Honeypots mailing list archives
Re: A simple questions on redirecting
From: <gconnell () middlebury edu>
Date: 29 Mar 2004 06:32:22 -0000
In-Reply-To: <20040204090709.30824.qmail () web21409 mail yahoo com> I may be misunderstanding your question, but it seems to me that all you need is arpd. arpd is a simple little program that looks at arp requests sent out by computers to IP addresses. If an IP is owned by a computer, it will respond to the request with an "arp response" packet saying where the computer is. If no computer responds within a certain time limit (3 secs?), arpd sends its own response, redirecting traffic to your computer (ie: honeypot). On the honeyd web page, http://www.citi.umich.edu/u/provos/honeyd/ go down under the Source Code heading, and you'll see a link for the source for arpd 0.2. Compile and install that, then check out the arpd man page, and you should be set. --Cleverduck
HI All, I am a beginner in using honeypot(honeyd) and I need to work it as my final year project. But I have encountered a big problems. Basically, I can deploy Honeyd but the question is how to redirect "malicious" trafic or IP to my honeypot? One method is to config Iptables but I don't who is going to attack me.So, I don't know the IP. Does it mean I need to combine snort and honeyd work together? or something like "intelligence" firewall? Any ideas? Please help!:) Fred PS My configuration Internet----Firewall----local network---honeypot Honeypot: Honeyd Platform: Linux(kernel >2.4)
Current thread:
- A simple questions on redirecting wanfat wu (Feb 06)
- Re: A simple questions on redirecting Fabian Bieker (Feb 07)
- <Possible follow-ups>
- Re: A simple questions on redirecting gconnell (Mar 28)