Monkey.org Developments
Honeyd Mailing List: Honeyd and OpenBSD 3.3

Support Honeyd

Search:
Keywords:

Search Amazon

 
 

Honeyd and OpenBSD 3.3

From: Jyri Hovila <jyri.hovila_at_iki.fi>
Date: Sun, 28 Sep 2003 20:58:40 +0300

Hi again!

Ok, so I'm trying to make honeyd 0.6a work in one of my OpenBSD 3.3
boxes. I'm almost there, but I can't get over one stupid problem. It's
quite possible I've just messed up something with the configuration.

I was able to compile honeyd without a problem, and it is up and
running. I've created an IP alias for it (ifconfig rl1 inet alias
10.1.1.222 255.255.255.255) in the hope I would not have to use arpd,
pf's rdr or anything similar. And, as the log shows, I can connect to
it:

honeyd[5493]: Connection request: tcp (10.1.1.100:3413 - 10.1.1.222:80)
honeyd[5493]: Connection established: tcp (10.1.1.100:3413 - 10.1.1.222:80) <-> sh

The log entry above comes when I telnet to 10.1.1.222 from my laptop.
Honeyd should now run scripts/web.sh, and this is where things go wrong:
I just get a TCP reset. =( Here's what tcpdump shows:

       20:31:18.808187 10.1.1.222.80 > 10.1.1.100.3434: S \
          717083627:717083627(0) ack 3753723135 win 8215 <mss \
          1000,nop,wscale 0,nop,nop,timestamp 6568920 0> (DF)
       20:31:18.808546 10.1.1.100.3434 > 10.1.1.222.80: . \
          ack 1 win 65000 <nop,nop,timestamp 375208 6568920>
       20:31:18.808761 10.1.1.222.80 > 10.1.1.100.3434: R \
          717083628:717083628(0) win 0 (DF)
       20:31:18.834724 10.1.1.222.80 > 10.1.1.100.3434: . \
          1:14(13) ack 1 win 8215
       20:31:19.835600 10.1.1.222.80 > 10.1.1.100.3434: . \
          1:14(13) ack 1 win 8215
       20:31:21.845579 10.1.1.222.80 > 10.1.1.100.3434: . \
          1:14(13) ack 1 win 8215

If I run scripts/web.sh from the console, it works just as expected.

This is what I have in my config file:

     create windows
     set windows personality "Windows NT 4.0 Server SP5-SP6"
     set windows default tcp action reset
     set windows default udp action reset
     add windows tcp port 80 "sh scripts/web.sh"
     add windows tcp port 139 open
     add windows tcp port 137 open
     add windows udp port 137 open
     add windows udp port 135 open
     set windows uptime 3284460
     bind 10.1.1.222 windows

Any ideas what could be wrong?

Thanks in advance, again. =)

- Jyri
Received on Sun Sep 28 2003 - 19:57:22 PDT

Search For Information
Google
Search WWW Search www.honeyd.org

NB: This is a filtered version of the Honeypots mailing list. Only posts that concern Honeyd are shown here. For more recent discussions visit the forums.