Re: basic honeynet question

[mat <mr () simla colostate edu>]

ahhh... so the roo installation just analyzes and logs the activity, i 
need to set up another machine which has all the services on it and is 
actually the 'honeypot'?


Hugo Francisco González Robledo wrote:
> Ok, you need a bridge between eth0 and eth1.
> And need configure the cards to have something like this :
>
>                 ___________________
> honeynet <-->  | (eth1)---- (eth0) | <--> Internet
>                |      eth2         |
>                ---------------------
>                        Admin
>
> it's like firewall for the honeynet.
>
> The bridge acts to examine and pass packets from honeynet to Internet.
>
> Regards,
>
>
>
> On Thu, Apr 06, 2006 at 10:50:06AM -0000, mr () simla colostate edu wrote:
>   
> > im using the roo installation from www.honeynet.org and am having trouble understanding how the NIC cards are supposed to be set up.  they say 
> >
> > * eth0 is the "Internet" or outside Interface
> > * eth1 is the LAN interface (Honeypot side)
> > * eth2 is the Management interface
> > * br0 is the virtual bridge interface (eth0 + eth1)
> >
> > but i dont completly understand what that means.  is eth0 where the incoming connection comes, then eth1 is where the 
> > outbound packets are sent? also, do i need to set up a gateway before the honeypot? or can i user a router? im just 
> > really confused about how the physical networking is supposed to be done.  could someone give me some help?  thanks in 
> > advance
> >     
>
>