bala150985
commented
10 years ago Alternatively the short-cut in the bind also did not work.
create default set default default tcp action block set default default udp action block set default default icmp action block
create linux set linux personality "Linux 2.6.20-1 (Fedora Core 5)" set linux ethernet "cisco" add linux tcp port 22 "/etc/honeyd/echo.sh"
dynamic magichost
add magichost use linux if source ip = 192.168.1.2
add magichost otherwise use default
bind 192.168.1.160 magichost
bind source ip = 192.168.1.3/32 192.168.1.160 linux bind source ip = 192.168.1.2/32 192.168.1.160 default
The following is my configure file for honeyd, I cannot get honeyd reply with an icmp even when the source is from 192.168.1.2. I did check to see that interface on which honeyd is running is receiving ARP request for who has 192.168.1.160.
create default set default default tcp action block set default default udp action block set default default icmp action block
create linux set linux personality "Linux 2.6.20-1 (Fedora Core 5)" set linux ethernet "cisco" add linux tcp port 22 "/etc/honeyd/echo.sh"
dynamic magichost add magichost use linux if source ip = 192.168.1.2 add magichost otherwise use default
bind 192.168.1.160 magichost
honeyd -d -f demo3 -p nmap-os-db -l log/honeyd.log -s log/service.log -i eth2 192.168.1.160 Honeyd V1.6d Copyright (c) 2002-2007 Niels Provos honeyd[2456]: started with -d -f demo3 -p nmap-os-db -l log/honeyd.log -s log/service.log -i eth2 192.168.1.160 honeyd[2456]: listening promiscuously on eth2: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip and (host 192.168.1.160))) and not ether src 08:00:27:f8:f0:2e honeyd[2456]: Demoting process privileges to uid 65534, gid 65534 ^Choneyd[2456]: exiting on signal 2