RE: real ip with honeyd

["Roger A. Grimes" <roger () banneretcs com>]

If ou don't use Arpd, which will respond to the requests for the virtual IP addresses, then you have to configure a 
router to get the requests to the fake IP addresses to the host machine.

Roger

*****************************************************************
*Roger A. Grimes, InfoWorld, Security Columnist 
*CPA, CISSP, CISA, MCSE: Security (2000/2003), CEH, yada...yada...
*email: roger_grimes () infoworld com or roger () banneretcs com
*Author of Windows Vista Security: Securing Vista Against Malicious Attacks (Wiley)
*http://www.amazon.com/Windows-Vista-Security-Securing-Malicious/dp/0470101555
*****************************************************************


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Oguz Yarimtepe
Sent: Friday, September 14, 2007 10:31 PM
To: honeypots () securityfocus com
Subject: real ip with honeyd

Hi,

I was trying to see the attackers behaviour and deployed a honeyd to a machine. But i gave real ips to the simulated 
systems, so the bind parts have real ips. I had a arpd problem also so i couldnt make it work, does honeyd work with 
real ips?

According to the explanations, honeyd is deployed to a real ip machine. I saw some log entries that a real ip was 
trying to reach to one of the simulated machines, so how do the attackers see those simulated ips?

Thanx.

--
Oğuz Yarımtepe
http://www.yarimtepe.com