Honeyd-0.8 Wrong Respond fix

Hi All,

  I have posted an email with title "honeyd-0.8 wrong
respond" before. I would like to add some more
information for your reference.

  I have tried the patch from Niels Provos but it
seems it doesn't work. What I mean that is nmap can't
detect the OS. I have made some fix but it still don't
work. I have attached it so everyone can have a look
and welcome to give me comments. I hope that my fix
can help.... I also included my full configuration of
honeyd, error log, nmap result and my fixed.

  I found that some of the errors is becuase of the
version of automake and autoconf.

  I will be appreciate for any help and comment. Also
I need to thanks Niels Provos for his previous patch.

  Thanks a lot for everybody!

Best,
Fred

************CONFIG PROCEDURE ************************
[root_at_fred honeyd-0.8]# ./configure
[root_at_fred honeyd-0.8]# make
[root_at_fred honeyd-0.8]# make install

************FULL ERROR LOG FILE *********************
honeyd.c: In function `main':
honeyd.c:2727: warning: implicit declaration of
function `setgroups'
lex.hyd.c:1601: warning: `yyunput' defined but not
used
personality.c: In function `personality_parse':
personality.c:1229: warning: implicit declaration of
function `isblank'
template.h: At top level:
personality.c:1519: warning: `print_xprobe_struct'
defined but not used
pfctl_osfp.c: In function `pfctl_file_fingerprints':
pfctl_osfp.c:112: warning: implicit declaration of
function `fgetln'
pfctl_osfp.c:112: warning: assignment makes pointer
from integer without a cast
pyextend.c: In function `pyextend_readselector':
pyextend.c:180: warning: passing arg 3 of
`pyextend_selector' discards qualifiers from pointer
target t
ype
pyextend.c: In function `pyextend_writeselector':
pyextend.c:192: warning: passing arg 3 of
`pyextend_selector' discards qualifiers from pointer
target t
ype
/usr/lib/python2.2/config/libpython2.2.a(posixmodule.o)(.text+0x355e):
In function `posix_tmpnam':
: the use of `tmpnam_r' is dangerous, better use
`mkstemp'
/usr/lib/python2.2/config/libpython2.2.a(posixmodule.o)(.text+0x345b):
In function `posix_tempnam':
: the use of `tempnam' is dangerous, better use
`mkstemp'
./libtool: line 730: test: =: unary operator expected
./libtool: line 730: test: =: unary operator expected
./libtool: line 730: test: =: unary operator expected
./libtool: line 2709: test: =: unary operator expected
./libtool: line 2982: test: =: unary operator expected
WARNING: Using auxiliary files such as `acconfig.h',
`config.h.bot'
WARNING: and `config.h.top', to define templates for
`config.h.in'
WARNING: is deprecated and discouraged.

WARNING: Using the third argument of `AC_DEFINE' and
WARNING: `AC_DEFINE_UNQUOTED' allows to define a
template without
WARNING: `acconfig.h':

WARNING: AC_DEFINE([NEED_MAIN], 1,
WARNING: [Define if a function `main' is
needed.])

WARNING: More sophisticated templates can also be
produced, see the
WARNING: documentation.
configure.in:20: warning: AC_PROG_LEX invoked multiple
times
autoheader: `config.h.in' is updated

*************My fix on some files********************
My fix on honeyd.c
 diff ./honeyd.c ../honeyd-0.8/honeyd.c
65d64
< #include <grp.h>

My fix on personality.c
[root_at_fred honey-fred-0.8-fix]# diff ./personality.c
../honeyd-0.8/personality.c
1198,1201d1197
< int isblank(char c)
< {
< return c == ' ' || c == '\t' ;
< }

My fix on pfctl_ospf.c
[root_at_fred honey-fred-0.8-fix]# diff ./honeyd.c
../honeyd-0.8/honeyd.c
65d64
< #include <grp.h>

diff pfctl_osfp.c ../honeyd-0.8/pfctl_osfp.c
97,100c97
< /*char *line;*/
< char bufline[4096];
< char *line = bufline ;
<

