Re: FakeNetBIOS tools released

["Hauguet, Francis" <francis.hauguet () eads com>]

Patrick Chambet wrote:
> The individual tools are:
>
>   - FakeNetbiosDGM (NetBIOS Datagram)
>   - FakeNetbiosNS (NetBIOS Name Service)
>
> Each tool can be used as a standalone tool or as a honeyd responder or
> subsystem.

Hello all,

please note that in order to use those tools with honeyd, you may need 
to apply some patchs to honeyd src and use a custom version or honeyd 
won't be able to deliver broadcast packet (needed by NB-dgm).

These patchs are diffed from honeyd 1.0 (last stable release) and can be 
found here :
https://bugs.honeynet.org/show_bug.cgi?id=130
https://bugs.honeynet.org/show_bug.cgi?id=131

You can probably apply them on the latest release candidate without to 
much harm.

please note that those patchs are totally unsupported by honeyd author.

caveat : as you may have seen in the second patch, the behavior is 
correct only with a /24 network. this probably works with a < /24 
network but you may want to change the following line, according to your 
config :
if((ntohl(dst_pa->addr_ip)&0xff)==0xff) { /*XXX*/

By the way, using only one honeyd box and being able to see a bunch of 
hosts with != ether addr, != ip addr populating the Windows "Network 
Places" using a custom domain really kicks a**.

way to go patrick !

regards,

--
Francis