https://wiki.koeln.ccc.de/index.php?title=Honeyd/Networking&feed=atom&action=history
Honeyd/Networking - Revision history
2024-03-28T15:54:31Z
Revision history for this page on the wiki
MediaWiki 1.30.1
https://wiki.koeln.ccc.de/index.php?title=Honeyd/Networking&diff=11629&oldid=prev
Mario Manno: added category
2004-10-18T23:27:14Z
<p>added category</p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr style="vertical-align: top;" lang="en">
<td colspan="2" style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: white; color:black; text-align: center;">Revision as of 23:27, 18 October 2004</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l65" >Line 65:</td>
<td colspan="2" class="diff-lineno">Line 65:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /usr/bin/honeyd -i lo 10.0.0.0/8</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /usr/bin/honeyd -i lo 10.0.0.0/8</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>[[Category:Hacks]]</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>[[Category:Hacks<ins class="diffchange diffchange-inline">]][[Category:Tools</ins>]]</div></td></tr>
<!-- diff cache key wikidb:diff:version:1.11a:oldid:2783:newid:11629 -->
</table>
Mario Manno
https://wiki.koeln.ccc.de/index.php?title=Honeyd/Networking&diff=2783&oldid=prev
81.173.165.56 at 23:13, 6 October 2004
2004-10-06T23:13:07Z
<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr style="vertical-align: top;" lang="en">
<td colspan="2" style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: white; color:black; text-align: center;">Revision as of 23:13, 6 October 2004</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l64" >Line 64:</td>
<td colspan="2" class="diff-lineno">Line 64:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>Started via</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>Started via</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /usr/bin/honeyd -i lo 10.0.0.0/8</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  /usr/bin/honeyd -i lo 10.0.0.0/8</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">[[Category:Hacks]]</ins></div></td></tr>
<!-- diff cache key wikidb:diff:version:1.11a:oldid:1935:newid:2783 -->
</table>
81.173.165.56
https://wiki.koeln.ccc.de/index.php?title=Honeyd/Networking&diff=1935&oldid=prev
Mario Manno: pasted from notes
2004-09-28T19:33:53Z
<p>pasted from notes</p>
<p><b>New page</b></p><div>= Honeyd Networking on Linux =<br />
Normaly, i.e. on a cisco router, you would just do a <br />
ip route 192.168.0.0 255.255.0.0 192.168.0.1<br />
<br />
If i try to add a route to my local subnet the honeynet host answers every ping with an additional icmp redirected package and does not show valid traceroutes. <br />
<br />
As far as i understand honeyd arp features they are only intended for mixed networks, meaning networks which contain valid hosts too.<br />
In my expirements honeyd arp would not work well with honeynets.<br />
The arp daemon excludes the host system from arp faking. This behaviour was disturbing all my efforts to run honeyd on a tap interface and add a route to this interface for the honeynet range.<br />
<br />
So i had to do bridging. (why do i always have to do bridging??)<br />
<br />
== Bridged Setup ==<br />
<br />
My home network is 10.2.2.0/24<br />
The honeynet is 192.168.0.0/24<br />
<br />
=== Router ===<br />
The router forwards packets to the honeynet machine.<br />
In case of a linux router the following worked for me.<br />
ifconfig eth0 down<br />
ifconfig eth1 down<br />
brctl addbr br0 # Setup bridging<br />
brctl addif br0 eth0 # client network<br />
brctl addif br0 eth1 # honeynet network<br />
ifconfig br0 up<br />
ip a add 10.2.2.6/24 dev br0 # ip so i can administer the bridge<br />
# is needed so i can set routes (whatever)<br />
ip ro add 10.2.2.0/24 dev br0 # route to local net<br />
ip ro add 192.168.0.0/16 dev br0 # route to honey net<br />
<br />
=== Client ===<br />
The bridge should take care of packets.<br />
<br />
ip a add 10.2.2.10/24 dev eth0<br />
ip ro add default dev eth0<br />
<br />
=== Honeynet ===<br />
<br />
Setup basic networking<br />
ip a add 192.168.0.1/24 dev eth0<br />
ip ro add default dev eth0<br />
<br />
This is my honeyd.conf<br />
route entry 192.168.0.1<br />
route 192.168.0.1 add net 192.168.4.0/24 192.168.4.1 latency 7ms loss 0.5<br />
route 192.168.4.1 link 192.168.4.0/24<br />
<br />
And the honeyd options<br />
/usr/bin/honeyd -i eth0 192.168.0.0/16<br />
<br />
== Localhost Setup ==<br />
The honeynet is 10.0.0.0/8<br />
<br />
=== Router ===<br />
ip ro add 10.0.0.0/8 dev lo<br />
<br />
=== Honeynet ===<br />
<br />
little change to honeyd for traceroute needed<br />
route entry 10.0.0.1<br />
+route 10.0.0.1 link 10.0.0.0/24<br />
<br />
Started via<br />
/usr/bin/honeyd -i lo 10.0.0.0/8</div>
Mario Manno