Honeypots mailing list archives
honeyd and logging problem
From: "Andy Woods" <andywoods () mail com>
Date: Thu, 11 Mar 2004 09:58:38 -0500
3 problems/questions... 1) I am running honeyd 0.8 on a Gentoo linux platform and I am unable to log any data with the -l command line switch. Honeyd is run with 'honeyd -d -p nmap.prints -f honeyd.conf -a nmap.assoc -l /apps/logfile 192.168.1.10'... I've touched the file, and the verbose output from honeyd does open the file "honeyd_logstart: fopen("/apps/logfile"), but there is no data logged when i ping the box from another machine (not the virtual honeypot machine), nmap scan it, or connect to the honeypot through a telnet service i set up. Any suggestions? 2) I'm using the stock nmap and xprobe files and when I nmap my a virtual machine i set up, I'm unable to dectect the OS. Nmap spits out the TCP/IP fingerprint that it finds. I've set up a basic Linux and Cisco router that's been used in the forums and other documentation. create linux set linux personality "Linux 2.4.16 - 2.4.18" set linux default tcp action reset set linux default udp action reset add linux tcp port 1000 "sh scripts/pop/emulate-pop3.sh" add linux tcp port 21 "sh scripts/ftp.sh" bind 192.168.1.10 linux 3) When I run honeyd i receive a warning of "Warning: Impossible SI range in Class fingerprint "IBM OS/400 V4R2MO" "Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT 4.0 SP3" Wondering where this is coming from.... Haven't played around with the fingerprint files at all. Any suggestions would be greatly appreciated.
Current thread:
- honeyd and logging problem Andy Woods (Mar 11)