Honeypots: Re: Honeyd, dummy interface, default actions

[LECLERCQ Eric RD-MAPS-ISS <eric.leclercq () francetelecom com>]

Hi,

Hauguet, Francis wrote:
> If you don't care having your virtual box using the same subnet as the 
> host, you can use the "ethernet" keyword in your config file. If you 
> have to use a different subnet, you may try to use a tun/tap virtual 
> interface.
It's a box using dialup/ADSL for example, I don't own the subnet :)
I'll have a look at tun/tap, as opposed to dummy.

> > Full honeyd.conf:
> >
> > create honey
> > set honey personality "Microsoft Windows XP Professional SP1"
> > set honey default icmp action open
> > set honey default udp action "echo udp"
> > set honey default tcp action" echo tcp"
> >
> > Also there doesn't seem to be any way for the script to know the 
> > protocol used for the connection, couldn't there be a HONEYD_IP_PROTO 
> > environment variable passed to the scripts?
>
> Humm, seems you have answered your own question with your example ;)
> (use a != argument for a script used with tcp and a script used with udp).
I don't get it :) This seems like a Honeyd bug since "echo tcp" is 
started for both TCP and UDP connections.
And alas there is no HONEYD_IP_PROTO variable.

Ciao
--
Eric