Re: honeyd win32 and XP

["Leigh" <hst () iprimus com au>]

Might have something to do with the removal of raw sockets support in XP SP2 
(I too have been experiencing the same problems, on both SP1/SP2 beta).

Apparently MS have removed support for rawsock because "the only use for it 
is for people who write attack tools" according to the developers in their 
listserv. Not so. This is also strange because I am using software like 
Ethercap which also uses Winpcap/packet.dll and this works fine (yet honeyd 
does not and nmap will only work with TCP connect scans/-P0).

Please let me know how you get on. I have been playing around with various 
virtual pc's and emulators (like Cygwin/X and CoLinux) under XP in order to 
get the aforementioned working,  but to no avail., yet this is probably due 
to my inability more than anything else :)

Leigh
hst () iprimus com au
Melbourne, Australia
----- Original Message ----- 
From: "Jeff" <jeffduh99 () hotmail com>
To: <honeypots () securityfocus com>
Sent: Saturday, June 26, 2004 1:59 PM
Subject: honeyd win32 not responding to ping


> Hi all,
>
> I am attempting to run Honeyd win32 on Windows XP and am having a bit of 
> trouble.  It appears that everything is running properly.  However, I am 
> unable to ping the honeypot.  Here is the setup.
>
> create win2k
> set win2k personality "Windows 2000 server SP2"
> add win2k tcp port 80 "scripts/web.sh"
> set win2k default tcp action reset
> set win2k default udp action reset
>
> bind 192.168.0.2 win2k
> set 192.168.0.2 uptime 1327650
>
> When I start honeyd with this command "honeyd.exe -d -f 
> c:\tools\honeyd\honeyd.conf -l c:\tools\honeyd\log\log.txt" I get this 
> response "listening on \Device\NPF_{C3FF3A45-AC8E-48D5-8FD7-F4186D95A5A0}: 
> ip  and not ether src 00:e0:b8:6d:21:2d"
>
> When I try to ping 192.168.0.2, it does not respond.  Any ideas about 
> where I'm going wrong?  Any help is appreciated.  Thanks,
>
> Jeff