Honeyd Discussion Forums

[chintaoui]

Sorry to repost but I have always a problem when I try to allow Mac adress for IP out of my honeyd range (i.e for virtual host on a different virtual network).

Always the same message

[laker8133]

David I believe the problem is either you haven't added a router to your honeyd config file or that you are trying to simulate your virtual computer across multiple networks that can see each other. Remember computer aren't suppose to have the same mac cards exactly.

I too am having this problem. If you do comment out the Mac line you will fine it works fine

[chintaoui]

Hi Paul,

No I have many virtual routers in my honeyd conf file. I have many networks with differents IP range (networks on 10.0.0.0/8, 192.168.0.0/24, 128.96.17.0/24, etc ...).

All works (ping, services, etc ...), Adress mac assignation works for 128.96.17.0 (range of honeyd host).

What I don't understand is why is it working for ping, services, etc ... on each ip range and not for mac assignation ...

If networks can't see each other, I normally get nothing (no ping, etc ...) ...

Very lost about mac assignation

[EDIT] Paul had you ever tried to generate mac address for virtual host on other ip range ? If no could you try it please ?

[laker8133]

I will try that today David. Basically with the honeyd.conf laurence made for me. I had a couple of errors setting the same profile to a couple of different network domains. The way I'm going to solve this tho will be to Copy and paste the profile I want to emulate rename the profile name (ie pep6 or something like that), And only assign it with 1 ip address. Also Do remember. What you do for Honeyd, you also have to do with ARPD.


Take care David ,

Paul

[chintaoui]

I have no problem to assign the same profile to different IP range.

About arpd, it is like honeyd, it listen on my nic interface on all range.

[chintaoui]

Paul (aka Laker8133) get the same problem. Can others test too ?

Maybe Niels could add some informations about this please ?

[nielsprovos]

Mac addresses are link-layer mechanism. They only work for machines on the same network segment. The moment that a router gets in the way, the mac address is removed. The IP layer does not have MAC addresses.

Honeyd essentially tells you that you are trying to use MAC addresses, but that there is no ethernet interface for the IP range that you configured. I suppose I could just make that a warning instead of a failure.

Does this make more sense?

Niels.

[chintaoui]

Thanks for answer. It's more clear now.

I think make a warning would be better.

So if I want mac addressing on virtual networks on ip range different from my honeyd host, the best way is to use several ethernet interface which run each honeyd ?

[nielsprovos]

Chintaoui,

MAC addresses work only if you connect your virtual honeypots to your local network, otherwise, they cannot be seen. In particular, you cannot mix MAC addresses and virtual routes.

BTW, you probably want to upgrade to Honeyd 1.5c which I just released, it contains bug fixes in regards to the MAC code.

Niels.

[chintaoui]

I use honeyd on my local network as a detection / prevention tool, that's why I'm very interested with MAC addressing. Connected to Internet I use a high interaction honeypot.

I will have a look at the new version tomorrow

[boomika]

Hi,Very nice post , I am new to this site ,for virtual host and website content related name ,you can approach this http://www.xnynz.com/ site ,in before here only i got my successful site ,also i pay just $1.99 per year , visit this site for more details.All the best.