Patrick Chambet wrote:
> The individual tools are:
>
> - FakeNetbiosDGM (NetBIOS Datagram)
> - FakeNetbiosNS (NetBIOS Name Service)
>
> Each tool can be used as a standalone tool or as a honeyd responder or
> subsystem.
Hello all,
please note that in order to use those tools with honeyd, you may need
to apply some patchs to honeyd src and use a custom version or honeyd
won't be able to deliver broadcast packet (needed by NB-dgm).
These patchs are diffed from honeyd 1.0 (last stable release) and can be
found here :
https://bugs.honeynet.org/show_bug.cgi?id=130
https://bugs.honeynet.org/show_bug.cgi?id=131
You can probably apply them on the latest release candidate without to
much harm.
please note that those patchs are totally unsupported by honeyd author.
caveat : as you may have seen in the second patch, the behavior is
correct only with a /24 network. this probably works with a < /24
network but you may want to change the following line, according to your
config :
if((ntohl(dst_pa->addr_ip)&0xff)==0xff) { /*XXX*/
By the way, using only one honeyd box and being able to see a bunch of
hosts with != ether addr, != ip addr populating the Windows "Network
Places" using a custom domain really kicks a**.
way to go patrick !
regards,
--
Francis
Received on Oct 19 2005
Intro
