Honeyd Mailing List: Re: honeyd- single IP Address

From: Fabian Bieker <fabian.bieker_at_web.de>
Date: Sat, 31 Jan 2004 14:51:38 +0100

On Fri, Jan 30, 2004 at 03:45:31PM +0530, Aluru Madhuri wrote:
> Hi,
Hi,

> My Question:
> I want to simulate all tcp ports listening(just receiving syn packets,
> sending syn+ack packets and if required when we send some data we expect an
> ack from honey pot, nothing more).
>
> will this be possible ?
yes.

> if so how ?
You create a honeyd template in honeyd.conf like this:

create host1
set host1 host1 tcp action open
set host1 host1 udp action open
set host1 host1 icmp action open
bind <your_ip_addr> host1

Now you use Linux netfilter etc. to drop all incoming conncections to
your host. Now honeyd can answer them, without getting the connections
RSTed etc. by the real host. No arpd needed.

Maybee you want to have a look at honeyd's trapit features.

Hope this helps,

fabian

-- 
BOFH excuse #436:
Daemon escaped from pentagram

application/pgp-signature attachment: Digital signature

Received on Sat Jan 31 2004 - 10:05:34 PST

Honeyd Resources

Honeyd Research

Honeypot Resources

Honeypot Books

Happy Hacking

Support Honeyd

Search Amazon

Re: honeyd- single IP Address