Honeypots mailing list archives
question about honeyd 0.6a (linux)
From: Han Xu <xuhan () cc gatech edu>
Date: Sun, 21 Sep 2003 17:06:18 -0400 (EDT)
Hi, I installed honeyd 0.6a on a Redhat Linux 7.1. Everything runs well except one thing. I cannot let honeyd to capture the communications from the same host. The detail is: The host IP is 10.1.1.11, Honeyd simulates 10.1.1.1 - 10.1.1.255. 10.1.1.100 is one of the virtual hosts that don't exist on the LAN. When I ran "telnet 10.1.1.100" from another Linux on the same LAN, the honeyd captured the request and logged it. But when I ran the same thing from the local host (where the honeyd is running), I got "No route" and honeyd seems do nothing with the packet. I noticed that, by default, arpd and honeyd ignore the src MAC address by setting the filter to pcap. So I modified the source code to remove that filter. Now the arpd shows it replies to "10.1.1.100", but nothing more. Any ideas ? Thanks in advance. Han Xu
Current thread:
- InfoSec Writers - requesting honeypot papers Von Spangler (Sep 21)
- question about honeyd 0.6a (linux) Han Xu (Sep 21)
- Re: question about honeyd 0.6a (linux) oudot (Sep 21)
- Re: question about honeyd 0.6a (linux) Han Xu (Sep 23)
- Re: question about honeyd 0.6a (linux) Christopher J Carella (Sep 23)
- Re: question about honeyd 0.6a (linux) oudot (Sep 21)
- question about honeyd 0.6a (linux) Han Xu (Sep 21)