Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Honeypots: honeyd compile error 1.0 and 0.8b

honeyd compile error 1.0 and 0.8b

From: Ivan Rivera <esteban_uria_at_yahoo.com>
Date: Fri, 8 Apr 2005 22:29:07 -0700 (PDT)

Hi
I try to compile different version of honeyd (1.0 and
0.8b). I compile and install the following software

libdnet 1.10 (OK)
libevent 1.0c (OK)
libpcap 0.8.3 (OK)

I run ldconfig in the directory of libdnet and when I
try to compile honeyd i get the following error
message.

checking for working addr_cmp in libdnet... configure:
error: you need to install a more recent version of
libdnet

I specify the --with-libdnet=/usr/local but i get the
same error message.

I check documentation but all the documentation do not
say anything about this error, I think is a commond
error message, and i apply all the steps that i found
in the internet to fix this problem but I do not get
the right compile

Why I need to install another version more recent that
i have in my computer? I use 1.10

Do you have any idea?

Thanks for you help

Ivan

--- James Oliver <686f6e6579_at_gmail.com> wrote:
> Hi,
>
> I'm running honeyd (1.0) with a host based on the
> "Linux 2.4.20"
> personality. A firewall (iptables 1.2.9) drops all
> new outgoing
> connections. When I try to ping this Linux host from
> outside the
> firewall always drops the packet, stating this is a
> new connection.
>
> I have analysed the ICMP Echo Replies honeyd sends
> for the "Linux
> 2.4.20" personality and the Code field is set to 1,
> even if the ICMP
> Echo Request's Code field is 0.
>
> In
>
http://www.networkmagazine.com/shared/printableArticle.jhtml?articleID=8702910
> it is stated that Linux doesn't change the code
> field, so I'm
> wondering why this happens. I have analysed my own
> ICMP Echo
> Requests/Replies and looked at
> /usr/src/linux/net/ipv4/icmp.c to have
> a look at the Linux ICMP code. This code is the same
> as the one in the
> Linux 2.4.20 sources, so the behaviour should be the
> same AFAIK.
>
> Therefore I have now modified my
> /usr/share/honeyd/xprobe2.conf in line 237 to
>
> icmp_echo_code = 0
>
> instead of
>
> icmp_echo_code = !0
>
> After this change the firewall accepts the ICMP Echo
> Replies of
> honeyd's Linux 2.4.20 personality. Nevertheless it
> now always changes
> the ICMP Echo Replie Code always to 0 which is not
> Linux behaviour.
>
> Is the behavior in the original xprobe2.conf
> intended? Is there a
> mistake on my side?
>
> Thanks for your suggestions,
> James
>

IvAn =^)
esteban_uria_at_yahoo.com
Received on Apr 09 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]