Back to list
Honeyd initial configuration
Sep 06 2007 11:23AM
paavan shah gmail com
I am a newbie to honeypots.To learn honeypots I have installed honeyd 1.5c and arpd 0.2 on Fedora Core 4 VM.All the installation has been done successfully.
Now to test the honeyd installation I do following as per the paper "simulating networks with honeyd"
My honeyd ip is 10.0.0.1.I have setup my Fedora machine ip to 10.0.0.1 for this.
contents of the honeyd.conf file I have created is:
set windows personality "Microsoft Windows XP Professional SP1"
add windows tcp port 139 open
add windows tcp port 137 open
add windows udp port 137 open
add windows udp port 135 open
set windows default tcp action reset
set windows default udp action reset
bind 10.0.0.51 windows
bind 10.0.0.52 windows
then I run honeyd with following command
#honeyd -f honeyd.conf 10.0.0.51-10.0.0.52
Now if I scan 10.0.0.51 and 10.0.0.52 using nmap then I should receive response,right?
On the same machine I have installed nmap.when I do a SynConnect or Syn stealth scan it does not show any of the machines as up.Even I am not getting ping replies from 10.0.0.51 and 10.0.0.52.
Please let me know where am I wrong????How do I know that the things I have setup are correct?I mean how can I check that arpd is replying to any requests in 10.0.0.0/8 n/w.
Thanks in advance
[ reply ]
Copyright 2010, SecurityFocus