«
»

Expose honeypot to internet

By jsliw

I use this simple configuration file as my virtual machine.

————————————————————————————————

### Windows computers
create windows
set windows personality “Microsoft Windows NT 4.0 SP5-SP6″
set windows default tcp action reset
set windows default udp action reset
add windows tcp port 80 “scripts/iisemulator/iisemul8.pl”
add windows tcp port 139 open
add windows tcp port 137 open
add windows udp port 137 open
add windows udp port 135 open
set windows uptime 3284460
bind 192.168.1.11 windows

—————————————————————————————

At router site,i edit the routing table:

destination : 192.168.1.11 (Virtual machine)
netmask : 255.255.255.0
gateway : 192.168.1.2 (My box)

Enable the DMZ point to virtual machine (192.168.1.11).

————————————————————————————————

root@jason-desktop:/usr/local/share/honeyd# honeyd -df test1.conf -p nmap.prints -x xprobe2.conf -a nmap.assoc -l /var/log/honeyd -s /var/log/honeyd2 -i eth0 192.168.1.0/24
Honeyd V1.5b Copyright (c) 2002-2004 Niels Provos
honeyd[6805]: started with -df test1.conf -p nmap.prints -x xprobe2.conf -a nmap.assoc -l /var/log/honeyd -s /var/log/honeyd2 -i eth0 192.168.1.0/24
Warning: Impossible SI range in Class fingerprint “IBM OS/400 V4R2M0″
Warning: Impossible SI range in Class fingerprint “Microsoft Windows NT 4.0 SP3″honeyd[6805]: listening promiscuously on eth0: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip and (net 192.168.1.0/24))) and not ether src 00:17:31:b6:9a:a1
honeyd[6805]: Demoting process privileges to uid 65534, gid 65534
honeyd[6805]: Killing attempted connection: tcp (60.50.82.35:2394 – 192.168.1.11:445)
honeyd[6805]: Killing attempted connection: tcp (60.50.82.35:3735 – 192.168.1.11:135)
honeyd[6805]: Killing attempted connection: tcp (60.50.82.35:3735 – 192.168.1.11:135)
honeyd[6805]: Killing attempted connection: tcp (60.50.122.40:3575 – 192.168.1.11:445)
honeyd[6805]: Killing attempted connection: tcp (60.50.122.40:3575 – 192.168.1.11:445)
honeyd[6805]: Killing attempted connection: tcp (60.50.122.40:3575 – 192.168.1.11:445)
honeyd[6805]: Connection to closed port: udp (151.245.156.124:30576 – 192.168.1.11:1026)
honeyd[6805]: Killing attempted connection: tcp (60.50.251.93:3435 – 192.168.1.11:445)
honeyd[6805]: Killing attempted connection: tcp (60.50.251.93:3435 – 192.168.1.11:445)
honeyd[6805]: Connection to closed port: udp (125.78.181.59:20359 – 192.168.1.11:13547)
honeyd[6805]: Connection to closed port: udp (94.227.252.221:30576 – 192.168.1.11:1026)
honeyd[6805]: Killing attempted connection: tcp (60.50.82.35:1939 – 192.168.1.11:445)

This entry was posted on March 26, 2007 at 6:51 pm and is filed under I m Serious!. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply