real ip with honeyd

HI,

I WAS TRYING TO SEE THE ATTACKERS BEHAVIOUR AND DEPLOYED A
HONEYD TO A 
MACHINE. BUT I GAVE REAL IPS TO THE SIMULATED SYSTEMS, SO
THE BIND PARTS HAVE 
REAL IPS. I HAD A ARPD PROBLEM ALSO SO I COULDNT MAKE IT
WORK, DOES HONEYD 
WORK WITH REAL IPS?

ACCORDING TO THE EXPLANATIONS, HONEYD IS DEPLOYED TO A REAL
IP MACHINE. I SAW 
SOME LOG ENTRIES THAT A REAL IP WAS TRYING TO REACH TO ONE
OF THE SIMULATED 
MACHINES, SO HOW DO THE ATTACKERS SEE THOSE SIMULATED IPS?

THANX.

-- 
O?UZ YAR?MTEPE
HTTP://WWW.YARIMTEPE.COM

If ou don't use Arpd, which will respond to the requests for
the virtual IP addresses, then you have to configure a
router to get the requests to the fake IP addresses to the
host machine.

Roger

************************************************************
*****
*Roger A. Grimes, InfoWorld, Security Columnist 
*CPA, CISSP, CISA, MCSE: Security (2000/2003), CEH,
yada...yada...
*email: roger_grimesinfoworld.com or rogerbanneretcs.com
*Author of Windows Vista Security: Securing Vista Against
Malicious Attacks (Wiley)
*http://www.amazon.com/Windows-Vista
-Security-Securing-Malicious/dp/0470101555
************************************************************
*****


-----Original Message-----
From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com] On Behalf Of Oguz Yarimtepe
Sent: Friday, September 14, 2007 10:31 PM
To: honeypotssecurityfocus.com
Subject: real ip with honeyd

Hi,

I was trying to see the attackers behaviour and deployed a
honeyd to a machine. But i gave real ips to the simulated
systems, so the bind parts have real ips. I had a arpd
problem also so i couldnt make it work, does honeyd work
with real ips?

According to the explanations, honeyd is deployed to a real
ip machine. I saw some log entries that a real ip was trying
to reach to one of the simulated machines, so how do the
attackers see those simulated ips?

Thanx.

--
Oğuz Yarımtepe
http://www.yarimtepe.com