Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
Honeypots
Back to list
|
Post reply
Running Honeyd on interface IP
Jul 22 2009 09:10AM
Evgeniy Arbatov (arbatovevgeniy gmail com)
Hello,
I have a question concerning the configuration of Honeyd IP address.
I want to make my honeypot visible by the IP address of host computer interface.
I have the following setup, within the same physical host:
1.1.1.1 (interface IP)-> 2.2.2.2 (honeyd IP)
So if I ssh to the honeyd, I want to ssh to 1.1.1.1.
I guess this is something that can be done with iptables, for example like this:
iptables -A FORWARD -s 1.1.1.1 -p tcp --dport 22 -d 2.2.2.2 -j ACCEPT
iptables -A INPUT -p tcp --sport 22 -j ACCEPT
I also add a route for 2.2.2.2 to be accessible from loopback:
route add -host 2.2.2.2 lo
Then I enable IP forwarding in /etc/sysctl.conf:
net.ipv4.ip_forward = 1
And in the configuration for Honeyd I say:
add sshhost tcp port 22 "./ssh.sh"
bind 2.2.2.2 sshhost
Finally, I run my Honeyd like this, binding it to my Loopback:
honeyd -d -l /tmp/honeypot/packet.log -f smtp.conf -i lo
But I am still unable to access port 22 of my honeypot. What can be missing?
I am running honeyd-1.5b. This is what I get by running Honeyd in the
debug mode:
honeyd[3388]: listening on lo: ip
honeyd[3388]: Demoting process privileges to uid 99, gid 99
honeyd[3388]: rrdtool returning errors - restarting.
honeyd[3388]: Respawing rrdtool too quickly
honeyd[3388]: Connection request: tcp (1.1.1.1:40805 - 1.1.1.1:22)
honeyd[3388]: Killing attempted connection: tcp (1.1.1.1:22 - 1.1.1.1:40805)
honeyd[3388]: Connection dropped by reset: tcp (1.1.1.1:40805 - 1.1.1.1:22)
honeyd[3388]: rrdtool returning errors - restarting.
honeyd[3388]: Respawing rrdtool too quickly
Thank you!
Regards,
Evgeniy
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
I have a question concerning the configuration of Honeyd IP address.
I want to make my honeypot visible by the IP address of host computer interface.
I have the following setup, within the same physical host:
1.1.1.1 (interface IP)-> 2.2.2.2 (honeyd IP)
So if I ssh to the honeyd, I want to ssh to 1.1.1.1.
I guess this is something that can be done with iptables, for example like this:
iptables -A FORWARD -s 1.1.1.1 -p tcp --dport 22 -d 2.2.2.2 -j ACCEPT
iptables -A INPUT -p tcp --sport 22 -j ACCEPT
I also add a route for 2.2.2.2 to be accessible from loopback:
route add -host 2.2.2.2 lo
Then I enable IP forwarding in /etc/sysctl.conf:
net.ipv4.ip_forward = 1
And in the configuration for Honeyd I say:
add sshhost tcp port 22 "./ssh.sh"
bind 2.2.2.2 sshhost
Finally, I run my Honeyd like this, binding it to my Loopback:
honeyd -d -l /tmp/honeypot/packet.log -f smtp.conf -i lo
But I am still unable to access port 22 of my honeypot. What can be missing?
I am running honeyd-1.5b. This is what I get by running Honeyd in the
debug mode:
honeyd[3388]: listening on lo: ip
honeyd[3388]: Demoting process privileges to uid 99, gid 99
honeyd[3388]: rrdtool returning errors - restarting.
honeyd[3388]: Respawing rrdtool too quickly
honeyd[3388]: Connection request: tcp (1.1.1.1:40805 - 1.1.1.1:22)
honeyd[3388]: Killing attempted connection: tcp (1.1.1.1:22 - 1.1.1.1:40805)
honeyd[3388]: Connection dropped by reset: tcp (1.1.1.1:40805 - 1.1.1.1:22)
honeyd[3388]: rrdtool returning errors - restarting.
honeyd[3388]: Respawing rrdtool too quickly
Thank you!
Regards,
Evgeniy
[ reply ]