Honeyd Mailing List

Support Honeyd


Search Amazon


Re: Honeyd Webcast follow[-up] & arpd question

From: <>
Date: Sun, 23 Nov 2003 21:49:16 -0600

Finally got the chance to listen to the webcast (Sunday night is the only part
of the day "free", in the week, for some of us ... who actually don't have a
life;)) - very good and convincing. Very nice job, Lance!

I will take the freedom of asking here a question which I would have asked,
have I had the chance to listen to the webcast "live": has anybody done any
serious investigation about the effects of running arpd on a DHCP network
(related to Lance's observation during webcast, about starting arpd "small",
due to possible problems - thus my assumption about this problem having been
discussed before)? My personal experience is that - on a Windows based
network, where the machines seem to be very chatty by definition - arpd seems
to overcome the capability of any new system attempting to obtain an IP
address via DHCP, i.e. once started, arpd takes over almost immediately all
available addresses, and does not seem to release them?!? I was able to
totally DoS a DHCP network of Windows machines, by simply running arpd ... no
others were able to grab an address anymore.



On Wednesday 19 November 2003 08:18 pm, Lance Spitzner wrote:
> I recently did a SANS webcast on Honeyd and was asked two
> questions I did not know the answer to. I stated in the
> webcast I would find out the answers and reply to the
> maillist. After following up with Niels, this is what I
> learned.
> - Can Honeyd support IPv6?
> No. (that was easy :)
> - Does the uptime option always give the same time set
> in the confirmation, or does it incrementally increase?
> It incremently increases as you would expect it to.
> Always learning something new :)
Received on Mon Nov 24 2003 - 09:51:44 PST

Search For Information
Search WWW Search

NB: This is a filtered version of the Honeypots mailing list. Only posts that concern Honeyd are shown here. For more recent discussions visit the forums.