|
Honeypots
mailing list archives
Honeyd - why this behavior
From: "Ivan Esteban Rivera Uria" <irivera () bnc-corp com>
Date: Tue, 19 Apr 2005 18:57:33 -0500
I donĀ“t know why honeyd has the following behavior.
I make my configuration file like this:
--># templates
-->create default
-->set default default tcp action block
-->set default default udp action block
-->
-->
-->
--># windows
-->create windowsxp
-->set windowsxp personality "Cisco Router/Switch with IOS 11.2"
-->set windowsxp default tcp action reset
-->set windowsxp default udp action reset
-->set windowsxp uptime 1728650
-->add windowsxp tcp port 80 proxy www.google.com:80
-->add windowsxp tcp port 135 open
-->add windowsxp tcp port 445 open
-->
--># router
-->create router
-->set router personality "Cisco 1601 (IOS 11.0) or DECbrouter90T1 (Runs
Cisco IOS 10.2(5))"
-->set router default tcp action reset
-->set router default udp action reset
-->add router tcp port 23 open
-->
-->bind 192.168.31.115 windowsxp
-->bind 192.168.31.116 router
-->bind 192.168.31.117 router
When I run nmap -sT -PT -PI -p 22-26 -T 192.168.31.117 , I get the following
information
-->Starting nmap V. 3.00 ( www.insecure.org/nmap )
-->Interesting ports on (192.168.31.117):
-->Port State Service
-->22/tcp filtered ssh
-->23/tcp open telnet
-->24/tcp filtered priv-mail
-->25/tcp open smtp
-->26/tcp filtered unknown
-->Nmap run completed -- 1 IP address (1 host up) scanned in 13 seconds
Why I see open more port, I do not make that configuration...
I make honeyd-1.0 in Fedora Core 3 box and the kernel version is
2.6.11-1-14_FC3. I use all new versions.
I execute the following command
# honeyd -d -p nmap.prints -f honeyd.conf2 -l honeyd.log -u 500 -g 500
--disable-webserver
I do not understand why this behavior... could you help me?
Thanks
Ivan
 By Date 
By Thread
Current thread:
- Honeyd - why this behavior Ivan Esteban Rivera Uria (Apr 19)
|
Intro
