PherricOxide
commented
11 years ago Fixed in 6d9b112aace1613ba5e61d1b70b3fd04537c661b, but could use some more testing. For now there's no option to disable/enable it, all UDP broadcast packets are simply forwarded to the scripts.
Currently honeyd only processes packets going directly to a honeypot's IP address. In order to fully support things like NetBIOS, we need to be able to figure out the broadcast address for an interface and forward all broadcast packets to each Honeypot instance that should be affected by them. This also means that the scripts may need to do more checking to see if they should reply or not (think of FTP, it shouldn't reply to connection attempts from broadcast packets). Should we have some manner of registering broadcast scripts versus normal scripts? Or additional arguments to the scripts for letting them determine if it was a broadcast packet that triggered them so they can determine if they should reply or not.