On Fri, Apr 30, 2004 at 08:11:36PM +0200, Odilo Hildebrandt wrote:
> I have a problem with my virtual hosts created with honeyd.
> All the Ping requests time out. I also tryed to start arpd, but it
> doesnt work. Arpd creates an Error, that it cannot find /dev/arpd, but
> it is there.
First of all, you are using virtual routing topologies, so you do not
need arpd. Instead, you need to pint the route for 10.0.1.0/24 to the
machine that runs Honeyd. The 10.0.2/24 network might not be
reachable, because you tell Honeyd that it is responsible only for
10.0.0/24.
Niels.
>
> Here is the honeyd.conf file:
>
> route entry 10.0.0.100 network 10.0.0.0/24
> route 10.0.0.100 link 10.0.1.0/24
>
> route 10.0.0.100 add net 10.0.2.0/24 10.0.1.100 latency 50ms loss 0.1
> route 10.0.1.100 link 10.0.2.0/24
>
> create iis_windows
> set iis_windows personality "Microsoft Windows 2000 SP1"
> add iis_windows tcp port 80 "/usr/share/honeyd/scripts/win32/win2k/iis.sh"
> add iis_windows tcp port 139 open
> add iis_windows tcp port 137 open
> add iis_windows udp port 137 open
> add iis_windows udp port 135 open
> set iis_windows default tcp action reset
> set iis_windows default udp action reset
>
> create windows_xp
> set windows_xp personality "Microsoft Windows XP SP1"
> add windows_xp tcp port 21 "/usr/share/honeyd/scripts/win32/win2k/msftp.sh"
> add windows_xp tcp port 139 open
> add windows_xp tcp port 137 open
> add windows_xp udp port 137 open
> add windows_xp udp port 135 open
> set windows_xp default tcp action reset
> set windows_xp default udp action reset
>
> create linux2.4
> set linux2.4 personality "Linux 2.4.7 (X86)"
> add linux2.4 tcp port 21 "/usr/share/honeyd/scripts/unix/linux/ftp.sh"
> set linux2.4 default tcp action reset
> set linux2.4 default udp action reset
>
> create suse
> set suse personality "Linux kernel 2.2.13 (SuSE; X86)"
> add suse tcp port 79
> "/usr/share/honeyd/scripts/unix/linux/suse7.0/fingerd.sh"
> add suse tcp port 23
> "/usr/share/honeyd/scripts/unix/linux/suse7.0/telnetd.sh"
> add suse tcp port 22 "/usr/share/honeyd/scripts/unix/linux/suse7.0/ssh.sh"
> set suse default tcp action reset
> set suse default udp action reset
>
> bind 10.0.1.1 iis_windows
> bind 10.0.1.2 windows_xp
> bind 10.0.1.3 windows_xp
> bind 10.0.1.4 windows_xp
> bind 10.0.2.1 linux2.4
> bind 10.0.2.2 suse
>
> create router
> set router personality "Cisco IOS 12.0(5)WC3 - 12.0(16a)"
> add router tcp port 23 "perl /usr/share/honeyd/scripts/router-telnet.pl"
> set router default tcp action reset
> set router default udp action reset
> set router uid 32767 gid 32767
> set router uptime 1327650
>
> bind 10.0.0.100 router
> bind 10.0.1.100 router
>
>
> I start honeyd with that syntax:
>
> honeyd -d -l /home/admin/honeyd.log -i eth1 -p /etc/honeypot/nmap.prints
> -x /etc/honeypot/xprobe2.conf -a /etc/honeypot/nmap.assoc -0
> /etc/honeypot/pf.os -f /etc/honeypot/honeyd.conf 10.0.0.0-10.0.2.3
>
> Hope you can help me a little :-)
>
> O.Hildebrandt
Received on Sat May 01 2004 - 21:02:27 PDT
