Honeypots mailing list archives
Honeyd - ports not opening
From: "Mark C" <vedasx () gmail com>
Date: Mon, 19 Feb 2007 10:24:20 -0600
Hello, I'm working on a group project at IIT and I am having some problems setting up honeyd. I was told by Lance Spitzner to send you a detailed question. I've configured honeyd to be as simple and generic as possible to aid in troubleshooting. The problem is that honeyd will run, but will not open ports, nor will it behave like the OS that it's set to behave like. If you're willing to help, I've pasted relevant bits below. Thanks, Mark Config ... create default set default personality "Microsoft Windows 2000 Server SP2" add default tcp port 80 open add default tcp port 88 open add default tcp port 135 open add default tcp port 139 open add default udp port 135 open add default udp port 139 open set default default tcp action reset set default default udp action reset set default uptime 16000000 And it runs, as root ... Honeyd V1.5b Copyright (c) 2002-2004 Niels Provos honeyd[5812]: started with -i eth1 -p /usr/share/honeyd/nmap.prints -x /usr/share/honeyd/xprobe2.conf -a /usr/share/honeyd/nmap.assoc -l /var/log/honeyd -f /usr/share/honeyd/honeyd.conf 216.47.140.225 honeyd[5812]: listening promiscuously on eth1: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip and (host 216.47.140.225))) and not ether src 00:06:4f:25:61:ae Honeyd starting as background process And an nmap from a remote computer, although the result is almost identical when nmapping localhost ... Professor, I configured honeyd exactly as described in the design doc you posted to BB (http://blackboard.iit.edu/courses/1/ITM549_IT449-WLIDINSK.07S/db/_51626_1/honeypotsscmjj-finalDOC.pdf) - if you can't load the file, you have to log into BB first) Configuration: create default set default personality "Microsoft Windows 2000 Server SP2" add default tcp port 80 open add default tcp port 1337 open add default tcp port 88 open add default tcp port 135 open add default tcp port 139 open add default udp port 135 open add default udp port 139 open set default default tcp action reset set default default udp action reset set default uptime 16000000 Starting honeyd....: [root@unixc31 mark]# ./start-honeyd Honeyd V1.5b Copyright (c) 2002-2004 Niels Provos honeyd[5812]: started with -i eth1 -p /usr/share/honeyd/nmap.prints -x /usr/share/honeyd/xprobe2.conf -a /usr/share/honeyd/nmap.assoc -l /var/log/honeyd -f /usr/share/honeyd/honeyd.conf 216.47.140.225 honeyd[5812]: listening promiscuously on eth1: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip and (host 216.47.140.225))) and not ether src 00:06:4f:25:61:ae Honeyd starting as background process nmapping from a remote computer, although the result is almost identical when doing it from localhost: $ sudo nmap -O 216.47.140.225 Starting Nmap 4.10 ( http://www.insecure.org/nmap/ ) at 2007-02-11 15:25 CST Interesting ports on 216.47.140.225: Not shown: 1677 closed ports PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind MAC Address: 00:06:4F:25:61:AE (Pro-nets Technology) Device type: general purpose Running: Linux 2.4.X|2.5.X|2.6.X OS details: Linux 2.4.7 - 2.6.11 Uptime 8.391 days (since Sat Feb 3 06:02:12 2007)
Current thread:
- Honeyd - ports not opening Mark C (Feb 19)
- Message not available
- Re: Honeyd - ports not opening Mark C (Feb 20)
- Message not available