---
>       char *line;
115,117c112
<       //while ((line = fgetln(in, &len)) != NULL) {
<       while ( fgets( line, sizeof(line), in ) !=
NULL ) {
<               len = strlen( line ) ;
---
>       while ((line = fgetln(in, &len)) != NULL) {
My fix on pyextend.c
[root_at_fred honey-fred-0.8-fix]# diff ./pyextend.c
../honeyd-0.8/pyextend.c 
180c180
<       return (pyextend_selector(args,
&current_state->pread, "pyextend_readselector"));
---
>       return (pyextend_selector(args,
&current_state->pread, __func__));
192c192
<       pValue = pyextend_selector(args,
&state->pwrite, "pyextend_writeselector");
---
>       pValue = pyextend_selector(args,
&state->pwrite, __func__);
My fix on libtool
[root_at_fred honey-fred-0.8-fix]# diff ./libtool
../honeyd-0.8/libtool 
730c730
<     if test "$pic_mode" = no && test
"$deplibs_check_method" != pass_all; then
---
>     if test $pic_mode = no && test
"$deplibs_check_method" != pass_all; then
2709c2709
<           if test "$build_libtool_need_lc" = "yes";
then
---
>           if test $build_libtool_need_lc = "yes";
then
2982c2982
<       if test "$hardcode_into_libs" = yes; then
---
>       if test $hardcode_into_libs = yes; then
*****************honeyd.conf**********************
# Example of a simple host template and its binding
create default
set default personality "FreeBSD 2.2.1-STABLE"
set default default tcp action reset
add default tcp port 80 "sh scripts/web.sh"
add default tcp port 22 "sh scripts/test.sh"
add default tcp port 113 reset
add default tcp port 1 reset
create allopen
set allopen personality "NetBSD 1.5.2 running on a
Commodore Amiga (68040 proces
sor)"
set allopen default tcp action open
add allopen tcp port 80 "sh scripts/web.sh"
add allopen tcp port 113 reset
add allopen tcp port 1 reset
create template
set template personality "Check Point FireWall-1 4.0
SP-5 (IPSO build)"
add template tcp port 80 "sh scripts/web.sh"
add template tcp port 23 block
add template tcp port 22 "sh scripts/test.sh"
set template default tcp action reset
set template uid 32767
# Example of a simple host template and its binding
create win 
set win personality "Microsoft Windows XP Professional
SP1"
add win tcp port 22 "sh scripts/test.sh $ipsrc $dport"
set win default tcp action reset
add win tcp port 23 proxy $ipsrc:23
add win udp port 53 proxy 141.211.92.141:53
add win tcp port 80 "scripts/iis/main.pl"
create solaris 
set solaris personality "Sun Solaris 2.6"
set solaris default tcp action reset
add solaris tcp port 80 "sh scripts/web.sh"
add solaris tcp port 22 "sh scripts/test.sh"
add solaris tcp port 161 "sh scripts/default.snmp"
add solaris tcp port 113 reset
add solaris tcp port 1 reset
bind 192.168.0.30 template
bind 192.168.0.40 allopen
bind 192.168.0.50 win
bind 192.168.0.60 solaris
***************RESULT************************
ARPD(I use xxxx for my MAC):
arpd[3660]: arpd_send: who-has 192.168.0.30 tell
192.168.0.121
arpd[3660]: arpd_send: who-has 192.168.0.30 tell
192.168.0.121
arpd[3660]: arpd_recv_cb: 192.168.0.30 still
discovering (2)
arpd[3660]: arp reply 192.168.0.30 is-at xxxxx
arpd[3660]: arpd_lookup: 192.168.0.1 at xxxxx
arpd[3660]: arp reply 192.168.0.30 is-at xxxxx
arpd[3660]: arpd_lookup: 192.168.0.254 at xxxxx
arpd[3660]: arpd_recv_cb: 192.168.0.1 is allocated
arpd[3660]: arpd_recv_cb: 192.168.0.254 is allocated
arpd[3660]: arp reply 192.168.0.30 is-at xxxxx
arpd[3660]: arp reply 192.168.0.30 is-at xxxxx
arpd[3660]: arpd_recv_cb: 192.168.0.182 at xxxx
arpd[3660]: arpd_recv_cb: 192.168.0.254 is allocated
arpd[3660]: arp reply 192.168.0.30 is-at xxxxx
arpd[3660]: arp reply 192.168.0.30 is-at xxxxx
HONEYD(SnapShot of the result)
honeyd[3662]: Connection request: tcp
(192.168.0.120:61717 - 192.168.0.30:22)
honeyd[3662]: Connection dropped by reset: tcp
(192.168.0.120:61717 - 192.168.0.30:22)
honeyd[3662]: Connection request: tcp
(192.168.0.120:61718 - 192.168.0.30:22)
honeyd[3662]: Connection dropped by reset: tcp
(192.168.0.120:61718 - 192.168.0.30:22)
NMAP RESULT
[root_at_fred TARBALL]# nmap -O 192.168.0.30
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on  (192.168.0.30):
(The 1598 ports scanned but not shown below are in
state: closed)
Port       State       Service
22/tcp     open        ssh                     
23/tcp     filtered    telnet                  
80/tcp     open        http                    
No exact OS matches for host (If you know what OS is
running on it, see http://w
ww.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=3.00%P=i686-pc-linux-gnu%D=3/11%Time=40500E40%O=22%C=1)
TSeq(Class=RI%gcd=1%SI=C391%IPID=I%TS=2HZ)
T1(Resp=Y%DF=N%W=4000%ACK=S++%Flags=AS%Ops=NNT)
T2(Resp=N)
T3(Resp=Y%DF=N%W=3E80%ACK=S++%Flags=AS%Ops=M)
T4(Resp=Y%DF=N%W=4000%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=N)
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
Uptime 1.033 days (since Wed Mar 10 14:11:05 2004)
Nmap run completed -- 1 IP address (1 host up) scanned
in 32 seconds
_________________________________________________________
必殺技、飲歌、小星星...
浪漫鈴聲  情心連繫
http://us.rd.yahoo.com/evt=22281/*http://ringtone.yahoo.com.hk/