tuan anh thieu wrote:
> Hi Konrad !
> Thanks for your help !
> Let an attacker can scan my honeypot, my honeypot need an public ip.
> But my honeypot's NIC is host only.
> So how to assign a public ip for my honeypot ?
>
> Thanks
> Tuan
>
> 2011/5/10 <honeywall-requ...@public.honeynet.org
> <mailto:honeywall-requ...@public.honeynet.org>>
>
> Send Honeywall mailing list submissions to
> honeywall@public.honeynet.org
> <mailto:honeywall@public.honeynet.org>
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://public.honeynet.org/mailman/listinfo/honeywall
> or, via email, send a message with subject or body 'help' to
> honeywall-requ...@public.honeynet.org
> <mailto:honeywall-requ...@public.honeynet.org>
>
> You can reach the person managing the list at
> honeywall-ow...@public.honeynet.org
> <mailto:honeywall-ow...@public.honeynet.org>
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Honeywall digest..."
>
>
> Today's Topics:
>
> 1. Re: help pls, cannot ping to honeypot from honeywall (Konrad)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 09 May 2011 11:12:44 +0100
> From: Konrad <kon...@track666.com <mailto:kon...@track666.com>>
> Subject: Re: [Honeywall] help pls, cannot ping to honeypot from
> honeywall
> To: Mailing list for users and developers of the Honeywall
> <honeywall@public.honeynet.org
> <mailto:honeywall@public.honeynet.org>>
> Message-ID: <4dc7be1c.9000...@track666.com
> <mailto:4dc7be1c.9000...@track666.com>>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> Hi Tuan,
>
> Why do you want to ping hpot from honeywall?
>
> Default configuration for Hwall CDrom works as transparent bridge thus
> there must not be any IP addresses assigned to eth0/1 interfaces.
> Once the Honeypot is compromised, an attacker may start scanning
> internal network.
>
> When Hwall IPs is/are found it may compromise the whole of having
> transparent bridge/proxy.
> The only IP address in Honeywall should be on management interface so
> you have done correctly.
> Perhaps you would like to read some Honeywall docs.
>
>
> May I suggest the paper I have used for my Honours project.
>
> http://seat.massey.ac.nz/projects/honeynet/Fahim-latest-paper.pdf
>
> Hope that helps
>
> All the best
>
> Konrad Kaluszynski
>
> tuan anh thieu wrote:
> > Hello !
> >
> > Please help me to solve this problem: I try to ping from
> HoneyWall to
> > honeypot but it is not accepted. I think my configuration got
> mistake
> > but I don?t know where it is. Thanks you in advance.
> >
> > I?m using HoneyWall 1.4 (newest) and VMWare 7.1.2 with:
> > Vmnet0 : auto bridged
> > Vmnet1 : Host Only with subnetmask 192.168.44.0
> > Here is my configuration of HoneyWall :
> > Honeypot IP address : 192.168.44.130
> > The Honeynet network in CIDR : 192.168.44.0/24
> <http://192.168.44.0/24> <http://192.168.44.0/24>
> > The broadcast address for honeypots public IP addresses :
> 192.168.44.255
> >
> > The IP address of the management interface : 192.168.1.66
> > The network mask of the management interface IP : 255.255.255.0
> > The default gateway for the management interface IP : 192.168.1.1
> > The IP addresses of DNS server that management interface will use :
> > 192.168.1.1
> >
> > Servers to which honeypots must have unlimited access : 192.168.1.1
> > Gateway IP address for destination IP address of sebek packets :
> > 192.168.44.253
> > its default port : 1101
> >
> > Then I add IP for each NIC:
> > - eth0 : 192.168.1.100
> > - eth1 : 192.168.44.1
> > - eth2 : 192.168.1.66 accessible at https://192.168.1.66/
> >
> > I use 1 honeypot with WindowXP ( I call it Pot1) and installed sebek
> > client
> > - NIC : Host Only 192.168.44.130
> >
> > The rule for HoneyWall:
> > #echo 1 > /proc/sys/net/ipv4/ip_forward
> > #iptables ?t nat ?A PREROUTING ?i eth1 ?d 192.168.44.130 ?j DNAT
> > ?-to-detination 192.168.1.104
> > #iptables -A FORWARD -i eth1 -j ACCEPT
> > #iptables -A FORWARD -i eth0 -j ACCEPT
> >
> > When I ping:
> > - From HostPC to Pot1 : OK
> > - From Pot1 to eth1 ( HoneyWall) : OK (ping 192.168.44.1)
> > - From HostPC to Pot1 : OK (ping 192.168.44.130)
> > - From HoneyWall to Pot1: it?s not accepted!
> >
> > --
> > HEDSPI K52-IS3
> > Thi?u Tu?n Anh
> > Tel : 01696068694 - 0934443137
> > Skype : tuananhis3
> > Email : tuananh.hed...@gmail.com
> <mailto:tuananh.hed...@gmail.com> <mailto:tuananh.hed...@gmail.com
> <mailto:tuananh.hed...@gmail.com>>
> >
> >
> ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Honeywall mailing list
> > Honeywall@public.honeynet.org <mailto:Honeywall@public.honeynet.org>
> > https://public.honeynet.org/mailman/listinfo/honeywall
> >
>
>
>
> ------------------------------
>
> _______________________________________________
> Honeywall mailing list
> Honeywall@public.honeynet.org <mailto:Honeywall@public.honeynet.org>
> https://public.honeynet.org/mailman/listinfo/honeywall
>
>
> End of Honeywall Digest, Vol 48, Issue 2
> ****************************************
>
>
>
>
> --
> HEDSPI K52-IS3
> Thiều Tuấn Anh
> Tel : 01696068694 - 0934443137
> Skype : tuananhis3
> Email : tuananh.hed...@gmail.com <mailto:tuananh.hed...@gmail.com>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Honeywall mailing list
> Honeywall@public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/honeywall
>
Hi Tuan,
To assign a public IP to your honeypot you need to use your internet router.
Suppose you have www server on honeypot1(ip 10.1.1.1) and you want to
"expose it" to Internet traffic.
- check what is default www service port on your server (usually 80)
- log on to internet/broadband router
- redirect all "incoming" traffic (port 80/WWW) to IP of your hpot
(10.1.1.1)
- check that hpot firewall is not blocking www traffic
Now, all TCP requests coming from Internet towards the IP of your
router/broadband, port 80, should be relayed to your hpot.
Also, on the Honeywall, check Limiting Outgoing Connections option as
limits the amount of TCP packets that are allowed FROM your honeypot to
Internet.
If your ISP is blocking incoming traffic ,as they do not want home users
to run servers, you may not achieve your goal.
From the security stand point, you need to be aware of some legal problems.
If your Honeypot is compromised and becomes a part of Botnet, you may
be liable of any damages that were inflicted on systems on the Internet.
If you come across any problems, let me know.
Hope that helps
Konrad Kaluszynski
_______________________________________________
Honeywall mailing list
Honeywall@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/honeywall
