|
Honeypots
mailing list archives
Unusually problems with honeywall
From: "Ivica Maric" <imaravk () gmail com>
Date: Thu, 23 Mar 2006 17:25:04 +0100
Hi all!
My name is Ivica Maric and I am undergraduate student of Faculty of
Electrical Engeneering and Computing (www.fer.hr), Zagreb, Croatia. My
diplomma thesis is Honeynet and its usage in the real world.
I installed Honeynet CD (latest roo release) from www.honeynet.org to
one computer. Another computer is honeypot (Windows 2000). Honeywall
contains 3 network interfaces-eth0, eth1, eth2 where eth2 is managment
interface. I have read Honeywall CDROM Online manual, some whitepapers
linked to honeypot concept etc.
I have few problems with my configuration:
First problem is with yum update: i update first roo-base (to bypass
bug #423), after that I update entire honeywall (yum update). After
system rebooted p0f (Passive OS fingerprinting) service is [FAILED]. I
don't know why that happens.
Second problem: When I remove Snort or Snort_inline rule from Walleye
interface Snort and Snort_inline does not work anymore. I got [FAILED]
at boot time.
Third problem: My honeywall monitoring not only honeypot, but also
another computers that are active on the network. I presume that is
not desirable behavior. I properly connected honeypot, trough switch,
to eth1 (internally interface) and eth0 to public network.
I appreciate any assistance or advice! Thank you for your time!
Best regards,
Ivica Maric
FER (www.fer.hr)
Zagreb
Croatia
 By Date 
By Thread
Current thread:
- Unusually problems with honeywall Ivica Maric (Mar 23)
|
Intro
