Honeypots mailing list archives
RE: ARP responding honey pot to any unused ip address
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Mon, 25 Apr 2005 10:39:03 -0400
Mosin, Honeyd is very customizable. While you can allow the behavior you describe below to take place, you can tell Honeyd (and Arpd) to behave differently. You can customize your Honeyd config file to only have static IP addresses and not to respond to all unknown IP addresses. It's flexible and you can design the behavior. Roger ************************************************************************ *** *Roger A. Grimes, Banneret Computer Security, Computer Security Consultant *CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), CEH, CHFI *email: roger () banneretcs com *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode *Author of Honeypots for Windows (Apress) *http://www.apress.com/book/bookDisplay.html?bID=281 ************************************************************************ **** -----Original Message----- From: mohsin saleem [mailto:mohsinsaleem36 () yahoo com] Sent: Sunday, April 24, 2005 6:23 PM To: honeypots () securityfocus com Subject: ARP responding honey pot to any unused ip address hi!! we are a group of friends working to implement honeyD for windows, or u can say trying to port it to windows. though we know it has been recently ported to windows, but we started this work couple of months ago, so not gonna leave this project now:) I have found some bug in it, as i discuss it : a hacker tries to find around 50 IP address in a network honeyD finds them to be acvailable. it acclaims them and starts commyunicating with hacker. hacker tests them all for being win2k professional. honey shows this nicely. Now any hacker having a bit of common sense will start laughing: 50 IPs + having HOST OS as WIN2K + OFFERING 100% same services!!! infact, 50 SERVERS OFFERING 100% SAME service ..OO MY GOD.. it never happens he will laugh. I dont know whether I'm right or wrong, please help me to ge things clear. thanx Mohsin Saleem ~*~ Elite Hacker from PAKISAN~*~ __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- ARP responding honey pot to any unused ip address mohsin saleem (Apr 24)
- Re: ARP responding honey pot to any unused ip address Valdis . Kletnieks (Apr 24)
- Re: ARP responding honey pot to any unused ip address sushant (Apr 24)
- <Possible follow-ups>
- RE: ARP responding honey pot to any unused ip address Roger A. Grimes (Apr 27)