RE: GenII Honeynet with NAT

["Andre Derek Protas" <randori82 () hotmail com>]

what about port forwarding on the firewall to make all traffic from the wan 
go to one machine.  this doesn't solve the problem of having two hosts 
behind nat, but maybe you could swap the machines once a week so that each 
is wan facing.

may work, may not...just an idea.

   ::Andre Derek Protas::
::www.randorisecurity.com::

If ignorant both of your enemy and yourself, you are certain to be in peril. 
-Sun Tzu

wh

> From: "Martin Kristensen" <martink () student hin no>
> To: <honeypots () securityfocus com>
> Subject: GenII Honeynet with NAT
> Date: Tue, 1 Mar 2005 13:16:04 +0100
> MIME-Version: 1.0
> Received: from [205.206.231.26] ([205.206.231.26]) by MC8-F26.hotmail.com 
> with Microsoft SMTPSVC(6.0.3790.211); Tue, 1 Mar 2005 13:30:37 -0800
> Received: from no.name.available by [205.206.231.26]          via smtpd 
> (for [65.54.253.230] [65.54.253.230]) with ESMTP; Tue, 1 Mar 2005 13:30:38 
> -0800
> Received: from lists.securityfocus.com (lists.securityfocus.com 
> [205.206.231.19])by outgoing2.securityfocus.com (Postfix) with SMTP id 
> 8212F23FF93for <randori82 () hotmail com>; Tue,  1 Mar 2005 12:22:25 -0700 
> (MST)
> Received: (qmail 3390 invoked by alias); 1 Mar 2005 19:45:11 -0000
> Received: (qmail 8995 invoked from network); 1 Mar 2005 12:30:38 -0000
> X-Message-Info: JGTYoYF78jHnxrwbbf+VGWGk+/2lqQVprNeumNh9obU=
> Mailing-List: contact honeypots-help () securityfocus com; run by ezmlm
> Precedence: bulk
> X-No-Archive: yes
> List-Id: <honeypots.list-id.securityfocus.com>
> List-Post: <mailto:honeypots () securityfocus com>
> List-Help: <mailto:honeypots-help () securityfocus com>
> List-Unsubscribe: <mailto:honeypots-unsubscribe () securityfocus com>
> List-Subscribe: <mailto:honeypots-subscribe () securityfocus com>
> Delivered-To: mailing list honeypots () securityfocus com
> Delivered-To: moderator for honeypots () securityfocus com
> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: GenII Honeynet with 
> NAT
> Thread-Index: AcUeWHC34zk6WZY1RqmVEapM1JxBFQ==
> Content-class: urn:content-classes:message
> x-mimeole: Produced By Microsoft Exchange V6.5.7226.0
> Return-Path: honeypots-return-3168-randori82=hotmail.com () securityfocus com
> X-OriginalArrivalTime: 01 Mar 2005 21:30:39.0027 (UTC) 
> FILETIME=[E9C38830:01C51EA5]
>
>
> Hi everyone!
> We are two students who are studying the Honeynet technology for a project 
> we
> are doing.
> We have a question about the use of NAT.
> Our IT-administrator will provide the Internet access for us, but he will 
> not
> give us a public IP. He wants to use a router which performs NAT to the
> Honeynet, so the NAT will be performed before the Honeywall gateway.
> Will this be a problem for us with using the bridging mode and rc.firewall
> script?
>
> Use this link to see how our network looks:
> http://home.no/martinkr/design.jpg
>
>
> Thanks for any help!
>
> Regards
>
> Martin Kristensen
> martink () student hin no

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/