Honeypots mailing list archives
Unusually problems with honeywall
From: "Ivica Maric" <imaravk () gmail com>
Date: Thu, 23 Mar 2006 17:25:04 +0100
Hi all! My name is Ivica Maric and I am undergraduate student of Faculty of Electrical Engeneering and Computing (www.fer.hr), Zagreb, Croatia. My diplomma thesis is Honeynet and its usage in the real world. I installed Honeynet CD (latest roo release) from www.honeynet.org to one computer. Another computer is honeypot (Windows 2000). Honeywall contains 3 network interfaces-eth0, eth1, eth2 where eth2 is managment interface. I have read Honeywall CDROM Online manual, some whitepapers linked to honeypot concept etc. I have few problems with my configuration: First problem is with yum update: i update first roo-base (to bypass bug #423), after that I update entire honeywall (yum update). After system rebooted p0f (Passive OS fingerprinting) service is [FAILED]. I don't know why that happens. Second problem: When I remove Snort or Snort_inline rule from Walleye interface Snort and Snort_inline does not work anymore. I got [FAILED] at boot time. Third problem: My honeywall monitoring not only honeypot, but also another computers that are active on the network. I presume that is not desirable behavior. I properly connected honeypot, trough switch, to eth1 (internally interface) and eth0 to public network. I appreciate any assistance or advice! Thank you for your time! Best regards, Ivica Maric FER (www.fer.hr) Zagreb Croatia
Current thread:
- Unusually problems with honeywall Ivica Maric (Mar 23)
- <Possible follow-ups>
- Re: Unusually problems with honeywall Earl Sammons (Mar 27)
- Re: Unusually problems with honeywall Stephan Holtwisch (Mar 27)