hello all!!
I am a newbie to honeypots.To learn honeypots I have
installed honeyd 1.5c and arpd 0.2 on Fedora Core 4 VM.All
the installation has been done successfully.
Now to test the honeyd installation I do following as per
the paper "simulating networks with honeyd"
My honeyd ip is 10.0.0.1.I have setup my Fedora machine ip
to 10.0.0.1 for this.
#arpd 10.0.0.0/8
contents of the honeyd.conf file I have created is:
create windows
set windows personality "Microsoft Windows XP
Professional SP1"
add windows tcp port 139 open
add windows tcp port 137 open
add windows udp port 137 open
add windows udp port 135 open
set windows default tcp action reset
set windows default udp action reset
bind 10.0.0.51 windows
bind 10.0.0.52 windows
then I run honeyd with following command
#honeyd -f honeyd.conf 10.0.0.51-10.0.0.52
Now if I scan 10.0.0.51 and 10.0.0.52 using nmap then I
should receive response,right?
On the same machine I have installed nmap.when I do a
SynConnect or Syn stealth scan it does not show any of the
machines as up.Even I am not getting ping replies from
10.0.0.51 and 10.0.0.52.
Please let me know where am I wrong????How do I know that
the things I have setup are correct?I mean how can I check
that arpd is replying to any requests in 10.0.0.0/8 n/w.
Thanks in advance
Paavan.
|