Honeypots mailing list archives
RE: real ip with honeyd
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Tue, 18 Sep 2007 07:48:42 -0400
If ou don't use Arpd, which will respond to the requests for the virtual IP addresses, then you have to configure a router to get the requests to the fake IP addresses to the host machine. Roger ***************************************************************** *Roger A. Grimes, InfoWorld, Security Columnist *CPA, CISSP, CISA, MCSE: Security (2000/2003), CEH, yada...yada... *email: roger_grimes () infoworld com or roger () banneretcs com *Author of Windows Vista Security: Securing Vista Against Malicious Attacks (Wiley) *http://www.amazon.com/Windows-Vista-Security-Securing-Malicious/dp/0470101555 ***************************************************************** -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Oguz Yarimtepe Sent: Friday, September 14, 2007 10:31 PM To: honeypots () securityfocus com Subject: real ip with honeyd Hi, I was trying to see the attackers behaviour and deployed a honeyd to a machine. But i gave real ips to the simulated systems, so the bind parts have real ips. I had a arpd problem also so i couldnt make it work, does honeyd work with real ips? According to the explanations, honeyd is deployed to a real ip machine. I saw some log entries that a real ip was trying to reach to one of the simulated machines, so how do the attackers see those simulated ips? Thanx. -- Oğuz Yarımtepe http://www.yarimtepe.com
Current thread:
- real ip with honeyd Oğuz Yarımtepe (Sep 17)
- RE: real ip with honeyd Roger A. Grimes (Sep 18)