Andy,
regarding your pinging problem, as far as I have understood, the machine
192.168.68.3 is your physical machine hosting honeyd, right?
If yes, you need to specify a virtual entry router, which is different
from 192.168.68.3, to your 10.0.0.0/24 virtual network. Let this entry
router be for example 192.168.68.100.
So you should create a template, in honeyd.config, for this entry router,
then bind the address 192.168.68.100 to this template.
And on your source machine (i.e. 192.168.68.13), you should set a routing
table entry: 10.0.0.0 mask 255.0.0.0 192.168.68.100
Hope this will work with you.
Best,
Johnny Awad
Master of Science in Information
and Telecommunications Technologies
- Athens Information Technology University -
> Found your book very helpful but have a problem setting honeyd up on
> windows machine
>
> 1. on win98/me receive ip_open: result too large
>
> 2. on win2k either receive no infomation using following command
> honeyd -d -p NMAP.PRINTS -x XPROBE2.CONF -a NMAP.ASSOC -f
> honeyd.config -i 1 10.0.0.0/24
>
> where honeyd.config contains
> ###example honeyd template-windows_98###
> #create and bind template
> #create and bind template
> create windows_98
> set windows_98 personality "Windows 98"
> annotate "Windows 98" finscan
> bind 10.0.0.3 windows_98
> #set port behavior
> set windows_98 default tcp action reset
> set windows_98 default udp action reset
> add windows_98 udp port 135 block
> add windows_98 udp port 137 block
> add windows_98 udp port 138 block
> add windows_98 udp port 389 block
> #add windows_98 tcp port 137 "sh c:\honeyd\scripts\netbios.sh"
> add windows_98 tcp port 135 open
> add windows_98 tcp port 137 open
> add windows_98 tcp port 139 open
> add windows_98 tcp port 5132 open
> #set template system variables
> set windows_98 uptime 343412
> set windows_98 uid 27218 gid 33876
> ###end of windows_98 example template###
> result is
>
> C:\honeyd>honeyd -d -p NMAP.PRINTS -x XPROBE2.CONF -a NMAP.ASSOC -f
> honeyd.config -i 1 10.0.0.0/24
> listening on \Device\NPF_{AF2D94D6-40C2-4AB7-B377-F36019F95CEA}: ip
> and (dst net 10.0.0.0/24) and not ether src 00:0a:e4:32:29:a7
> exiting on signal 2
> Terminate batch job (Y/N)? Terminate batch job (Y/N)?
>
>
> when I try to use a defaul config file as referenced in the book (as
> follows)
>
> ANNOTATE "Windows Millennium Edition v4.90.300"
> ANNOTATE "Microsoft Windows.NET Enterprise Server (build 3615 beta)"
> ANNOTATE "Windows 98"
> ANNOTATE "Windows 2000 SP2"
> ANNOTATE "Windows NT 4.0 SP 6a + hotfixes"
> ANNOTATE "Windows XP Pro"
>
> ###Set up Default Template###
> CREATE DEFAULT Default
> SET DEFAULT PERSONALITY "Windows Millennium Edition v4.90.300"
> SET DEFAULT Default TCP ACTION RESET
> SET DEFAULT Default UDP ACTION RESET
> ADD Default UDP PORT 135 BLOCK
> ADD Default UDP PORT 137 BLOCK
> ADD Default UDP PORT 138 BLOCK
> ADD Default TCP PORT 135 BLOCK
> ADD Default TCP PORT 137 BLOCK
> ADD Default TCP PORT 139 BLOCK
> SET Default UPTIME 111010
> SET Default UID 50603 GID 38706
>
> Receive
> d.cfg:1: parse error
> parsing configuration file failed
>
> Am trying to send ping 10.0.0.3 from a machine connected directly via RJ45
> cable
> (source machine has address 192.168.68.13 destination machine
> 192.168.68.3 and the src machine has extra routing 10.0.0.0 mask
> 255.0.0.0 192.168.68.3
>
> Can see the blocks leaving and arriving using windump but honeyd shows
> nothing
>
> Can you help?
>
> Andy Spencer
>
>
Received on Oct 24 2005
Intro
