Honeypots mailing list archives
Re: honeyd- single IP Address
From: Fabian Bieker <fabian.bieker () web de>
Date: Sat, 31 Jan 2004 14:51:38 +0100
On Fri, Jan 30, 2004 at 03:45:31PM +0530, Aluru Madhuri wrote:
Hi,
Hi,
My Question: I want to simulate all tcp ports listening(just receiving syn packets, sending syn+ack packets and if required when we send some data we expect an ack from honey pot, nothing more). will this be possible ?
yes.
if so how ?
You create a honeyd template in honeyd.conf like this: create host1 set host1 host1 tcp action open set host1 host1 udp action open set host1 host1 icmp action open bind <your_ip_addr> host1 Now you use Linux netfilter etc. to drop all incoming conncections to your host. Now honeyd can answer them, without getting the connections RSTed etc. by the real host. No arpd needed. Maybee you want to have a look at honeyd's trapit features. Hope this helps, fabian -- BOFH excuse #436: Daemon escaped from pentagram
Attachment:
signature.asc
Description: Digital signature
Current thread:
- honeyd- single IP Address Aluru Madhuri (Jan 29)
- Re: honeyd- single IP Address Ravi (Jan 30)
- Re: honeyd- single IP Address Aluru Madhuri (Jan 30)
- Re: honeyd- single IP Address ravivsn (Jan 31)
- Re: honeyd- single IP Address Aluru Madhuri (Jan 30)
- Message not available
- Re: honeyd- single IP Address Aluru Madhuri (Jan 30)
- Re: honeyd- single IP Address Fabian Bieker (Jan 31)
- Re: honeyd- single IP Address Aluru Madhuri (Jan 30)
- Re: honeyd- single IP Address Ravi (Jan 30)