Honeypots: Re: Openbsd firewall

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Honeypots mailing list archives

Re: Openbsd firewall

From: "Travis Boucher" <tbone () tbone ca>
Date: Thu, 29 Jul 2004 22:33:34 -0700

I don't see why you couldn't limit it below 5.6Kb.  If you are running 
multiple honeypots, I'd suggest setting up a single queue with the total 
bandwidth you'll allow to all of the honeypots (20Kb for example), then use 
sub-queues for each target machine:

eg. (/etc/pf.conf)

# Start

hp_if=fxp2
hpa=192.168.0.1
hpb=192.168.0.2
hpb=192.168.0.3

altq on $hp_if cbq bandwidth 20Kb {hp_nomatch, qhpa, qhpb, qhba}
queue hp_nomatch bandwidth 1%
queue   qhpa bandwidth 5%
queue   qhpb bandwidth 5%
queue   qhpc bandwidth 5%

pass in from any to $hpa queue qhpa
pass in from any to $hpb queue qhpb
pass in from any to $hpc queue qhpc

# End

That should effectivly limit each honeypot to 1Kbps.  This is assuming you 
are using pf and altq for bandwidth limiting.  You could also use some 
userspace bandwidth throttling capable tools (openvpn comes to mind).

On Thu, 29 Jul 2004 15:55:17 -0500, joe smith wrote

I currently testing an openbsd gateway/firewall for my honeypot 
setup.  I'm limiting the amount of bandwidth for each honey pot. 
 Does anyone know why I can not set it below 5.6 kilobits?

Thanks
J

By Date By Thread

Current thread:

Openbsd firewall joe smith (Jul 29)
- Re: Openbsd firewall victor calzado (Jul 30)
- Re: Openbsd firewall Travis Boucher (Jul 30)
- Re: Openbsd firewall Alexandre Dulaunoy (Aug 02)
  - Re: Openbsd firewall joe smith (Aug 02)