Run the the Honeypot « Project Construction Site

Run the the Honeypot

By jsliw

This is my honeyd configuration:

route entry 10.0.0.1
route 10.0.0.1 link 10.0.0.0/24
route 10.0.0.1 add net 10.1.0.0/16 10.1.0.1 latency 55ms loss 0.1
route 10.0.0.1 add net 10.2.0.0/16 10.2.0.1 latency 20ms loss 0.1
route 10.0.0.1 add net 10.3.0.0/16 10.2.0.1 latency 20ms loss 0.1
route 10.1.0.1 link 10.1.0.0/24
route 10.2.0.1 link 10.2.0.0/24
route 10.2.0.1 add net 10.3.0.0/16 10.3.0.1 latency 10ms loss 0.1
route 10.3.0.1 link 10.3.0.0/16

create routerone
set routerone personality “Cisco 7206 running IOS 11.1(24)”
set routerone default tcp action reset
add routerone tcp port 23 “scripts/router-telnet.pl”
bind 10.0.0.1 routerone

create routertwo
set routertwo personality “Cisco 762 Non-IOS Software release 4.1(2) or 766 ISDN router”
set routertwo default tcp action reset
add routertwo tcp port 23 “scripts/router-telnet.pl”
bind 10.1.0.1 routertwo

# Example of a simple host template and its binding
create default
set default personality “FreeBSD 2.2.1-STABLE”
set default default tcp action reset
add default tcp port 80 “sh scripts/web.sh”
add default tcp port 22 “sh scripts/test.sh”
add default tcp port 113 open
add default tcp port 1 open
bind 10.2.0.1 default

create allopen
set allopen personality “NetBSD 1.5.2 running on a Commodore Amiga (68040 processor)”
set allopen default tcp action reset
add allopen tcp port 80 “sh scripts/web.sh”
add allopen tcp port 113 open
add allopen tcp port 1 open
bind 10.0.0.10 allopen

create template
set template personality “Check Point FireWall-1 4.0 SP-5 (IPSO build)”
add template tcp port 80 “sh scripts/web.sh”
add template tcp port 23 open
add template tcp port 22 “sh scripts/test.sh”
set template default tcp action reset
set template uid 32767
bind 10.1.0.2 template

#bind 10.3.0.1 routerone
#bind 10.2.0.5 allopen
Router site:
set destination as network to reach.gateway as machine.

ID Destination Netmask Gateway Interface
1 10.0.0.0 255.0.0.0 192.168.1.2

Run the honeyd with this command:

#honeyd -df config.localhost -p nmap.prints -x xprobe2.conf -a nmap.assoc -l /var/log/honeyd -i eth0 10.0.0.0/8 Honeyd V1.5b Copyright (c) 2002-2004 Niels Provos
honeyd[7232]: started with -df config.localhost -p nmap.prints -x xprobe2.conf -a nmap.assoc -l /var/log/honeyd -i eth0 10.0.0.0/8
Warning: Impossible SI range in Class fingerprint “IBM OS/400 V4R2M0″
Warning: Impossible SI range in Class fingerprint “Microsoft Windows NT 4.0 SP3″honeyd[7232]: listening promiscuously on eth0: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip and (net 10.0.0.0/8))) and not ether src 00:17:31:b6:9a:a1
honeyd[7232]: Running with root privileges.

This entry was posted on March 26, 2007 at 1:55 am and is filed under I m Serious!. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Project Construction Site

Run the the Honeypot

Leave a Reply