr/local/lib/openradius/ascfile for Nasesfile
[proc] conf_start: Starting /usr/local/lib/openradius/ascfile for Clientsfile
[proc] conf_start: Starting /usr/local/lib/openradius/radlogger for Acctlogger
[misc] main: Ready to answer requests.
honeyd[5682]: Connection to closed port: udp (45.128.14.161:1123 - 45.128.14.100:1812)
Previous By Date Next
Previous By Thread Next

Current thread: