Difference between revisions of "Honeyd/Networking"

From C4 Wiki
Jump to: navigation, search
(added category)
Line 65: Line 65:
  /usr/bin/honeyd -i lo
  /usr/bin/honeyd -i lo

Latest revision as of 00:27, 19 October 2004

Honeyd Networking on Linux

Normaly, i.e. on a cisco router, you would just do a

ip route

If i try to add a route to my local subnet the honeynet host answers every ping with an additional icmp redirected package and does not show valid traceroutes.

As far as i understand honeyd arp features they are only intended for mixed networks, meaning networks which contain valid hosts too. In my expirements honeyd arp would not work well with honeynets. The arp daemon excludes the host system from arp faking. This behaviour was disturbing all my efforts to run honeyd on a tap interface and add a route to this interface for the honeynet range.

So i had to do bridging. (why do i always have to do bridging??)

Bridged Setup

My home network is The honeynet is


The router forwards packets to the honeynet machine. In case of a linux router the following worked for me.

ifconfig eth0 down
ifconfig eth1 down
brctl addbr br0                    # Setup bridging
brctl addif br0 eth0               # client network
brctl addif br0 eth1               # honeynet network
ifconfig br0 up
ip a  add dev br0      # ip so i can administer the bridge
                                   # is needed so i can set routes (whatever)
ip ro add dev br0      # route to local net
ip ro add dev br0   # route to honey net


The bridge should take care of packets.

ip a add dev eth0
ip ro add default dev eth0


Setup basic networking

ip a add dev eth0
ip ro add default dev eth0

This is my honeyd.conf

route entry
route add net latency 7ms loss 0.5
route link

And the honeyd options

/usr/bin/honeyd -i eth0

Localhost Setup

The honeynet is


ip ro add dev lo


little change to honeyd for traceroute needed

route entry
+route link

Started via

/usr/bin/honeyd -i lo