Honeypots
real ip with honeyd Sep 15 2007 02:30AM
O─?uz Yar─▒mtepe (comp ogz gmail com) (1 replies)
RE: real ip with honeyd Sep 18 2007 11:48AM
Roger A. Grimes (roger banneretcs com)
If ou don't use Arpd, which will respond to the requests for the virtual IP addresses, then you have to configure a router to get the requests to the fake IP addresses to the host machine.

Roger

*****************************************************************
*Roger A. Grimes, InfoWorld, Security Columnist
*CPA, CISSP, CISA, MCSE: Security (2000/2003), CEH, yada...yada...
*email: roger_grimes (at) infoworld (dot) com [email concealed] or roger (at) banneretcs (dot) com [email concealed]
*Author of Windows Vista Security: Securing Vista Against Malicious Attacks (Wiley)
*http://www.amazon.com/Windows-Vista-Security-Securing-Malicious/dp/0470
101555
*****************************************************************

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Oguz Yarimtepe
Sent: Friday, September 14, 2007 10:31 PM
To: honeypots (at) securityfocus (dot) com [email concealed]
Subject: real ip with honeyd

Hi,

I was trying to see the attackers behaviour and deployed a honeyd to a machine. But i gave real ips to the simulated systems, so the bind parts have real ips. I had a arpd problem also so i couldnt make it work, does honeyd work with real ips?

According to the explanations, honeyd is deployed to a real ip machine. I saw some log entries that a real ip was trying to reach to one of the simulated machines, so how do the attackers see those simulated ips?

Thanx.

--
Oðuz Yarýmtepe
http://www.yarimtepe.com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus