Honeypots
Honeyd initial configuration Sep 06 2007 11:23AM
paavan shah gmail com
hello all!!

I am a newbie to honeypots.To learn honeypots I have installed honeyd 1.5c and arpd 0.2 on Fedora Core 4 VM.All the installation has been done successfully.

Now to test the honeyd installation I do following as per the paper "simulating networks with honeyd"

My honeyd ip is 10.0.0.1.I have setup my Fedora machine ip to 10.0.0.1 for this.

#arpd 10.0.0.0/8

contents of the honeyd.conf file I have created is:

create windows

set windows personality "Microsoft Windows XP Professional SP1"

add windows tcp port 139 open

add windows tcp port 137 open

add windows udp port 137 open

add windows udp port 135 open

set windows default tcp action reset

set windows default udp action reset

bind 10.0.0.51 windows

bind 10.0.0.52 windows

then I run honeyd with following command

#honeyd -f honeyd.conf 10.0.0.51-10.0.0.52

Now if I scan 10.0.0.51 and 10.0.0.52 using nmap then I should receive response,right?

On the same machine I have installed nmap.when I do a SynConnect or Syn stealth scan it does not show any of the machines as up.Even I am not getting ping replies from 10.0.0.51 and 10.0.0.52.

Please let me know where am I wrong????How do I know that the things I have setup are correct?I mean how can I check that arpd is replying to any requests in 10.0.0.0/8 n/w.

Thanks in advance

Paavan.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus