Honeyd Mailing List: Honeyd and OpenBSD 3.3

Support Honeyd


Search Amazon


Honeyd and OpenBSD 3.3

From: Jyri Hovila <>
Date: Sun, 28 Sep 2003 20:58:40 +0300

Hi again!

Ok, so I'm trying to make honeyd 0.6a work in one of my OpenBSD 3.3
boxes. I'm almost there, but I can't get over one stupid problem. It's
quite possible I've just messed up something with the configuration.

I was able to compile honeyd without a problem, and it is up and
running. I've created an IP alias for it (ifconfig rl1 inet alias in the hope I would not have to use arpd,
pf's rdr or anything similar. And, as the log shows, I can connect to

honeyd[5493]: Connection request: tcp ( -
honeyd[5493]: Connection established: tcp ( - <-> sh

The log entry above comes when I telnet to from my laptop.
Honeyd should now run scripts/, and this is where things go wrong:
I just get a TCP reset. =( Here's what tcpdump shows:

       20:31:18.808187 > S \
          717083627:717083627(0) ack 3753723135 win 8215 <mss \
          1000,nop,wscale 0,nop,nop,timestamp 6568920 0> (DF)
       20:31:18.808546 > . \
          ack 1 win 65000 <nop,nop,timestamp 375208 6568920>
       20:31:18.808761 > R \
          717083628:717083628(0) win 0 (DF)
       20:31:18.834724 > . \
          1:14(13) ack 1 win 8215
       20:31:19.835600 > . \
          1:14(13) ack 1 win 8215
       20:31:21.845579 > . \
          1:14(13) ack 1 win 8215

If I run scripts/ from the console, it works just as expected.

This is what I have in my config file:

     create windows
     set windows personality "Windows NT 4.0 Server SP5-SP6"
     set windows default tcp action reset
     set windows default udp action reset
     add windows tcp port 80 "sh scripts/"
     add windows tcp port 139 open
     add windows tcp port 137 open
     add windows udp port 137 open
     add windows udp port 135 open
     set windows uptime 3284460
     bind windows

Any ideas what could be wrong?

Thanks in advance, again. =)

- Jyri
Received on Sun Sep 28 2003 - 19:57:22 PDT

Search For Information
Search WWW Search

NB: This is a filtered version of the Honeypots mailing list. Only posts that concern Honeyd are shown here. For more recent discussions visit the forums.